Vulnerability Summary for the Week of August 17, 2015
Released
Aug 24, 2015
Document ID
SB15-236
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| aegirproject -- hostmaster | The Hostmaster (Aegir) module 6.x-2.x before 6.x-2.4 and 7.x-3.x before 7.x-3.0-beta2 for Drupal allows remote attackers to execute arbitrary PHP code via a crafted file in the directory used to write Apache vhost files for hosted sites in a multi-site environment. | 2015-08-18 | 7.5 | CVE-2015-5501 MISC MLIST CONFIRM CONFIRM |
| apple -- mac_os_x | dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors. | 2015-08-16 | 7.2 | CVE-2015-3760 CONFIRM APPLE |
| apple -- mac_os_x | The kernel in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors. | 2015-08-16 | 7.2 | CVE-2015-3761 CONFIRM APPLE |
| apple -- mac_os_x | udf in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image. | 2015-08-16 | 7.2 | CVE-2015-3767 CONFIRM APPLE |
| apple -- iphone_os | Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls. | 2015-08-16 | 9.3 | CVE-2015-3768 CONFIRM CONFIRM APPLE APPLE |
| apple -- mac_os_x | IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3771 and CVE-2015-3772. | 2015-08-16 | 7.2 | CVE-2015-3769 CONFIRM APPLE |
| apple -- mac_os_x | IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5783. | 2015-08-16 | 9.3 | CVE-2015-3770 CONFIRM APPLE |
| apple -- mac_os_x | IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3772. | 2015-08-16 | 7.2 | CVE-2015-3771 CONFIRM APPLE |
| apple -- mac_os_x | IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3771. | 2015-08-16 | 7.2 | CVE-2015-3772 CONFIRM APPLE |
| apple -- mac_os_x | The SMB client in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | 2015-08-16 | 7.5 | CVE-2015-3773 CONFIRM APPLE |
| apple -- mac_os_x | Apple OS X before 10.10.5 does not properly implement authentication, which allows local users to obtain admin privileges via unspecified vectors. | 2015-08-16 | 7.2 | CVE-2015-3775 CONFIRM APPLE |
| apple -- iphone_os | IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist. | 2015-08-16 | 9.3 | CVE-2015-3776 CONFIRM CONFIRM APPLE APPLE |
| apple -- mac_os_x | Multiple buffer overflows in blued in the Bluetooth subsystem in Apple OS X before 10.10.5 allow local users to gain privileges via XPC messages. | 2015-08-16 | 7.2 | CVE-2015-3777 CONFIRM APPLE |
| apple -- mac_os_x | SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | 2015-08-16 | 7.5 | CVE-2015-3783 CONFIRM APPLE |
| apple -- iphone_os | libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message. | 2015-08-16 | 9.3 | CVE-2015-3795 CONFIRM CONFIRM APPLE APPLE |
| apple -- iphone_os | The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3797 and CVE-2015-3798. | 2015-08-16 | 7.5 | CVE-2015-3796 CONFIRM CONFIRM APPLE APPLE |
| apple -- iphone_os | The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3798. | 2015-08-16 | 7.5 | CVE-2015-3797 CONFIRM CONFIRM APPLE APPLE |
| apple -- iphone_os | The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3797. | 2015-08-16 | 7.5 | CVE-2015-3798 CONFIRM CONFIRM APPLE APPLE |
| apple -- mac_os_x | The Apple ID OD plug-in in Apple OS X before 10.10.5 allows attackers to change arbitrary user passwords via a crafted app. | 2015-08-16 | 9.3 | CVE-2015-3799 CONFIRM APPLE |
| apple -- iphone_os | The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image. | 2015-08-16 | 7.2 | CVE-2015-3800 CONFIRM CONFIRM APPLE APPLE |
| apple -- iphone_os | Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805. | 2015-08-16 | 7.2 | CVE-2015-3802 CONFIRM CONFIRM APPLE APPLE |
| apple -- iphone_os | Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file. | 2015-08-16 | 7.2 | CVE-2015-3803 CONFIRM CONFIRM APPLE APPLE |
| apple -- iphone_os | FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5756 and CVE-2015-5775. | 2015-08-16 | 7.5 | CVE-2015-3804 CONFIRM CONFIRM APPLE APPLE |
| apple -- iphone_os | Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802. | 2015-08-16 | 7.2 | CVE-2015-3805 CONFIRM CONFIRM APPLE APPLE |
| apple -- iphone_os | Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file. | 2015-08-16 | 7.2 | CVE-2015-3806 CONFIRM CONFIRM APPLE APPLE |
| apple -- mac_os_x | Data Detectors Engine in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted series of Unicode characters. | 2015-08-16 | 7.5 | CVE-2015-5750 CONFIRM APPLE |
| apple -- mac_os_x | Race condition in runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages incorrect privilege dropping associated with a locking error. | 2015-08-16 | 9.3 | CVE-2015-5754 CONFIRM APPLE |
| apple -- iphone_os | libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with locking. | 2015-08-16 | 9.3 | CVE-2015-5757 CONFIRM CONFIRM APPLE APPLE |
| apple -- mac_os_x | ntfs in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | 2015-08-16 | 7.2 | CVE-2015-5763 CONFIRM APPLE |
| apple -- iphone_os | The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video. | 2015-08-16 | 7.1 | CVE-2015-5769 CONFIRM APPLE |
| apple -- iphone_os | Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors. | 2015-08-16 | 7.2 | CVE-2015-5774 CONFIRM CONFIRM APPLE APPLE |
| apple -- iphone_os | FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756. | 2015-08-16 | 7.5 | CVE-2015-5775 CONFIRM CONFIRM APPLE APPLE |
| apple -- iphone_os | Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket. | 2015-08-16 | 7.5 | CVE-2015-5776 CONFIRM CONFIRM APPLE APPLE |
| apple -- quicktime | QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, and CVE-2015-5753. | 2015-08-16 | 7.5 | CVE-2015-5779 CONFIRM APPLE |
| apple -- mac_os_x | IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3770. | 2015-08-16 | 9.3 | CVE-2015-5783 CONFIRM APPLE |
| apple -- mac_os_x | runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | 2015-08-16 | 9.3 | CVE-2015-5784 CONFIRM APPLE |
| arabportal -- arab_portal | SQL injection vulnerability in Arab Portal 3 allows remote attackers to execute arbitrary SQL commands via the showemail parameter in a signup action to members.php. | 2015-08-18 | 7.5 | CVE-2015-6519 MISC EXPLOIT-DB MISC |
| cisco -- telepresence_video_communication_server_software | The CLI in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to obtain root privileges by writing script arguments to an unspecified file, aka Bug ID CSCuv12542. | 2015-08-19 | 7.2 | CVE-2015-4327 CISCO |
| emc -- rsa_bsafe | Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) before 4.0.4 and 4.1, and RSA BSAFE SSL-C 2.8.9 and earlier allows remote attackers to cause a denial of service (memory corruption or segmentation fault) or possibly have unspecified other impact via crafted base64 data, a similar issue to CVE-2015-0292. | 2015-08-20 | 7.5 | CVE-2015-0537 BUGTRAQ |
| emc -- documentum_content_server | EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4622. | 2015-08-20 | 9.0 | CVE-2015-4531 BUGTRAQ |
| emc -- documentum_content_server | EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2514. | 2015-08-20 | 9.0 | CVE-2015-4532 BUGTRAQ |
| emc -- documentum_content_server | EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513. | 2015-08-20 | 9.0 | CVE-2015-4533 BUGTRAQ |
| emc -- documentum_content_server | Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute arbitrary code by forging a signature for a query string that lacks the method_verb parameter. | 2015-08-20 | 9.0 | CVE-2015-4534 BUGTRAQ |
| emc -- documentum_content_server | Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when __debug_trace__ is configured, allows remote authenticated users to gain super-user privileges by leveraging the ability to read a log file containing a login ticket. | 2015-08-20 | 7.5 | CVE-2015-4535 BUGTRAQ |
| fastglass -- storage_api | The Storage API module 7.x-1.x before 7.x-1.8 for Drupal does not properly restrict access to Storage API fields attached to entities that are not nodes, which allows remote attackers to have unspecified impact via unknown vectors. | 2015-08-18 | 7.5 | CVE-2015-5502 MISC CONFIRM MLIST |
| j2store -- j2store | Multiple SQL injection vulnerabilities in the J2Store (com_j2store) extension before 3.1.7 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) sortby or (2) manufacturer_ids[] parameter to index.php. | 2015-08-18 | 7.5 | CVE-2015-6513 CONFIRM MISC MISC |
| microsoft -- office | Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | 2015-08-14 | 9.3 | CVE-2015-1642 MS |
| microsoft -- windows_10 | Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Mount Manager Elevation of Privilege Vulnerability." | 2015-08-14 | 7.2 | CVE-2015-1769 MS |
| microsoft -- windows_7 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow attackers to bypass an application sandbox protection mechanism and perform unspecified registry actions via a crafted application, aka "Windows Registry Elevation of Privilege Vulnerability." | 2015-08-14 | 9.3 | CVE-2015-2429 MS |
| microsoft -- windows_7 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow attackers to bypass an application sandbox protection mechanism and perform unspecified filesystem actions via a crafted application, aka "Windows Filesystem Elevation of Privilege Vulnerability." | 2015-08-14 | 9.3 | CVE-2015-2430 MS |
| microsoft -- live_meeting | Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office Graphics Library (OGL) font, aka "Microsoft Office Graphics Component Remote Code Execution Vulnerability." | 2015-08-14 | 9.3 | CVE-2015-2431 MS |
| microsoft -- windows_7 | ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability." | 2015-08-14 | 9.3 | CVE-2015-2432 MS |
| microsoft -- excel | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Silverlight before 5.1.40728 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability." | 2015-08-14 | 9.3 | CVE-2015-2435 MS |
| microsoft -- internet_explorer | Microsoft Internet Explorer 7 through 11 and Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2452. | 2015-08-14 | 9.3 | CVE-2015-2441 MS MS |
| microsoft -- internet_explorer | Microsoft Internet Explorer 8 through 11 and Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2444. | 2015-08-14 | 9.3 | CVE-2015-2442 MS MS |
| microsoft -- internet_explorer | Microsoft Internet Explorer 11 and Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2447. | 2015-08-14 | 9.3 | CVE-2015-2446 MS MS |
| microsoft -- .net_framework | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2456. | 2015-08-14 | 9.3 | CVE-2015-2455 MS |
| microsoft -- .net_framework | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2455. | 2015-08-14 | 9.3 | CVE-2015-2456 MS |
| microsoft -- windows_10 | ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2459 and CVE-2015-2461. | 2015-08-14 | 9.3 | CVE-2015-2458 MS |
| microsoft -- windows_10 | ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2458 and CVE-2015-2461. | 2015-08-14 | 9.3 | CVE-2015-2459 MS |
| microsoft -- .net_framework | ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability." | 2015-08-14 | 9.3 | CVE-2015-2460 MS |
| microsoft -- windows_10 | ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2458 and CVE-2015-2459. | 2015-08-14 | 9.3 | CVE-2015-2461 MS |
| microsoft -- .net_framework | ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability." | 2015-08-14 | 9.3 | CVE-2015-2462 MS |
| microsoft -- .net_framework | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2464. | 2015-08-14 | 9.3 | CVE-2015-2463 MS |
| microsoft -- .net_framework | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2463. | 2015-08-14 | 9.3 | CVE-2015-2464 MS |
| microsoft -- office | Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted template, aka "Microsoft Office Remote Code Execution Vulnerability." | 2015-08-14 | 9.3 | CVE-2015-2466 MS |
| microsoft -- office | Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | 2015-08-14 | 9.3 | CVE-2015-2467 MS |
| microsoft -- office | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office for Mac 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Word Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | 2015-08-14 | 9.3 | CVE-2015-2468 MS |
| microsoft -- office | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, and Office for Mac 2011 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | 2015-08-14 | 9.3 | CVE-2015-2469 MS |
| microsoft -- office | Integer underflow in Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office for Mac 2011, and Word Viewer allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Integer Underflow Vulnerability." | 2015-08-14 | 9.3 | CVE-2015-2470 MS |
| microsoft -- windows_7 | Untrusted search path vulnerability in the client in Remote Desktop Protocol (RDP) through 8.1 in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Protocol DLL Planting Remote Code Execution Vulnerability." | 2015-08-14 | 9.3 | CVE-2015-2473 MS |
| microsoft -- windows_server_2008 | Microsoft Windows Vista SP2 and Server 2008 SP2 allow remote authenticated users to execute arbitrary code via a crafted string in a Server Message Block (SMB) server error-logging action, aka "Server Message Block Memory Corruption Vulnerability." | 2015-08-14 | 9.0 | CVE-2015-2474 MS |
| microsoft -- office | Microsoft Office 2007 SP3, Office for Mac 2011, Office for Mac 2016, and Word Viewer allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | 2015-08-14 | 9.3 | CVE-2015-2477 MS |
| microsoft -- .net_framework | The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka "RyuJIT Optimization Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2480 and CVE-2015-2481. | 2015-08-14 | 9.3 | CVE-2015-2479 MS |
| microsoft -- .net_framework | The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka "RyuJIT Optimization Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2479 and CVE-2015-2481. | 2015-08-14 | 9.3 | CVE-2015-2480 MS |
| microsoft -- .net_framework | The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka "RyuJIT Optimization Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2479 and CVE-2015-2480. | 2015-08-14 | 9.3 | CVE-2015-2481 MS |
| microsoft -- internet_explorer | Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," as exploited in the wild in August 2015. | 2015-08-19 | 9.3 | CVE-2015-2502 MS MISC MISC MISC |
| mozilla -- firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2015-08-15 | 10.0 | CVE-2015-4473 CONFIRM CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2015-08-15 | 10.0 | CVE-2015-4474 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox | The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file. | 2015-08-15 | 7.5 | CVE-2015-4475 CONFIRM CONFIRM |
| mozilla -- firefox | Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API. | 2015-08-15 | 10.0 | CVE-2015-4477 CONFIRM CONFIRM |
| mozilla -- firefox | Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video data. | 2015-08-15 | 10.0 | CVE-2015-4479 CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox | Integer overflow in the stagefright::SampleTable::isValid function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via crafted MPEG-4 video data with H.264 encoding. | 2015-08-15 | 9.3 | CVE-2015-4480 CONFIRM CONFIRM |
| mozilla -- firefox | Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data. | 2015-08-15 | 10.0 | CVE-2015-4485 CONFIRM CONFIRM |
| mozilla -- firefox | The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data. | 2015-08-15 | 10.0 | CVE-2015-4486 CONFIRM CONFIRM |
| mozilla -- firefox | The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow." | 2015-08-15 | 7.5 | CVE-2015-4487 CONFIRM CONFIRM |
| mozilla -- firefox | Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment. | 2015-08-15 | 7.5 | CVE-2015-4488 CONFIRM CONFIRM |
| mozilla -- firefox | The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment. | 2015-08-15 | 7.5 | CVE-2015-4489 CONFIRM CONFIRM |
| mozilla -- firefox | Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object. | 2015-08-15 | 7.5 | CVE-2015-4492 CONFIRM CONFIRM |
| mozilla -- firefox | Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data. | 2015-08-15 | 9.3 | CVE-2015-4493 CONFIRM CONFIRM |
| mozilla -- firefox | Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file. | 2015-08-15 | 9.3 | CVE-2015-4496 CONFIRM CONFIRM |
| net-snmp -- net-snmp | The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. | 2015-08-19 | 7.5 | CVE-2015-5621 CONFIRM CONFIRM UBUNTU MLIST MLIST MLIST CONFIRM REDHAT |
| novalnet -- novalnet_payment_module_ubercart- | SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2015-08-18 | 7.5 | CVE-2015-5504 MISC MLIST |
| perl -- perl | Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression. | 2015-08-16 | 7.5 | CVE-2013-7422 CONFIRM CONFIRM APPLE |
| pimcore -- pimcore | SQL injection vulnerability in pimcore before build 3473 allows remote attackers to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy. | 2015-08-18 | 7.5 | CVE-2015-4426 MISC CONFIRM FULLDISC |
| wpslideshow -- powerplay_gallery | Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name parameter. | 2015-08-18 | 7.5 | CVE-2015-5599 MISC MLIST FULLDISC MISC |
| wpslideshow -- powerplay_gallery | Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in *_uploadfolder/big/. | 2015-08-18 | 7.5 | CVE-2015-5681 MISC MLIST MLIST FULLDISC MISC |
| wpsymposium -- wp_symposium | SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php. | 2015-08-19 | 7.5 | CVE-2015-6522 EXPLOIT-DB |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| administration_views_project -- administration_views | The Administration Views module 7.x-1.x before 7.x-1.4 for Drupal, when used with other unspecified modules, does not properly grant access to administration pages, which allows remote administrators to bypass intended restrictions via unspecified vectors. | 2015-08-18 | 6.0 | CVE-2015-5509 MISC CONFIRM MLIST |
| apache -- activemq | The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command. | 2015-08-14 | 5.0 | CVE-2014-3576 CONFIRM DEBIAN MLIST |
| apache -- activemq | Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors. | 2015-08-19 | 5.0 | CVE-2015-1830 SECTRACK CONFIRM |
| apache_solr_real-time_project -- apache_solr_real-time | The Apache Solr Real-Time module 7.x-1.x before 7.x-1.2 for Drupal does not check the status of an entity when indexing, which allows remote attackers to obtain information about unpublished content via a search. | 2015-08-18 | 5.0 | CVE-2015-5506 MISC CONFIRM MLIST |
| apple -- safari | Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote attackers to conduct spoofing attacks via a crafted site. | 2015-08-16 | 4.3 | CVE-2015-3729 CONFIRM CONFIRM APPLE APPLE |
| apple -- safari | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 2015-08-16 | 6.8 | CVE-2015-3730 CONFIRM CONFIRM APPLE APPLE |
| apple -- safari | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 2015-08-16 | 6.8 | CVE-2015-3731 CONFIRM CONFIRM APPLE APPLE |
| apple -- safari | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 2015-08-16 | 6.8 | CVE-2015-3732 CONFIRM CONFIRM APPLE APPLE |
| apple -- safari | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 2015-08-16 | 6.8 | CVE-2015-3733 CONFIRM CONFIRM APPLE APPLE |
| apple -- safari | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 2015-08-16 | 6.8 | CVE-2015-3734 CONFIRM CONFIRM APPLE APPLE |
| apple -- safari | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 2015-08-16 | 6.8 | CVE-2015-3735 CONFIRM CONFIRM APPLE APPLE |
| apple -- safari | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 2015-08-16 | 6.8 | CVE-2015-3736 CONFIRM CONFIRM APPLE APPLE |
| apple -- safari | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 2015-08-16 | 6.8 | CVE-2015-3737 CONFIRM CONFIRM APPLE APPLE |
| apple -- safari | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 2015-08-16 | 6.8 | CVE-2015-3738 CONFIRM CONFIRM APPLE APPLE |
| apple -- safari | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 2015-08-16 | 6.8 | CVE-2015-3739 CONFIRM CONFIRM APPLE APPLE |
| apple -- safari | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 2015-08-16 | 6.8 | CVE-2015-3740 CONFIRM CONFIRM APPLE APPLE |
| apple -- safari | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 2015-08-16 | 6.8 | CVE-2015-3741 CONFIRM CONFIRM APPLE APPLE |
| apple -- safari | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 2015-08-16 | 6.8 | CVE-2015-3742 CONFIRM CONFIRM APPLE APPLE |
| apple -- safari | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 2015-08-16 | 6.8 | CVE-2015-3743 CONFIRM CONFIRM APPLE APPLE |
| apple -- safari | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 2015-08-16 | 6.8 | CVE-2015-3744 CONFIRM CONFIRM APPLE APPLE |
| apple -- safari | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 2015-08-16 | 6.8 | CVE-2015-3745 CONFIRM CONFIRM APPLE APPLE |
| apple -- safari | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 2015-08-16 | 6.8 | CVE-2015-3746 CONFIRM CONFIRM APPLE APPLE |
| apple -- safari | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 2015-08-16 | 6.8 | CVE-2015-3747 CONFIRM CONFIRM APPLE APPLE |
| apple -- safari | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 2015-08-16 | 6.8 | CVE-2015-3748 CONFIRM CONFIRM APPLE APPLE |
| apple -- safari | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 2015-08-16 | 6.8 | CVE-2015-3749 CONFIRM CONFIRM APPLE APPLE |
| apple -- safari | WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof a report by modifying the client-server data stream. | 2015-08-16 | 6.4 | CVE-2015-3750 CONFIRM CONFIRM APPLE APPLE |
| apple -- safari | WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an OBJECT element. | 2015-08-16 | 5.0 | CVE-2015-3751 CONFIRM CONFIRM APPLE APPLE |
| apple -- safari | The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross-origin request or (2) a private-browsing request. | 2015-08-16 | 5.0 | CVE-2015-3752 CONFIRM CONFIRM APPLE APPLE |
| apple -- safari | WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a redirect to a data:image resource. | 2015-08-16 | 5.0 | CVE-2015-3753 CONFIRM CONFIRM APPLE APPLE |
| apple -- safari | The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site. | 2015-08-16 | 4.3 | CVE-2015-3754 CONFIRM APPLE |
| apple -- safari | WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL. | 2015-08-16 | 4.3 | CVE-2015-3755 CONFIRM CONFIRM APPLE APPLE |
| apple -- iphone_os | UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation requirement and initiate arbitrary FaceTime calls via an app that provides a crafted URL. | 2015-08-16 | 4.3 | CVE-2015-3758 CONFIRM APPLE |
| apple -- iphone_os | Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink. | 2015-08-16 | 4.6 | CVE-2015-3759 CONFIRM APPLE |
| apple -- mac_os_x | The Text Formats component in Apple OS X before 10.10.5, as used in TextEdit, allows remote attackers to read arbitrary files via a text file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2015-08-16 | 5.0 | CVE-2015-3762 CONFIRM APPLE |
| apple -- iphone_os | Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript alert messages, which allows remote attackers to cause a denial of service (apparent browser locking) via a crafted web site. | 2015-08-16 | 4.3 | CVE-2015-3763 CONFIRM APPLE |
| apple -- mac_os_x | Notification Center in Apple OS X before 10.10.5 does not properly remove dismissed notifications, which allows attackers to read arbitrary notifications via a crafted app. | 2015-08-16 | 4.3 | CVE-2015-3764 CONFIRM APPLE |
| apple -- quicktime | QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. | 2015-08-16 | 6.8 | CVE-2015-3765 CONFIRM APPLE |
| apple -- iphone_os | The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app. | 2015-08-16 | 4.3 | CVE-2015-3766 CONFIRM CONFIRM APPLE APPLE |
| apple -- mac_os_x | The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof word definitions by modifying the client-server data stream. | 2015-08-16 | 4.8 | CVE-2015-3774 CONFIRM APPLE |
| apple -- quicktime | QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. | 2015-08-16 | 6.8 | CVE-2015-3779 CONFIRM APPLE |
| apple -- mac_os_x | The Bluetooth subsystem in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | 2015-08-16 | 4.3 | CVE-2015-3780 CONFIRM APPLE |
| apple -- mac_os_x | Cross-site scripting (XSS) vulnerability in Quick Look in Apple OS X before 10.10.5 allows remote attackers to inject arbitrary web script or HTML via a previously visited web site that is rendered during a Quick Look search. | 2015-08-16 | 4.3 | CVE-2015-3781 CONFIRM APPLE |
| apple -- iphone_os | CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app. | 2015-08-16 | 4.3 | CVE-2015-3782 CONFIRM CONFIRM APPLE APPLE |
| apple -- iphone_os | Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2015-08-16 | 5.0 | CVE-2015-3784 CONFIRM CONFIRM APPLE APPLE |
| apple -- mac_os_x | The Bluetooth subsystem in Apple OS X before 10.10.5 does not properly restrict Notification Center Service access, which allows attackers to read Notification Center notifications of certain paired devices via a crafted app. | 2015-08-16 | 4.3 | CVE-2015-3786 CONFIRM APPLE |
| apple -- quicktime | QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. | 2015-08-16 | 6.8 | CVE-2015-3788 CONFIRM APPLE |
| apple -- quicktime | QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. | 2015-08-16 | 6.8 | CVE-2015-3789 CONFIRM APPLE |
| apple -- quicktime | QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. | 2015-08-16 | 6.8 | CVE-2015-3790 CONFIRM APPLE |
| apple -- quicktime | QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. | 2015-08-16 | 6.8 | CVE-2015-3791 CONFIRM APPLE |
| apple -- quicktime | QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. | 2015-08-16 | 6.8 | CVE-2015-3792 CONFIRM APPLE |
| apple -- iphone_os | CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. | 2015-08-16 | 4.3 | CVE-2015-3793 CONFIRM APPLE |
| apple -- mac_os_x | The Speech UI in Apple OS X before 10.10.5, when speech alerts are enabled, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Unicode string. | 2015-08-16 | 6.8 | CVE-2015-3794 CONFIRM APPLE |
| apple -- iphone_os | libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XML document. | 2015-08-16 | 4.3 | CVE-2015-3807 CONFIRM CONFIRM APPLE APPLE |
| apple -- iphone_os | AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling. | 2015-08-16 | 5.0 | CVE-2015-5746 CONFIRM APPLE |
| apple -- mac_os_x | The fasttrap driver in the kernel in Apple OS X before 10.10.5 allows local users to cause a denial of service (resource consumption) via unspecified vectors. | 2015-08-16 | 4.9 | CVE-2015-5747 CONFIRM APPLE |
| apple -- iphone_os | The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. | 2015-08-16 | 4.3 | CVE-2015-5749 CONFIRM APPLE |
| apple -- quicktime | QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5753, and CVE-2015-5779. | 2015-08-16 | 6.8 | CVE-2015-5751 CONFIRM APPLE |
| apple -- iphone_os | Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink. | 2015-08-16 | 5.0 | CVE-2015-5752 CONFIRM APPLE |
| apple -- quicktime | QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, and CVE-2015-5779. | 2015-08-16 | 6.8 | CVE-2015-5753 CONFIRM APPLE |
| apple -- iphone_os | CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761. | 2015-08-16 | 6.8 | CVE-2015-5755 CONFIRM CONFIRM APPLE APPLE |
| apple -- iphone_os | FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5775. | 2015-08-16 | 6.8 | CVE-2015-5756 CONFIRM CONFIRM APPLE APPLE |
| apple -- iphone_os | ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. | 2015-08-16 | 6.8 | CVE-2015-5758 CONFIRM CONFIRM APPLE APPLE |
| apple -- iphone_os | WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events. | 2015-08-16 | 5.0 | CVE-2015-5759 CONFIRM APPLE |
| apple -- iphone_os | CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755. | 2015-08-16 | 6.8 | CVE-2015-5761 CONFIRM CONFIRM APPLE APPLE |
| apple -- iphone_os | Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling. | 2015-08-16 | 5.0 | CVE-2015-5766 CONFIRM APPLE |
| apple -- mac_os_x | AppleGraphicsControl in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | 2015-08-16 | 4.3 | CVE-2015-5768 CONFIRM APPLE |
| apple -- iphone_os | MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app. | 2015-08-16 | 5.8 | CVE-2015-5770 CONFIRM APPLE |
| apple -- mac_os_x | Quartz Composer Framework in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted QuickTime file. | 2015-08-16 | 6.8 | CVE-2015-5771 CONFIRM APPLE |
| apple -- mac_os_x | Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code via a crafted Collada file. | 2015-08-16 | 6.8 | CVE-2015-5772 CONFIRM APPLE |
| apple -- iphone_os | QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document. | 2015-08-16 | 6.8 | CVE-2015-5773 CONFIRM CONFIRM APPLE APPLE |
| apple -- iphone_os | CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5778. | 2015-08-16 | 6.8 | CVE-2015-5777 CONFIRM CONFIRM APPLE APPLE |
| apple -- iphone_os | CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5777. | 2015-08-16 | 6.8 | CVE-2015-5778 CONFIRM CONFIRM APPLE APPLE |
| apple -- iphone_os | ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image. | 2015-08-16 | 4.3 | CVE-2015-5781 CONFIRM CONFIRM APPLE APPLE |
| apple -- iphone_os | ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image. | 2015-08-16 | 4.3 | CVE-2015-5782 CONFIRM CONFIRM APPLE APPLE |
| bestpractical -- request_tracker | Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management pages. | 2015-08-14 | 4.3 | CVE-2015-5475 CONFIRM DEBIAN |
| chamilo_integration_project -- chamilo_integration | Open redirect vulnerability in the Chamilo integration module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters. | 2015-08-18 | 5.8 | CVE-2015-5503 MISC CONFIRM MLIST |
| cisco -- nx-os | The global-configuration implementation on Cisco ASR 9000 devices with software 5.1.3 and 5.3.0 improperly closes vty sessions after a commit/end operation, which allows local users to cause a denial of service (tmp/*config file creation, memory consumption, and device hang) via unspecified vectors, aka Bug ID CSCut93842. | 2015-08-19 | 4.9 | CVE-2015-4277 CISCO |
| cisco -- nx-os | Nexus Data Broker (NDB) on Cisco Nexus 3000 devices with software 6.0(2)A6(1) allows remote attackers to cause a denial of service (Java process restart) via crafted connections to the Java application, aka Bug ID CSCut87006. | 2015-08-19 | 5.0 | CVE-2015-4296 CISCO |
| cisco -- webex_node_for_mcs | Open redirect vulnerability in Cisco WebEx Node for Media Convergence Server (MCS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted HTTP request parameters, aka Bug ID CSCuv32136. | 2015-08-19 | 5.8 | CVE-2015-4297 CISCO |
| cisco -- unified_web_and_e-mail_interaction_manager | Cisco Unified Web and E-Mail Interaction Manager 9.0(2) and 11.0(1) improperly performs authorization, which allows remote authenticated users to read or write to stored data via unspecified vectors, aka Bug ID CSCuo89056. | 2015-08-19 | 6.5 | CVE-2015-4298 CISCO |
| cisco -- unified_web_and_e-mail_interaction_manager | Cisco Unified Web and E-Mail Interaction Manager 9.0(2) improperly performs authorization, which allows remote authenticated users to remove default messaging-queue system folders via unspecified vectors, aka Bug ID CSCuo89046. | 2015-08-19 | 5.5 | CVE-2015-4299 CISCO |
| cisco -- nx-os | Cisco NX-OS on Nexus 9000 devices 11.1(1c) allows remote authenticated users to cause a denial of service (device hang) via large files that are copied to a device's filesystem, aka Bug ID CSCuu77225. | 2015-08-19 | 6.8 | CVE-2015-4301 CISCO |
| cisco -- firesight_system_software | The web interface in Cisco FireSIGHT Management Center 5.3.1.4 allows remote attackers to delete arbitrary system policies via modified parameters in a POST request, aka Bug ID CSCuu25390. | 2015-08-19 | 6.4 | CVE-2015-4302 CISCO |
| cisco -- telepresence_video_communication_server_software | Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary commands in the context of the nobody user account via an unspecified web-page parameter, aka Bug ID CSCuv12333. | 2015-08-20 | 6.5 | CVE-2015-4303 CISCO |
| cisco -- edge_bluebird_operating_system | The webGUI configuration-export feature in Cisco Edge Bluebird Operating System 1.2 on Edge 340 devices allows remote authenticated users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuu43968. | 2015-08-19 | 6.8 | CVE-2015-4308 CISCO |
| cisco -- finesse | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse 10.5(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug IDs CSCuq82322, CSCut95853, and CSCuq73975. | 2015-08-19 | 4.3 | CVE-2015-4310 CISCO |
| cisco -- telepresence_video_communication_server_software | The System Snapshot feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 allows remote authenticated users to obtain sensitive password-hash information by reading the snapshot file, aka Bug ID CSCuv40422. | 2015-08-19 | 4.0 | CVE-2015-4314 CISCO |
| cisco -- telepresence_video_communication_server_software | The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitrary files or cause a denial of service via a crafted XML document, aka Bug ID CSCuv31853. | 2015-08-19 | 5.5 | CVE-2015-4315 CISCO |
| cisco -- telepresence_video_communication_server_software | The Mobile and Remote Access (MRA) endpoint-validation feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly validates the phone line used for registration, which allows remote authenticated users to conduct impersonation attacks via a crafted registration, aka Bug ID CSCuv40396. | 2015-08-20 | 5.5 | CVE-2015-4316 CISCO |
| cisco -- telepresence_video_communication_server_software | Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in an authentication packet, aka Bug ID CSCuv40469. | 2015-08-19 | 5.0 | CVE-2015-4317 CISCO |
| cisco -- telepresence_video_communication_server_software | Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in a GET request, aka Bug ID CSCuv40528. | 2015-08-20 | 5.0 | CVE-2015-4318 CISCO |
| cisco -- telepresence_video_communication_server_software | The password-change feature in the administrative web interface in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 improperly performs authorization, which allows remote authenticated users to reset arbitrary active-user passwords via unspecified vectors, aka Bug ID CSCuv12338. | 2015-08-20 | 5.5 | CVE-2015-4319 CISCO |
| cisco -- telepresence_video_communication_server_software | The Configuration Log File component in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to obtain sensitive information by reading a log file, aka Bug ID CSCuv12340. | 2015-08-19 | 4.0 | CVE-2015-4320 CISCO |
| cisco -- adaptive_security_appliance_software | The Unicast Reverse Path Forwarding (uRPF) implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(1.50), 9.3(2.100), 9.3(3), and 9.4(1) mishandles cases where an IP address belongs to an internal interface but is also in the ASA routing table, which allows remote attackers to bypass uRPF validation via spoofed packets, aka Bug ID CSCuv60724. | 2015-08-20 | 5.0 | CVE-2015-4321 CISCO |
| cisco -- content_security_management_appliance | Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users to read or write to an arbitrary user's Spam Quarantine folder by visiting a spam-notification URL, aka Bug ID CSCuv65894. | 2015-08-19 | 5.5 | CVE-2015-4322 CISCO |
| cisco -- mds_9000_nx-os | Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.9); Nexus 3000 devices 6.0(2)U5(1.41), 7.0(3)I2(0.373), and 7.3(0)ZN(0.83); Nexus 4000 devices 4.1(2)E1(1b); Nexus 7000 devices 6.2(14)S1; Nexus 9000 devices 7.3(0)ZN(0.9); and MDS 9000 devices 6.2 (13) and 7.1(0)ZN(91.99) and MDS SAN-OS 7.1(0)ZN(91.99) allows remote attackers to cause a denial of service (device outage) via a crafted ARP packet, related to incorrect MTU validation, aka Bug IDs CSCuv71933, CSCuv61341, CSCuv61321, CSCuu78074, CSCut37060, CSCuv61266, CSCuv61351, CSCuv61358, and CSCuv61366. | 2015-08-19 | 6.1 | CVE-2015-4323 CISCO |
| cisco -- nx-os | Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.81), Nexus 3000 devices 7.3(0)ZN(0.81), Nexus 4000 devices 4.1(2)E1(1c), Nexus 7000 devices 7.2(0)N1(0.1), and Nexus 9000 devices 7.3(0)ZN(0.81) allows remote attackers to cause a denial of service (IGMP process restart) via a malformed IGMPv3 packet that is mishandled during memory allocation, aka Bug IDs CSCuv69713, CSCuv69717, CSCuv69723, CSCuv69732, and CSCuv48908. | 2015-08-19 | 6.1 | CVE-2015-4324 CISCO |
| cisco -- telepresence_video_communication_server_software | Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified Communications lookup page, aka Bug ID CSCuv12552. | 2015-08-19 | 4.0 | CVE-2015-4328 CISCO |
| cisco -- telepresence_video_communication_server_software | The administrator web interface in Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, aka Bug ID CSCuv11796. | 2015-08-20 | 6.5 | CVE-2015-4329 CISCO |
| cisco -- unified_web_and_e-mail_interaction_manager | Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-Mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via a crafted chat message, aka Bug ID CSCuo89051. | 2015-08-19 | 4.3 | CVE-2015-6255 CISCO |
| codelogic -- freichat | SQL injection vulnerability in the get_messages function in server/plugins/chatroom/chatroom.php in FreiChat 9.6 allows remote attackers to execute arbitrary SQL commands via the time parameter to server/freichat.php. | 2015-08-18 | 5.0 | CVE-2015-6512 EXPLOIT-DB MISC MISC |
| codfront_labs -- http_strict_transport_security | The HTTP Strict Transport Security (HSTS) module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the "include subdomains" directive, which causes the HSTS policy to not be applied to subdomains and allows man-in-the-middle attackers to have unspecified impact via unknown vectors. | 2015-08-18 | 6.8 | CVE-2015-5505 MISC CONFIRM CONFIRM MLIST |
| content_construction_kit_project -- content_construction_kit | Open redirect vulnerability in the Content Construction Kit (CCK) 6.x-2.x before 6.x-2.10 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destinations parameter, related to administration pages. | 2015-08-18 | 5.8 | CVE-2015-5510 CONFIRM MISC MLIST |
| coppermine-gallery -- coppermine_photo_gallery | Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter. | 2015-08-20 | 4.3 | CVE-2015-6528 MISC |
| cygnux -- syspass | SQL injection vulnerability in cygnux.org sysPass 1.0.9 and earlier allows remote authenticated users to execute arbitrary SQL commands via the search parameter to ajax/ajax_search.php. | 2015-08-18 | 6.5 | CVE-2015-6516 MISC EXPLOIT-DB BUGTRAQ MISC |
| dell -- netvault_backup | Dell Netvault Backup before 10.0.5 allows remote attackers to cause a denial of service (crash) via a crafted request. | 2015-08-14 | 5.0 | CVE-2015-5696 EXPLOIT-DB SECTRACK BUGTRAQ MISC |
| dev4press -- gd_bbpress_attachments | Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php. | 2015-08-18 | 4.3 | CVE-2015-5481 CONFIRM MISC FULLDISC MISC |
| dev4press -- gd_bbpress_attachments | Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php. | 2015-08-18 | 4.0 | CVE-2015-5482 CONFIRM MISC MISC |
| devexpress -- ajax_control_toolkit | Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit (aka AjaxControlToolkit) before 15.1 allows remote attackers to write to arbitrary files via a .. (dot dot) in the fileId parameter to AjaxFileUploadHandler.axd. | 2015-08-18 | 6.4 | CVE-2015-4670 BUGTRAQ MISC |
| elasticsearch -- elasticsearch | Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls. | 2015-08-17 | 5.0 | CVE-2015-5531 CONFIRM BID BUGTRAQ MISC |
| emc -- rsa_bsafe | EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-3572. | 2015-08-20 | 4.3 | CVE-2015-0533 BUGTRAQ |
| emc -- rsa_bsafe | EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, a similar issue to CVE-2014-8275. | 2015-08-20 | 5.0 | CVE-2015-0534 BUGTRAQ |
| emc -- rsa_bsafe | EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier do not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a similar issue to CVE-2015-0204. | 2015-08-20 | 4.3 | CVE-2015-0535 BUGTRAQ |
| emc -- rsa_archer_egrc | Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users. | 2015-08-20 | 6.8 | CVE-2015-0542 BUGTRAQ |
| emc -- documentum_administrator | Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518. | 2015-08-20 | 6.8 | CVE-2015-4530 BUGTRAQ |
| entityform_block_project -- entityform_block | The Entityform Block module 7.x-1.x before 7.x-1.3 for Drupal does not properly check permissions when a form is locked to a role, which allows remote attackers to obtain access to certain entityforms via unspecified vectors. | 2015-08-18 | 5.0 | CVE-2015-5493 MISC CONFIRM MLIST |
| gnome -- gdk-pixbuf | Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling. | 2015-08-15 | 6.8 | CVE-2015-4491 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| gnu -- gnutls | GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid. | 2015-08-14 | 4.3 | CVE-2014-8155 CONFIRM REDHAT |
| hybridauth_social_login_project -- hybridauth_social_login | The HybridAuth Social Login module 7.x-2.x before 7.x-2.13 for Drupal allows remote attackers to bypass the user registration by administrator only configuration and create an account via a social login. | 2015-08-18 | 5.0 | CVE-2015-5511 MISC CONFIRM MLIST |
| inline_entity_form_project -- inline_entity_form | Cross-site scripting (XSS) vulnerability in the Inline Entity Form module 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with permission to create or edit fields to inject arbitrary web script or HTML via unspecified vectors. | 2015-08-18 | 4.3 | CVE-2015-5507 MISC CONFIRM MLIST |
| me_aliases_project -- me_aliases | The me aliases module 6.x-2.x before 6.x-2.10 and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to access Views using the "me" user argument handler by substituting "me" for a user id in a URL. | 2015-08-18 | 5.0 | CVE-2015-5512 MISC CONFIRM CONFIRM MLIST CONFIRM |
| microsoft -- system_center_operations_manager | Cross-site scripting (XSS) vulnerability in Microsoft System Center 2012 Operations Manager Gold before Rollup 8, SP1 before Rollup 10, and R2 before Rollup 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "System Center Operations Manager Web Console XSS Vulnerability." | 2015-08-14 | 4.3 | CVE-2015-2420 MS |
| microsoft -- excel | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Visio 2013 RT SP1, Word 2013 RT SP1, and Internet Explorer 7 through 11 allow remote attackers to gain privileges and obtain sensitive information via a crafted command-line parameter to an Office application or Notepad, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Unsafe Command Line Parameter Passing Vulnerability." | 2015-08-14 | 4.3 | CVE-2015-2423 MS MS MS |
| microsoft -- xml_core_services | Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2471. | 2015-08-14 | 4.3 | CVE-2015-2434 MS |
| microsoft -- xml_core_services | Microsoft XML Core Services 3.0, 5.0, and 6.0 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "MSXML Information Disclosure Vulnerability." | 2015-08-14 | 4.3 | CVE-2015-2440 MS |
| microsoft -- internet_explorer | Microsoft Internet Explorer 7 through 11 and Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "ASLR Bypass." | 2015-08-14 | 4.3 | CVE-2015-2449 MS MS |
| microsoft -- windows_7 | The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information via a crafted application that continues to execute during a subsequent user's login session, aka "Windows CSRSS Elevation of Privilege Vulnerability." | 2015-08-14 | 4.7 | CVE-2015-2453 MS |
| microsoft -- xml_core_services | Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2434. | 2015-08-14 | 4.3 | CVE-2015-2471 MS |
| microsoft -- windows_7 | Remote Desktop Session Host (RDSH) in Remote Desktop Protocol (RDP) through 8.1 in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify certificates, which allows man-in-the-middle attackers to spoof clients via a crafted certificate with valid Issuer and Serial Number fields, aka "Remote Desktop Session Host Spoofing Vulnerability." | 2015-08-14 | 4.3 | CVE-2015-2472 MS |
| microsoft -- biztalk_server | Cross-site scripting (XSS) vulnerability in uddi/search/frames.aspx in the UDDI Services component in Microsoft Windows Server 2008 SP2 and BizTalk Server 2010, 2013 Gold, and 2013 R2 allows remote attackers to inject arbitrary web script or HTML via the search parameter, aka "UDDI Services Elevation of Privilege Vulnerability." | 2015-08-14 | 4.3 | CVE-2015-2475 MS |
| mozilla -- firefox | Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method. | 2015-08-15 | 5.0 | CVE-2015-4478 CONFIRM CONFIRM |
| mozilla -- firefox | mar_read.c in the Updater in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows local users to gain privileges or cause a denial of service (out-of-bounds write) via a crafted name of a Mozilla Archive (aka MAR) file. | 2015-08-15 | 4.6 | CVE-2015-4482 CONFIRM CONFIRM |
| mozilla -- firefox | Mozilla Firefox before 40.0 allows man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request. | 2015-08-15 | 4.3 | CVE-2015-4483 CONFIRM CONFIRM |
| mozilla -- firefox | The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service (application crash) by leveraging the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuffer object. | 2015-08-15 | 5.0 | CVE-2015-4484 CONFIRM CONFIRM |
| mozilla -- firefox | The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in Mozilla Firefox before 40.0 does not implement the Content Security Policy Level 2 exceptions for the blob, data, and filesystem URL schemes during wildcard source-expression matching, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging unexpected policy-enforcement behavior. | 2015-08-15 | 4.3 | CVE-2015-4490 CONFIRM CONFIRM |
| navigate_project -- navigate | The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the "navigate view" permission. | 2015-08-18 | 4.0 | CVE-2015-5499 MISC MLIST |
| openstack -- horizon | Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class. | 2015-08-20 | 4.3 | CVE-2015-3219 MLIST MLIST CONFIRM BID |
| openstack -- glance | OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task flow API to create images and then deleting them. | 2015-08-14 | 4.0 | CVE-2015-3289 CONFIRM MLIST |
| opentext -- secure_mft_2013 | Cross-site scripting (XSS) vulnerability in OpenText Secure MFT 2013 before 2013 R3 P6 and 2014 before 2014 R2 P2 allows remote attackers to inject arbitrary web script or HTML via the querytext parameter to userdashboard.jsp. | 2015-08-20 | 4.3 | CVE-2015-6530 MISC BUGTRAQ |
| pass2pdf_project -- pass2pdf | The pass2pdf module for Drupal does not restrict access to generated PDF files, which allows remote attackers to obtain user passwords via unspecified vectors. | 2015-08-18 | 5.0 | CVE-2015-5496 MISC MLIST |
| pfsense -- pfsense | Cross-site scripting (XSS) vulnerability in the WebGUI in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the zone parameter in a del action to services_captiveportal_zones.php. | 2015-08-18 | 4.3 | CVE-2015-4029 CONFIRM FULLDISC |
| pfsense -- pfsense | Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the descr parameter in a "new" action to system_authservers.php. | 2015-08-18 | 4.3 | CVE-2015-6508 CONFIRM CONFIRM |
| pfsense -- pfsense | Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) proxypass parameter to system_advanced_misc.php; (2) adaptiveend, (3) adaptivestart, (4) maximumstates, (5) maximumtableentries, or (6) aliasesresolveinterval parameter to system_advanced_firewall.php; (7) proxyurl, (8) proxyuser, or (9) proxyport parameter to system_advanced_misc.php; or (10) name, (11) notification_name, (12) ipaddress, (13) password, (14) smtpipaddress, (15) smtpport, (16) smtpfromaddress, (17) smtpnotifyemailaddress, (18) smtpusername, or (19) smtppassword parameter to system_advanced_notifications.php. | 2015-08-18 | 4.3 | CVE-2015-6509 CONFIRM |
| pfsense -- pfsense | Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) srctrack, (2) use_mfs_tmp_size, or (3) use_mfs_var_size parameter to system_advanced_misc.php; the (4) port, (5) snaplen, or (6) count parameter to diag_packet_capture.php; the (7) pppoe_resethour, (8) pppoe_resetminute, (9) wpa_group_rekey, or (10) wpa_gmk_rekey parameter to interfaces.php; the (11) pppoe_resethour or (12) pppoe_resetminute parameter to interfaces_ppps_edit.php; the (13) member[] parameter to interfaces_qinq_edit.php; the (14) port or (15) retry parameter to load_balancer_pool_edit.php; the (16) pkgrepourl parameter to pkg_mgr_settings.php; the (17) zone parameter to services_captiveportal.php; the port parameter to (18) services_dnsmasq.php or (19) services_unbound.php; the (20) cache_max_ttl or (21) cache_min_ttl parameter to services_unbound_advanced.php; the (22) sshport parameter to system_advanced_admin.php; the (23) id, (24) tunable, (25) descr, or (26) value parameter to system_advanced_sysctl.php; the (27) firmwareurl, (28) repositoryurl, or (29) branch parameter to system_firmware_settings.php; the (30) pfsyncpeerip, (31) synchronizetoip, (32) username, or (33) passwordfld parameter to system_hasync.php; the (34) maxmss parameter to vpn_ipsec_settings.php; the (35) ntp_server1, (36) ntp_server2, (37) wins_server1, or (38) wins_server2 parameter to vpn_openvpn_csc.php; or unspecified parameters to (39) load_balancer_relay_action.php, (40) load_balancer_relay_action_edit.php, (41) load_balancer_relay_protocol.php, or (42) load_balancer_relay_protocol_edit.php. | 2015-08-18 | 4.3 | CVE-2015-6510 CONFIRM |
| pfsense -- pfsense | Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the server[] parameter to services_ntpd.php. | 2015-08-18 | 4.3 | CVE-2015-6511 CONFIRM |
| phpipam -- phpipam | Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter to site/error.php or (2) ip parameter to site/tools/searchResults.php. | 2015-08-20 | 4.3 | CVE-2015-6529 BUGTRAQ MISC |
| phpliteadmin_project -- phpliteadmin | Cross-site request forgery (CSRF) vulnerability in phpLiteAdmin 1.1 allows remote attackers to hijack the authentication of users for requests that drop database tables via the droptable parameter to phpliteadmin.php. | 2015-08-18 | 6.8 | CVE-2015-6517 BUGTRAQ MISC |
| phpliteadmin_project -- phpliteadmin | Multiple cross-site scripting (XSS) vulnerabilities in phpLiteAdmin 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) droptable parameter, or (3) table parameter to phpliteadmin.php. | 2015-08-18 | 4.3 | CVE-2015-6518 BUGTRAQ MISC |
| picketlink -- picketlink | The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6254 for lack of validation for the Destination attribute in a Response element in a SAML assertion. | 2015-08-17 | 6.0 | CVE-2015-0277 CONFIRM CONFIRM REDHAT REDHAT REDHAT REDHAT |
| picketlink -- picketlink | The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-0277 per ADT2 due to different vulnerability types. | 2015-08-17 | 6.0 | CVE-2015-6254 CONFIRM CONFIRM REDHAT REDHAT REDHAT REDHAT |
| pimcore -- pimcore | Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. (dot dot) in the dir parameter to admin/asset/add-asset-compatibility. | 2015-08-18 | 4.9 | CVE-2015-4425 MISC CONFIRM FULLDISC |
| portfolio_project -- portfolio | Cross-site request forgery (CSRF) vulnerability in the Portfolio plugin before 1.05 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the instagram-portfolio page in wp-admin/options-general.php. | 2015-08-19 | 6.8 | CVE-2015-6523 CONFIRM FULLDISC |
| shipwire_api_project -- shipwire_api | The Shipwire API module 7.x-1.x before 7.x-1.03 for Drupal does not check the view permission for the shipments overview (admin/shipwire/shipments), which allows remote attackers to obtain sensitive information via a request to the page. | 2015-08-18 | 5.0 | CVE-2015-5498 MISC CONFIRM MLIST |
| splunk -- splunk | Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Enterprise 6.2.x before 6.2.4 and Splunk Light 6.2.x before 6.2.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2015-08-18 | 4.3 | CVE-2015-6514 CONFIRM SECTRACK |
| splunk -- splunk | Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.4, 6.1.x before 6.1.8, 6.0.x before 6.0.9, and 5.0.x before 5.0.13 and Splunk Light 6.2.x before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via a header. | 2015-08-18 | 4.3 | CVE-2015-6515 CONFIRM SECTRACK |
| techsmith -- camtasia_relay | Cross-site scripting (XSS) vulnerability in the Camtasia Relay module 6.x-2.x before 6.x-3.2 and 7.x-2.x before 7.x-1.3 for Drupal allows remote authenticated users with the "view meta information" permission to inject arbitrary web script or HTML via unspecified vectors related to the meta access tab. | 2015-08-18 | 4.3 | CVE-2015-5487 CONFIRM CONFIRM MISC MLIST |
| the_extensible_catalog_drupal_toolkit_project -- the_extensible_catalog_drupal_toolkit | Cross-site request forgery (CSRF) vulnerability in the XC NCIP Provider module in the eXtensible Catalog (XC) Drupal Toolkit allows remote attackers to hijack the authentication of users with the "administer ncip providers" permission for requests that alter NCIP providers via a crafted request. | 2015-08-18 | 5.1 | CVE-2015-5508 MISC MLIST |
| theeventscalendar -- eventbrite_tickets | Cross-site scripting (XSS) vulnerability in the Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin before 3.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "error" parameter to wp-admin/edit.php. | 2015-08-18 | 4.3 | CVE-2015-5485 CONFIRM MISC FULLDISC MISC |
| theforeman -- foreman | Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate. | 2015-08-14 | 5.0 | CVE-2015-1816 CONFIRM CONFIRM REDHAT REDHAT CONFIRM |
| theforeman -- foreman | Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API. | 2015-08-14 | 4.0 | CVE-2015-1844 CONFIRM MISC CONFIRM REDHAT REDHAT CONFIRM |
| theforeman -- foreman | Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 2015-08-14 | 5.0 | CVE-2015-3155 CONFIRM CONFIRM CONFIRM REDHAT REDHAT CONFIRM |
| theforeman -- foreman | Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors. | 2015-08-14 | 6.0 | CVE-2015-3235 CONFIRM REDHAT REDHAT CONFIRM CONFIRM |
| video_consultation_project -- video_consultation | Cross-site scripting (XSS) vulnerability in the Video Consultation module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-08-18 | 4.3 | CVE-2015-5492 MISC MLIST |
| videolan -- vlc_media_player | Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info. | 2015-08-17 | 4.3 | CVE-2014-9743 BID MISC FULLDISC CONFIRM |
| views_bulk_operations_project -- views_bulk_operations | The Views Bulk Operations (VBO) module 6.x-1.x and 7.x-3.x before 7.x-3.3 for Drupal, when the bulk operation for changing Roles is enabled, allows remote authenticated users to edit user accounts and add arbitrary roles to the accounts by leveraging access to a user account listing view with VBO enabled. | 2015-08-18 | 4.9 | CVE-2015-5515 MISC CONFIRM MLIST |
| views_project -- views | The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors. | 2015-08-18 | 5.0 | CVE-2015-5490 MISC CONFIRM MISC MLIST CONFIRM |
| xmlsoft -- libxml | The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. | 2015-08-14 | 5.0 | CVE-2015-1819 CONFIRM REDHAT |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple -- iphone_os | The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog. | 2015-08-16 | 2.1 | CVE-2015-3756 CONFIRM APPLE |
| apple -- mac_os_x | Apple OS X before 10.10.5 does not properly restrict access to the Date & Time preferences pane, which allows local users to spoof the time by visiting this pane. | 2015-08-16 | 2.1 | CVE-2015-3757 CONFIRM APPLE |
| apple -- iphone_os | bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic. | 2015-08-16 | 3.3 | CVE-2015-3778 CONFIRM CONFIRM APPLE APPLE |
| apple -- mac_os_x | The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote attackers to cause a denial of service via malformed Bluetooth ACL packets. | 2015-08-16 | 3.3 | CVE-2015-3787 CONFIRM APPLE |
| apple -- mac_os_x | The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume. | 2015-08-16 | 2.1 | CVE-2015-5748 CONFIRM APPLE |
| dynamic_display_block_project -- dynamic_display_block | The Dynamic display block module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users to bypass intended access restrictions and read sensitive titles by leveraging the "administer ddblock" permission. | 2015-08-18 | 3.5 | CVE-2015-5491 CONFIRM MISC MLIST |
| emc -- rsa_bsafe | EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allow remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero, a similar issue to CVE-2015-1787. | 2015-08-20 | 2.6 | CVE-2015-0536 BUGTRAQ |
| emc -- documentum_content_server | EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authenticated users to obtain sensitive information by reading this file. | 2015-08-20 | 3.5 | CVE-2015-4536 BUGTRAQ |
| microsoft -- windows_7 | Object Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels during interaction with object symbolic links that originated in a sandboxed process, which allows local users to gain privileges via a crafted application, aka "Windows Object Manager Elevation of Privilege Vulnerability." | 2015-08-14 | 2.1 | CVE-2015-2428 MS |
| microsoft -- windows_10 | The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Kernel ASLR Bypass Vulnerability." | 2015-08-14 | 2.1 | CVE-2015-2433 MS |
| microsoft -- windows_7 | The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows KMD Security Feature Bypass Vulnerability." | 2015-08-14 | 2.1 | CVE-2015-2454 MS |
| microsoft -- windows_10 | The Windows shell in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Shell Security Feature Bypass Vulnerability." | 2015-08-14 | 2.1 | CVE-2015-2465 MS |
| microsoft -- windows_7 | The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "WebDAV Client Information Disclosure Vulnerability." | 2015-08-14 | 2.6 | CVE-2015-2476 MS |
| migrate_project -- migrate | Cross-site scripting (XSS) vulnerability in the Migrate module 7.x-2.x before 7.x-2.8 for Drupal, when the migrate_ui submodule is enabled, allows user-assisted remote attackers to inject arbitrary web script or HTML via a destination field label. | 2015-08-18 | 2.6 | CVE-2015-5514 MISC CONFIRM MLIST |
| mobile_sliding_menu_project -- mobile_sliding_menu | Cross-site scripting (XSS) vulnerability in the Mobile sliding menu module 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer menu" permission to inject arbitrary web script or HTML via unspecified vectors. | 2015-08-18 | 2.1 | CVE-2015-5495 MISC CONFIRM MLIST |
| mozilla -- firefox | Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update. | 2015-08-15 | 3.3 | CVE-2015-4481 CONFIRM CONFIRM |
| navigate_project -- navigate | Cross-site scripting (XSS) vulnerability in the Navigate module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | 2015-08-18 | 3.5 | CVE-2015-5500 MISC MLIST |
| niif -- shibboleth_authentication | Cross-site scripting (XSS) vulnerability in the Shibboleth authentication module 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2 for Drupal allows remote authenticated users with the "Administer blocks" permission to inject arbitrary web script or HTML via unspecified vectors related to a login link. | 2015-08-18 | 2.1 | CVE-2015-5513 MISC CONFIRM CONFIRM MLIST |
| openstack -- glance | The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image. | 2015-08-19 | 3.5 | CVE-2015-5163 CONFIRM REDHAT MLIST |
| smart_trim_project -- smart_trim | Cross-site scripting (XSS) vulnerability in the Smart Trim module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors involving the field settings form. | 2015-08-18 | 3.5 | CVE-2015-5489 MISC CONFIRM MLIST |
| thinkshout -- mailchimp | Cross-site scripting (XSS) vulnerability in the MailChimp Signup submodule in the MailChimp module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "administer mailchimp" permission to inject arbitrary web script or HTML via unspecified vectors. | 2015-08-18 | 2.1 | CVE-2015-5488 MISC CONFIRM MLIST |
| web_links_project -- web_links | Cross-site scripting (XSS) vulnerability in the Web Links module 6.x-2.x before 6.x-2.6 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | 2015-08-18 | 3.5 | CVE-2015-5497 MISC CONFIRM CONFIRM MLIST |
| webform_matrix_component_project -- webform_matrix_component | Cross-site scripting (XSS) vulnerability in the Webform Matrix Component module 7.x-4.x before 7.x-4.13 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | 2015-08-18 | 3.5 | CVE-2015-5494 MISC CONFIRM MLIST |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.