U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

Bulletin (SB15-355)

Vulnerability Summary for the Week of December 14, 2015

Original release date: December 21, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
accunetix -- web_vulnerability_scannerThe AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner (WVS) before 10 build 20151125 allows local users to gain privileges via a command parameter in the reporttemplate property in a params JSON object to api/addScan.2015-12-177.2CVE-2015-4027
EXPLOIT-DB
CONFIRM
MISC
apache -- commons_collectionsSerialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.2015-12-157.5CVE-2015-6420
CISCO
apache -- tomeeThe EjbObjectInputStream class in Apache TomEE allows remote attackers to execute arbitrary commands via a serialized Java stream.2015-12-167.5CVE-2015-8581
MISC
BID
bitrix -- mpbuilderDirectory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the "work" array parameter to admin/bitrix.mpbuilder_step2.php.2015-12-169.0CVE-2015-8358
MISC
CONFIRM
BUGTRAQ
MISC
cacti -- cactiSQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php.2015-12-177.5CVE-2015-8369
FULLDISC
MISC
cisco -- prime_collaboration_assuranceCisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this account's password, aka Bug ID CSCus62707.2015-12-129.0CVE-2015-6389
CISCO

cisco -- epc3928_docsis_3.0_8x4_wireless_residential_

gateway_with_embedded_digital_voice_adapter

Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allow remote attackers to bypass an intended authentication requirement and execute unspecified administrative functions via a crafted HTTP request, aka Bug ID CSCux24941.2015-12-137.5CVE-2015-6401
CISCO
cisco -- spa300_firmwareThe TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400.2015-12-157.2CVE-2015-6403
CISCO
cisco -- unified_computing_systemCisco Unified Computing System (UCS) 2.2(3f)A on Fabric Interconnect 6200 devices allows remote attackers to cause a denial of service (CPU consumption or device outage) via a SYN flood on the SSH port during the booting process, aka Bug ID CSCuu81757.2015-12-127.1CVE-2015-6415
CISCO
cisco -- application_policy_infrastructure_controllerThe boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via unspecified vectors, aka Bug ID CSCuu83985.2015-12-187.2CVE-2015-6424
CISCO
cisco -- prime_network_services_controllerCisco Prime Network Services Controller 3.0 allows local users to bypass intended access restrictions and execute arbitrary commands via additional parameters to an unspecified command, aka Bug ID CSCus99427.2015-12-187.2CVE-2015-6426
CISCO
cool_video_gallery_project -- cool_video_gallerylib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the "Width of preview image" and possibly other input fields in the "Video Gallery Settings" page.2015-12-177.5CVE-2015-7527
MISC
MISC
MISC
BUGTRAQ
MLIST
MISC
gnu -- glibcThe get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.2015-12-177.2CVE-2015-5277
MLIST
CONFIRM
CONFIRM
SECTRACK
REDHAT
google -- chromeThe ObjectBackedNativeHandler class in extensions/renderer/object_backed_native_handler.cc in the extensions subsystem in Google Chrome before 47.0.2526.80 improperly implements handler functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."2015-12-1410.0CVE-2015-6788
CONFIRM
CONFIRM
CONFIRM
google -- chromeRace condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47.0.2526.80, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact by leveraging unanticipated object deletion.2015-12-149.3CVE-2015-6789
CONFIRM
CONFIRM
CONFIRM
google -- chromeMultiple unspecified vulnerabilities in Google Chrome before 47.0.2526.80 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.2015-12-1410.0CVE-2015-6791
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- chromeMultiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.80, allow attackers to cause a denial of service or possibly have other impact via unknown vectors, a different issue than CVE-2015-8478.2015-12-1410.0CVE-2015-8548
CONFIRM
isc -- bindRace condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors.2015-12-167.1CVE-2015-8461
CONFIRM
joomla -- joomla!Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.2015-12-167.5CVE-2015-8562
CONFIRM
MISC
BID
joomla -- joomla!Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive.2015-12-167.5CVE-2015-8564
CONFIRM
joomla -- joomla!Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.2015-12-167.5CVE-2015-8565
CONFIRM
joomla -- sessionThe Session package 1.x before 1.3.1 for Joomla! Framework allows remote attackers to execute arbitrary code via unspecified session values.2015-12-167.5CVE-2015-8566
CONFIRM
BID
lepide -- active_directory_self_serviceThe password reset functionality in Lepide Active Directory Self Service allows remote authenticated users to change arbitrary domain user passwords via a crafted request.2015-12-157.4CVE-2015-8570
MISC
linuxfoundation -- cups-filtersIncomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.2015-12-177.5CVE-2015-8327
MLIST
MLIST
CONFIRM
UBUNTU
UBUNTU
DEBIAN
CONFIRM
CONFIRM
mozilla -- firefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.2015-12-1610.0CVE-2015-7201
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.2015-12-1610.0CVE-2015-7202
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefoxBuffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name.2015-12-1610.0CVE-2015-7203
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefoxInteger underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet.2015-12-1610.0CVE-2015-7205
CONFIRM
CONFIRM
mozilla -- firefoxUse-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function.2015-12-167.5CVE-2015-7210
CONFIRM
CONFIRM
mozilla -- firefoxInteger overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation.2015-12-167.5CVE-2015-7212
CONFIRM
CONFIRM
mozilla -- firefoxBuffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code.2015-12-1610.0CVE-2015-7220
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefoxBuffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change.2015-12-1610.0CVE-2015-7221
CONFIRM
CONFIRM
CONFIRM
sap -- mobile_platformThe SysAdminWebTool servlets in SAP Mobile Platform allow remote attackers to bypass authentication and obtain sensitive information, gain privileges, or have unspecified other impact via unknown vectors, aka SAP Security Note 2227855.2015-12-177.5CVE-2015-8600
MISC
MISC
xen -- xenXen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors.2015-12-177.2CVE-2015-8338
CONFIRM
xen -- xenThe libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains.2015-12-177.8CVE-2015-8341
CONFIRM
xmlsoft -- libxml2The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.2015-12-157.1CVE-2015-5312
CONFIRM
CONFIRM
CONFIRM
UBUNTU
REDHAT
REDHAT
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- cordova_file_transferCRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences in the filename of an uploaded file.2015-12-174.3CVE-2015-5204
CONFIRM
BID
autodesk -- design_reviewInteger overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 allows remote attackers to execute arbitrary code via a crafted biClrUsed value in a BMP file, which triggers a buffer overflow.2015-12-156.8CVE-2015-8571
CONFIRM
MISC
autodesk -- design_reviewMultiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitrary code via crafted RLE data in a (1) BMP or (2) FLI file, (3) encoded scan lines in a PCX file, or (4) DataSubBlock or (5) GlobalColorTable in a GIF file.2015-12-156.8CVE-2015-8572
CONFIRM
MISC
MISC
MISC
MISC
MISC
avg -- internet_securityAVG Internet Security 2015 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors.2015-12-166.4CVE-2015-8578
MISC
MISC
MISC
bitrix -- xscanDirectory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file parameter to admin/bitrix.xscan_worker.php.2015-12-166.5CVE-2015-8357
MISC
CONFIRM
BUGTRAQ
MISC
cacti -- cactiSQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action.2015-12-156.5CVE-2015-8377
FULLDISC
chat_room_project -- chat_roomThe Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote attackers to bypass intended access restrictions and read messages from arbitrary Chat Rooms via unspecified vectors.2015-12-175.0CVE-2015-8601
MISC
CONFIRM
cisco -- unified_communications_managerCisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266.2015-12-154.3CVE-2015-4206
CISCO
cisco -- iosThe Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3)S0.1 on ASR devices mishandles internal tables, which allows remote attackers to cause a denial of service (memory consumption or device crash) via a flood of crafted ND messages, aka Bug ID CSCup28217.2015-12-156.1CVE-2015-6359
CISCO
cisco -- dpc3939_wireless_residential_voice_gateway_firmwareThe administrative web interface on Cisco DPC3939 (XB3) devices with firmware 121109aCMCST allows remote authenticated users to execute arbitrary commands via unspecified fields, aka Bug ID CSCuw86170.2015-12-126.5CVE-2015-6361
CISCO

cisco -- dpq3925_8x4_docsis_3.0_wireless_residential_

gateway_with_embedded_digital_voice_adapter

Cross-site request forgery (CSRF) vulnerability on Cisco DPQ3925 devices with EDVA 5.5.2 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv05943.2015-12-136.8CVE-2015-6378
CISCO
cisco -- prime_service_catalogCisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID CSCuw48188.2015-12-126.5CVE-2015-6395
CISCO
cisco -- integrated_management_controller_supervisorThe Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted parameters in an HTTP request, aka Bug ID CSCuv38286.2015-12-156.8CVE-2015-6399
CISCO
cisco -- emergency_responderMultiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 10.5(1a) allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug ID CSCuv25547.2015-12-124.3CVE-2015-6400
CISCO

cisco -- epc3928_docsis_3.0_8x4_wireless_residential_

gateway_with_embedded_digital_voice_adapter

Cross-site scripting (XSS) vulnerability in the management interface on Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCux24935.2015-12-134.3CVE-2015-6402
CISCO
cisco -- hosted_collaboration_solutionCisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SOAP API requests, aka Bug ID CSCuw84374.2015-12-154.0CVE-2015-6404
CISCO
cisco -- emergency_responderCross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv26501.2015-12-126.8CVE-2015-6405
CISCO
cisco -- emergency_responderDirectory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781.2015-12-124.0CVE-2015-6406
CISCO
cisco -- emergency_responderCisco Emergency Responder 10.5(3.10000.9) allows remote attackers to upload files to arbitrary locations via a crafted parameter, aka Bug ID CSCuv25501.2015-12-124.0CVE-2015-6407
CISCO
cisco -- unity_connectionCross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578.2015-12-126.8CVE-2015-6408
CISCO
cisco -- telepresence_video_communication_server_softwareThe Mobile and Remote Access (MRA) services implementation in Cisco Unified Communications Manager mishandles edge-device identity validation, which allows remote attackers to bypass intended call-reception and call-setup restrictions by spoofing a user, aka Bug ID CSCuu97283.2015-12-134.0CVE-2015-6410
CISCO
cisco -- firepower_management_centerCisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by reading an unspecified field, aka Bug ID CSCux37061.2015-12-155.0CVE-2015-6411
CISCO
cisco -- telepresence_video_communication_server_softwareCisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651.2015-12-124.0CVE-2015-6413
CISCO
cisco -- unified_web_and_e-mail_interaction_managerCross-site scripting (XSS) vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) allows remote attackers to inject arbitrary web script or HTML a crafted URL, aka Bug ID CSCuw24479.2015-12-134.3CVE-2015-6416
CISCO
cisco -- videoscape_distribution_suite_service_managerCisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to database entries via (1) the GUI or (2) a crafted HTTP request, aka Bug ID CSCuv87025.2015-12-126.5CVE-2015-6417
CISCO
cisco -- rv016_multi-wan_vpn_firmwareThe random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS key pair via unspecified computations upon handshake key-exchange data, aka Bug ID CSCus15224.2015-12-124.3CVE-2015-6418
CISCO
cisco -- firesight_system_softwareCisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote authenticated users to read arbitrary files via a crafted GET request, aka Bug ID CSCur25410.2015-12-126.8CVE-2015-6419
CISCO
cisco -- unified_communications_domain_managerThe self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed requests, aka Bug ID CSCuu10981.2015-12-134.0CVE-2015-6422
CISCO
cisco -- unified_communications_managerThe WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786.2015-12-165.0CVE-2015-6425
CISCO
cisco -- firesight_system_softwareCisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437.2015-12-185.0CVE-2015-6427
CISCO

cisco -- dpq3925_8x4_docsis_3.0_wireless_residential_

gateway_with_embedded_digital_voice_adapter

Cisco DPQ3925 devices with EDVA r1 Base allow remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCuv03958.2015-12-185.0CVE-2015-6428
CISCO
foxitsoftware -- phantompdfMultiple use-after-free vulnerabilities in the (1) Print method and (2) App object handling in Foxit Reader before 7.2.2 and Foxit PhantomPDF before 7.2.2 allow remote attackers to execute arbitrary code via a crafted PDF document.2015-12-166.8CVE-2015-8580
CONFIRM
MISC
MISC
gnu -- grub2Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.2015-12-166.9CVE-2015-8370
BUGTRAQ
MLIST
FEDORA
MISC
google -- chromeThe WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as demonstrated by a double-quote character inside a single-quoted string.2015-12-144.3CVE-2015-6790
CONFIRM
CONFIRM
CONFIRM
ibm -- websphere_application_serverThe Edge Component Caching Proxy in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.12 and 8.5 before 8.5.5.8 does not properly encrypt data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.2015-12-154.0CVE-2015-5004
CONFIRM
AIXAPAR
isc -- binddb.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.2015-12-165.0CVE-2015-8000
CONFIRM
joomla -- joomla!Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.2015-12-166.8CVE-2015-8563
CONFIRM
BID
kaspersky -- total_security_2015Kaspersky Total Security 2015 15.0.2.361 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors.2015-12-166.4CVE-2015-8579
MISC
MISC
mozilla -- firefoxMozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments.2015-12-166.8CVE-2015-7204
CONFIRM
CONFIRM
mozilla -- firefoxMozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a related issue to CVE-2015-1300.2015-12-165.0CVE-2015-7207
MISC
CONFIRM
CONFIRM
mozilla -- firefoxMozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers.2015-12-165.0CVE-2015-7208
CONFIRM
CONFIRM
mozilla -- firefoxMozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors.2015-12-165.0CVE-2015-7211
CONFIRM
CONFIRM
mozilla -- firefoxInteger overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.2015-12-166.8CVE-2015-7213
CONFIRM
CONFIRM
mozilla -- firefoxMozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs.2015-12-165.0CVE-2015-7214
CONFIRM
CONFIRM
mozilla -- firefoxThe importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow.2015-12-165.0CVE-2015-7215
MISC
MISC
MISC
CONFIRM
CONFIRM
mozilla -- firefoxThe gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image.2015-12-166.8CVE-2015-7216
CONFIRM
CONFIRM
mozilla -- firefoxThe gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image.2015-12-164.3CVE-2015-7217
CONFIRM
CONFIRM
mozilla -- firefoxThe HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header frame that triggers incorrect memory allocation.2015-12-165.0CVE-2015-7218
CONFIRM
CONFIRM
mozilla -- firefoxThe HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation.2015-12-165.0CVE-2015-7219
CONFIRM
CONFIRM
mozilla -- firefoxInteger underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow.2015-12-166.8CVE-2015-7222
CONFIRM
CONFIRM
mozilla -- firefoxThe WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site.2015-12-164.0CVE-2015-7223
CONFIRM
CONFIRM
ntop -- ntopngntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.2015-12-176.0CVE-2015-8368
EXPLOIT-DB
FULLDISC
MISC
php -- phpThe phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist.2015-12-116.8CVE-2015-7803
CONFIRM
CONFIRM
CONFIRM
MLIST
APPLE
CONFIRM
php -- phpOff-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive.2015-12-116.8CVE-2015-7804
CONFIRM
CONFIRM
CONFIRM
MLIST
APPLE
CONFIRM
phpmailer_project -- phpmailerMultiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in class.smtp.php, a different vulnerability than CVE-2012-0796.2015-12-165.0CVE-2015-8476
CONFIRM
CONFIRM
BID
MLIST
MLIST
DEBIAN
schneider-electric -- proclimaMultiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx, or (7) SetValidationRule method, a different vulnerability than CVE-2015-8561.2015-12-156.8CVE-2015-7918
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
schneider-electric -- proclimaThe F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted integer value to the (1) AttachToSS, (2) CopyAll, (3) CopyRange, (4) CopyRangeEx, or (5) SwapTable method, a different vulnerability than CVE-2015-7918.2015-12-156.8CVE-2015-8561
MISC
MISC
MISC
MISC
MISC
CONFIRM
synnefoims -- internet_management_softwareCross-site scripting (XSS) vulnerability in synnefoclient in Synnefo Internet Management Software (IMS) 2015 allows remote attackers to inject arbitrary web script or HTML via the plan_name parameter to packagehistory/listusagesdata.2015-12-154.3CVE-2015-8247
BUGTRAQ
FULLDISC
theforeman -- foremanMultiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host or (b) hostgroup edit forms.2015-12-174.3CVE-2015-7518
MLIST
CONFIRM
CONFIRM
xen -- xenThe memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown.2015-12-174.7CVE-2015-8339
CONFIRM
CONFIRM
xen -- xenThe memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling.2015-12-174.7CVE-2015-8340
CONFIRM
CONFIRM
xmlsoft -- libxml2Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.2015-12-155.0CVE-2015-7497
CONFIRM
CONFIRM
CONFIRM
UBUNTU
REDHAT
REDHAT
xmlsoft -- libxml2Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.2015-12-155.0CVE-2015-7498
CONFIRM
CONFIRM
CONFIRM
UBUNTU
REDHAT
REDHAT
xmlsoft -- libxml2Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.2015-12-155.0CVE-2015-7499
CONFIRM
CONFIRM
CONFIRM
CONFIRM
UBUNTU
REDHAT
REDHAT
xmlsoft -- libxml2The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.2015-12-155.0CVE-2015-7500
CONFIRM
CONFIRM
CONFIRM
UBUNTU
REDHAT
REDHAT
xmlsoft -- libxml2The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.2015-12-156.4CVE-2015-8241
CONFIRM
CONFIRM
CONFIRM
UBUNTU
MLIST
MLIST
REDHAT
REDHAT
xmlsoft -- libxml2The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.2015-12-155.8CVE-2015-8242
CONFIRM
CONFIRM
CONFIRM
CONFIRM
UBUNTU
MLIST
MLIST
REDHAT
REDHAT
xmlsoft -- libxml2The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.2015-12-155.0CVE-2015-8317
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
UBUNTU
MLIST
MLIST
REDHAT
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apple -- iphone_osCFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL.2015-12-112.6CVE-2015-7094
CONFIRM
CONFIRM
APPLE
APPLE
cisco -- telepresence_video_communication_server_softwareCisco TelePresence Video Communication Server (VCS) X8.6 uses the same encryption key across different customers' installations, which makes it easier for local users to defeat cryptographic protection mechanisms by leveraging knowledge of a key from another installation, aka Bug ID CSCuw64516.2015-12-122.1CVE-2015-6414
CISCO
mcafee -- virusscan_enterpriseThe Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms when protecting another application, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors.2015-12-162.6CVE-2015-8577
CONFIRM
MISC
MISC
redhat -- jboss_enterprise_application_platformRed Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified vectors.2015-12-163.5CVE-2015-5304
CONFIRM
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
symantec -- endpoint_encryptionEACommunicatorSrv.exe in the Framework Service in the client in Symantec Endpoint Encryption (SEE) before 11.1.0 allows remote authenticated users to discover credentials by triggering a memory dump.2015-12-182.3CVE-2015-6556
CONFIRM
BID
token_insert_entity_project -- token_insert_entityThe Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restrictions and possibly obtain sensitive information by inserting a token, which embeds a rendered entity in the main node.2015-12-173.5CVE-2015-8602
MISC
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top