SB15-306: Vulnerability Summary for the Week of October 26, 2015

Title: SB15-306: Vulnerability Summary for the Week of October 26, 2015

NCCIC / US-CERT

National Cyber Awareness System:

11/02/2015 06:56 AM EST

Original release date: November 02, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
adobe -- shockwave_player	Adobe Shockwave Player before 12.2.1.171 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.	2015年10月28日	10.0	CVE-2015-7649 CONFIRM
apple -- mac_os_x	The kernel in Apple OS X before 10.11.1 allows local users to gain privileges by leveraging an unspecified "type confusion" during Mach task processing.	2015年10月23日	7.2	CVE-2015-5932 CONFIRM APPLE
apple -- mac_os_x	The Sandbox subsystem in Apple OS X before 10.11.1 allows local users to gain privileges via vectors involving NVRAM parameters.	2015年10月23日	7.2	CVE-2015-5945 CONFIRM APPLE
apple -- iphone_os	IOHIDFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.	2015年10月23日	9.3	CVE-2015-6974 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE
apple -- iphone_os	Double free vulnerability in Apple iOS before 9.1 and OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that accesses AtomicBufferedFile descriptors.	2015年10月23日	8.8	CVE-2015-6983 CONFIRM CONFIRM APPLE APPLE
apple -- mac_os_x	libarchive in Apple OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that conducts an unspecified symlink attack.	2015年10月23日	8.8	CVE-2015-6984 CONFIRM APPLE
apple -- iphone_os	The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers to execute arbitrary code via vectors involving an unknown network-connectivity requirement.	2015年10月23日	10.0	CVE-2015-6988 CONFIRM CONFIRM APPLE APPLE
apple -- iphone_os	The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles reuse of virtual memory, which allows attackers to cause a denial of service via a crafted app.	2015年10月23日	7.1	CVE-2015-6994 CONFIRM CONFIRM APPLE APPLE
apple -- mac_os_x	Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors.	2015年10月23日	7.5	CVE-2015-7007 CONFIRM APPLE
apple -- mac_os_x	The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration is enabled, mishandles provisioning profiles, which allows attackers to bypass intended entitlement restrictions and gain privileges via a crafted developer-signed app.	2015年10月23日	7.6	CVE-2015-7016 CONFIRM APPLE
apple -- mac_os_x	The Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to gain privileges or cause a denial of service (kernel memory corruption) via unspecified vectors.	2015年10月23日	7.2	CVE-2015-7021 CONFIRM APPLE
cisco -- adaptive_security_appliance_software	The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) software 9.0 before 9.0(4.37), 9.1 before 9.1(6.6), 9.2 before 9.2(4), 9.3 before 9.3(3.5), and 9.4 before 9.4(2) allows remote attackers to cause a denial of service (device reload) via crafted DHCPv6 packets, aka Bug IDs CSCus56252 and CSCus57142.	2015年10月24日	7.1	CVE-2015-6324 CISCO
cisco -- adaptive_security_appliance_software	Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 before 9.1(6.4), 9.2 before 9.2(4), 9.3 before 9.3(3.1), and 9.4 before 9.4(1.1) allows remote attackers to cause a denial of service (device reload) via a crafted DNS response, aka Bug ID CSCut03495.	2015年10月24日	7.1	CVE-2015-6325 CISCO
cisco -- adaptive_security_appliance_software	Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 before 9.1(6.6), 9.2 before 9.2(4), 9.3 before 9.3(3.5), and 9.4 before 9.4(1.5) allows remote attackers to cause a denial of service (device reload) via a crafted DNS response, aka Bug ID CSCuu07799.	2015年10月24日	7.8	CVE-2015-6326 CISCO
cisco -- adaptive_security_appliance_software	The IKEv1 implementation in Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 before 9.1(6.8), 9.2 before 9.2(4), and 9.3 before 9.3(3) allows remote attackers to cause a denial of service (device reload) via crafted ISAKMP UDP packets, aka Bug ID CSCus94026.	2015年10月24日	7.8	CVE-2015-6327 CISCO
cisco -- firesight_system_software	The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839.	2015年10月24日	9.0	CVE-2015-6335 CISCO
fedoraproject -- 389_directory_server	389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher.	2015年10月29日	7.5	CVE-2015-3230 CONFIRM CONFIRM CONFIRM FEDORA
ibm -- general_parallel_file_system	IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via unspecified vectors.	2015年10月25日	7.2	CVE-2015-4974 CONFIRM
ibm -- domino	Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-5040.	2015年10月29日	7.5	CVE-2015-4994 CONFIRM
ibm -- cognos_disclosure_management	IBM Cognos Disclosure Management (CDM) 10.1.x and 10.2.x before 10.2.4 IF10 allows man-in-the-middle attackers to obtain access by spoofing an executable file during a client upload operation.	2015年10月25日	9.3	CVE-2015-5014 CONFIRM
ibm -- domino	Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-4994.	2015年10月29日	7.5	CVE-2015-5040 CONFIRM
ininet_solutions -- scada_web_server	Multiple stack-based buffer overflows in IniNet embeddedWebServer (aka eWebServer) before 2.02 allow remote attackers to execute arbitrary code via a long field in an HTTP request.	2015年10月24日	10.0	CVE-2015-1001 MISC
janitza -- umg_508	The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has a default password, which makes it easier for remote attackers to read or write to files via a session on TCP port 21.	2015年10月28日	7.5	CVE-2015-3968 MISC
janitza -- umg_508	The debug interface on Janitza UMG 508, 509, 511, 604, and 605 devices does not require authentication, which allows remote attackers to read or write to files, or execute arbitrary JASIC code, via a session on TCP port 1239.	2015年10月28日	7.5	CVE-2015-3971 MISC
janitza -- umg_508	The web interface on Janitza UMG 508, 509, 511, 604, and 605 devices supports only short PIN values for authentication, which makes it easier for remote attackers to obtain access via a brute-force attack.	2015年10月28日	10.0	CVE-2015-3972 MISC
joomla -- joomla!	SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858.	2015年10月29日	7.5	CVE-2015-7297 MISC SECTRACK CONFIRM
joomla -- joomla!	SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php.	2015年10月29日	7.5	CVE-2015-7857 MISC SECTRACK CONFIRM
joomla -- joomla!	SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.	2015年10月29日	7.5	CVE-2015-7858 MISC SECTRACK CONFIRM
medicomp -- medcin_engine	The AddUserFinding implementation in Medicomp MEDCIN Engine 2.22.20153.x before 2.22.20153.226 might allow remote attackers to execute arbitrary code or cause a denial of service (integer truncation and heap-based buffer overflow) via a crafted packet on port 8190.	2015年10月29日	7.5	CVE-2015-6006 CERT-VN MISC
owncloud -- owncloud	Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php.	2015年10月26日	7.5	CVE-2015-6500 MISC CONFIRM
owncloud -- owncloud	The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to "objectstore."	2015年10月26日	9.0	CVE-2015-7699 CONFIRM CONFIRM DEBIAN
rockwellautomation -- micrologix_1100_firmware	Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices through B FRN 15.003 allows remote attackers to execute arbitrary code via unspecified vectors.	2015年10月28日	10.0	CVE-2015-6490 MISC
rockwellautomation -- micrologix_1100_firmware	Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request.	2015年10月28日	7.8	CVE-2015-6492 MISC
sap -- hana	The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428.	2015年10月27日	7.5	CVE-2015-7986 MISC MISC
techno_project_japan -- enisys_gw	SQL injection vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.	2015年10月29日	7.5	CVE-2015-5668 CONFIRM JVNDB JVN

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
3s-smart_software_solutions -- codesys_gateway_server	3S-Smart CODESYS Gateway Server before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted (1) GET or (2) POST request.	2015年10月24日	5.0	CVE-2015-6484 MISC
afnetworking_project -- afnetworking	The default AFSecurityPolicy.validatesDomainName configuration for AFSSLPinningModeNone in the AFNetworking framework before 2.5.3, as used in the ownCloud iOS Library, disables verification of a server hostname against the domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.	2015年10月27日	4.3	CVE-2015-3996 CONFIRM CONFIRM CONFIRM BID
apache -- httpclient	http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.	2015年10月27日	4.3	CVE-2015-5262 CONFIRM CONFIRM UBUNTU SECTRACK CONFIRM FEDORA FEDORA FEDORA
apple -- iphone_os	The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.	2015年10月23日	6.8	CVE-2015-5924 CONFIRM CONFIRM APPLE APPLE
apple -- iphone_os	The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5926.	2015年10月23日	6.8	CVE-2015-5925 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE
apple -- iphone_os	The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5925.	2015年10月23日	6.8	CVE-2015-5926 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE
apple -- iphone_os	FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5942.	2015年10月23日	6.8	CVE-2015-5927 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015年10月21日-1, APPLE-SA-2015年10月21日-3, and APPLE-SA-2015年10月21日-5.	2015年10月23日	6.8	CVE-2015-5928 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015年10月21日-1, APPLE-SA-2015年10月21日-3, and APPLE-SA-2015年10月21日-5.	2015年10月23日	6.8	CVE-2015-5929 APPLE CONFIRM CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015年10月21日-1, APPLE-SA-2015年10月21日-3, and APPLE-SA-2015年10月21日-5.	2015年10月23日	6.8	CVE-2015-5930 APPLE CONFIRM CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015年10月21日-3 and APPLE-SA-2015年10月21日-5.	2015年10月23日	6.8	CVE-2015-5931 CONFIRM CONFIRM APPLE APPLE
apple -- mac_os_x	Audio in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, a different vulnerability than CVE-2015-5934.	2015年10月23日	6.8	CVE-2015-5933 CONFIRM APPLE
apple -- mac_os_x	Audio in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, a different vulnerability than CVE-2015-5933.	2015年10月23日	6.8	CVE-2015-5934 CONFIRM APPLE
apple -- iphone_os	ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5936, CVE-2015-5937, and CVE-2015-5939.	2015年10月23日	6.8	CVE-2015-5935 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE
apple -- iphone_os	ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5937, and CVE-2015-5939.	2015年10月23日	6.8	CVE-2015-5936 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE
apple -- iphone_os	ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5936, and CVE-2015-5939.	2015年10月23日	6.8	CVE-2015-5937 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE
apple -- mac_os_x	ImageIO in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image.	2015年10月23日	6.8	CVE-2015-5938 CONFIRM APPLE
apple -- iphone_os	ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5936, and CVE-2015-5937.	2015年10月23日	6.8	CVE-2015-5939 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE
apple -- iphone_os	The Accelerate Framework component in Apple iOS before 9.1 and OS X before 10.11.1, when multi-threading is enabled, omits certain validation and locking steps, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.	2015年10月23日	6.8	CVE-2015-5940 CONFIRM CONFIRM APPLE APPLE
apple -- iphone_os	FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5927.	2015年10月23日	6.8	CVE-2015-5942 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE
apple -- mac_os_x	SecurityAgent in Apple OS X before 10.11.1 does not prevent synthetic clicks from reaching keychain windows, which allows attackers to bypass intended access restrictions via a crafted app.	2015年10月23日	4.3	CVE-2015-5943 CONFIRM APPLE
apple -- mac_os_x	CoreText in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.	2015年10月23日	6.8	CVE-2015-5944 CONFIRM APPLE
apple -- iphone_os	FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.	2015年10月23日	6.8	CVE-2015-6976 CONFIRM CONFIRM APPLE APPLE
apple -- iphone_os	FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.	2015年10月23日	6.8	CVE-2015-6977 CONFIRM CONFIRM APPLE APPLE
apple -- iphone_os	FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.	2015年10月23日	6.8	CVE-2015-6978 CONFIRM CONFIRM APPLE APPLE
apple -- mac_os_x	Apple Type Services (ATS) in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web page.	2015年10月23日	6.8	CVE-2015-6985 CONFIRM APPLE
apple -- iphone_os	Grand Central Dispatch in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted package that is mishandled during dispatch calls.	2015年10月23日	6.8	CVE-2015-6989 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE
apple -- iphone_os	FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.	2015年10月23日	6.8	CVE-2015-6990 CONFIRM CONFIRM APPLE APPLE
apple -- iphone_os	FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.	2015年10月23日	6.8	CVE-2015-6991 CONFIRM CONFIRM APPLE APPLE
apple -- iphone_os	FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.	2015年10月23日	6.8	CVE-2015-6993 CONFIRM CONFIRM APPLE APPLE
apple -- iphone_os	The Disk Images component in Apple iOS before 9.1 and OS X before 10.11.1 misparses images, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.	2015年10月23日	6.8	CVE-2015-6995 CONFIRM CONFIRM APPLE APPLE
apple -- iphone_os	IOAcceleratorFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.	2015年10月23日	6.8	CVE-2015-6996 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015年10月21日-1, APPLE-SA-2015年10月21日-3, and APPLE-SA-2015年10月21日-5.	2015年10月23日	6.8	CVE-2015-7002 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE
apple -- mac_os_x	coreaudiod in Audio in Apple OS X before 10.11.1 does not initialize an unspecified data structure, which allows attackers to execute arbitrary code via a crafted app.	2015年10月23日	6.8	CVE-2015-7003 CONFIRM APPLE
apple -- iphone_os	Directory traversal vulnerability in the BOM (aka Bill of Materials) component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code via a crafted CPIO archive.	2015年10月23日	6.8	CVE-2015-7006 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE
apple -- iphone_os	FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.	2015年10月23日	6.8	CVE-2015-7008 CONFIRM CONFIRM APPLE APPLE
apple -- iphone_os	FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7010, and CVE-2015-7018.	2015年10月23日	6.8	CVE-2015-7009 CONFIRM CONFIRM APPLE APPLE
apple -- iphone_os	FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, and CVE-2015-7018.	2015年10月23日	6.8	CVE-2015-7010 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015年10月21日-3 and APPLE-SA-2015年10月21日-5.	2015年10月23日	6.8	CVE-2015-7011 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015年10月21日-1, APPLE-SA-2015年10月21日-3, and APPLE-SA-2015年10月21日-5.	2015年10月23日	6.8	CVE-2015-7012 APPLE CONFIRM CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015年10月21日-3 and APPLE-SA-2015年10月21日-5.	2015年10月23日	6.8	CVE-2015-7013 CONFIRM CONFIRM APPLE APPLE
apple -- itunes	WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015年10月21日-1, APPLE-SA-2015年10月21日-3, and APPLE-SA-2015年10月21日-5.	2015年10月23日	6.8	CVE-2015-7014 APPLE CONFIRM CONFIRM CONFIRM APPLE APPLE
apple -- iphone_os	Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code via a crafted app that sends a spoofed configd response to a client.	2015年10月23日	6.8	CVE-2015-7015 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE
apple -- iphone_os	FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, and CVE-2015-7010.	2015年10月23日	6.8	CVE-2015-7018 CONFIRM CONFIRM APPLE APPLE
apple -- mac_os_x	The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via unspecified vectors, a different vulnerability than CVE-2015-7020.	2015年10月23日	5.6	CVE-2015-7019 CONFIRM APPLE
apple -- mac_os_x	The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via unspecified vectors, a different vulnerability than CVE-2015-7019.	2015年10月23日	5.6	CVE-2015-7020 CONFIRM APPLE
apple -- iphone_os	CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors.	2015年10月23日	5.8	CVE-2015-7023 CONFIRM CONFIRM APPLE APPLE
cisco -- asr_5000_software	The Proxy Mobile IPv6 (PMIPv6) component in the CDMA implementation on Cisco ASR 5000 devices with software 19.0.M0.60737 allows remote attackers to cause a denial of service (hamgr process restart) via a crafted header in a PMIPv6 packet, aka Bug ID CSCuv63280.	2015年10月26日	5.0	CVE-2015-6340 CISCO
cisco -- wireless_lan_controller_software	The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices with software 7.4(140.0) and 8.0(120.0) allows remote attackers to cause a denial of service (client disconnection) via unspecified vectors, aka Bug ID CSCuw10610.	2015年10月24日	5.0	CVE-2015-6341 CISCO
cisco -- asa_cx_context-aware_security_software	The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security 9.3(4.1.11) allows remote authenticated users to bypass intended access restrictions and obtain sensitive user information via an unspecified HTTP request, aka Bug ID CSCuv74105.	2015年10月30日	4.0	CVE-2015-6344 CISCO
cisco -- secure_access_control_server	SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700.	2015年10月30日	6.5	CVE-2015-6345 CISCO
cisco -- secure_access_control_server	Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL.	2015年10月30日	4.3	CVE-2015-6346 CISCO
cisco -- secure_access_control_server	The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page.	2015年10月30日	4.0	CVE-2015-6347 CISCO
cisco -- secure_access_control_server	The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page.	2015年10月30日	4.0	CVE-2015-6348 CISCO
cisco -- secure_access_control_server	Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL.	2015年10月30日	4.3	CVE-2015-6349 CISCO
cisco -- prime_service_catalog	SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843.	2015年10月30日	6.5	CVE-2015-6350 CISCO
cisco -- asr_5000_software	Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices with software 19.1.0.61559 and 19.2.0 allow remote attackers to cause a denial of service (BGP process restart) via a crafted header in a BGP packet, aka Bug ID CSCuw65781.	2015年10月30日	5.0	CVE-2015-6351 CISCO
cisco -- hosted_collaboration_solution	Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to map a filesystem via a series of requests, aka Bug ID CSCut67891.	2015年10月30日	4.3	CVE-2015-6352 CISCO
digia -- qt	ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression.	2015年10月26日	5.1	CVE-2015-7298 CONFIRM
epson -- network_utility	EPSON Network Utility 4.10 uses weak permissions (Everyone: Full Control) for eEBSVC.exe, which allows local users to gain privileges via a Trojan horse file.	2015年10月28日	6.9	CVE-2015-6034 CERT-VN CONFIRM
fedoraproject -- sssd	Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.	2015年10月29日	6.8	CVE-2015-5292 CONFIRM CONFIRM CONFIRM MLIST FEDORA
gnome -- gdk-pixbuf	io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.	2015年10月26日	6.8	CVE-2015-7673 UBUNTU CONFIRM CONFIRM CONFIRM MLIST MLIST CONFIRM
gnome -- gdk-pixbuf	Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.	2015年10月26日	6.8	CVE-2015-7674 UBUNTU CONFIRM MLIST MLIST MLIST MLIST CONFIRM
ibm -- websphere_portal	IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by configuration information.	2015年10月28日	5.0	CVE-2014-8912 CONFIRM AIXAPAR
ibm -- websphere_portal	IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request.	2015年10月29日	6.8	CVE-2015-4997 CONFIRM AIXAPAR
infinite_automation_systems -- mango_automation	Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.	2015年10月28日	6.8	CVE-2015-6493 MISC
infinite_automation_systems -- mango_automation	Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and then visiting a certain status page.	2015年10月28日	4.3	CVE-2015-7900 MISC
infinite_automation_systems -- mango_automation	Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.	2015年10月28日	6.5	CVE-2015-7901 MISC
infinite_automation_systems -- mango_automation	Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of requests.	2015年10月28日	5.0	CVE-2015-7902 MISC
infinite_automation_systems -- mango_automation	SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.	2015年10月28日	6.5	CVE-2015-7903 MISC
infinite_automation_systems -- mango_automation	Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file.	2015年10月28日	6.5	CVE-2015-7904 MISC
ininet_solutions -- scada_web_server	IniNet embeddedWebServer (aka eWebServer) before 2.02 mishandles URL encoding, which allows remote attackers to write to or delete files via a crafted string.	2015年10月24日	6.4	CVE-2015-1002 MISC
ininet_solutions -- scada_web_server	Directory traversal vulnerability in IniNet embeddedWebServer (aka eWebServer) before 2.02 allows remote attackers to read arbitrary files via a crafted pathname.	2015年10月24日	5.0	CVE-2015-1003 MISC
janitza -- umg_508	Cross-site request forgery (CSRF) vulnerability on Janitza UMG 508, 509, 511, 604, and 605 devices allows remote attackers to hijack the authentication of arbitrary users.	2015年10月28日	6.8	CVE-2015-3967 MISC
janitza -- umg_508	Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to obtain sensitive network-connection information via a request to UDP port (1) 1234 or (2) 1235.	2015年10月28日	5.0	CVE-2015-3969 MISC
janitza -- umg_508	Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2015年10月28日	4.3	CVE-2015-3970 MISC
janitza -- umg_508	Janitza UMG 508, 509, 511, 604, and 605 devices improperly generate session tokens, which makes it easier for remote attackers to determine a PIN value via unspecified computations on session-token values.	2015年10月28日	5.0	CVE-2015-3973 MISC
joomla -- joomla!	The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.	2015年10月29日	5.0	CVE-2015-7859 SECTRACK CONFIRM
joomla -- joomla!	The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.	2015年10月29日	5.0	CVE-2015-7899 SECTRACK CONFIRM
kallithea -- kallithea	CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.	2015年10月29日	5.0	CVE-2015-5285 CONFIRM EXPLOIT-DB MISC MISC
librsync_project -- librsync	librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack.	2015年10月26日	5.8	CVE-2014-8242 CONFIRM CONFIRM MISC CONFIRM MLIST MLIST MLIST SUSE FEDORA FEDORA FEDORA
lockon -- ec-cube	Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function.	2015年10月26日	5.1	CVE-2015-5665 CONFIRM CONFIRM JVNDB JVN
medicomp -- medcin_engine	Multiple stack-based buffer overflows in Medicomp MEDCIN Engine before 2.22.20153.226 might allow remote attackers to execute arbitrary code via a crafted packet on port 8190, related to (1) the SetGroupSequenceEx na_setgroupsequenceex function, (2) the FormatDate julptostr function, and (3) the UserFindingCodes addtocl function.	2015年10月29日	6.8	CVE-2015-2898 CERT-VN MISC
medicomp -- medcin_engine	Heap-based buffer overflow in the QualifierList retrieve_qualifier_list function in Medicomp MEDCIN Engine before 2.22.20153.226 might allow remote attackers to execute arbitrary code via a long list name in a packet on port 8190.	2015年10月29日	6.8	CVE-2015-2899 CERT-VN MISC
medicomp -- medcin_engine	The AddUserFinding add_userfinding2 function in Medicomp MEDCIN Engine before 2.22.20153.226 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted packet on port 8190.	2015年10月29日	6.8	CVE-2015-2900 CERT-VN MISC
medicomp -- medcin_engine	Multiple stack-based buffer overflows in Medicomp MEDCIN Engine 2.22.20142.166 might allow remote attackers to execute arbitrary code via a crafted packet on port 8190, related to (1) the GetProperty info_getproperty function and (2) the GetProperty UdfCodeList function.	2015年10月29日	6.8	CVE-2015-2901 CERT-VN MISC
openstack -- compute	OpenStack Compute (nova) before 2014年2月4日 (juno) and 2015.1.x before 2015年1月2日 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.	2015年10月26日	6.8	CVE-2015-3280 CONFIRM CONFIRM REDHAT
openstack -- swift	OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.	2015年10月26日	5.0	CVE-2015-5223 CONFIRM CONFIRM CONFIRM MLIST REDHAT
openstack -- image_registry_and_delivery_service_(glance)	OpenStack Image Service (Glance) before 2014年2月4日 (juno) and 2015.1.x before 2015年1月2日 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.	2015年10月26日	5.5	CVE-2015-5251 CONFIRM CONFIRM REDHAT
openstack -- image_registry_and_delivery_service_(glance)	OpenStack Image Service (Glance) before 2014年2月4日 (juno) and 2015.1.x before 2015年1月2日 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623.	2015年10月26日	6.8	CVE-2015-5286 CONFIRM CONFIRM REDHAT
openstack -- compute	OpenStack Compute (Nova) before 2014年2月4日 (juno) and 2015.1.x before 2015年1月2日 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.	2015年10月29日	5.0	CVE-2015-7713 CONFIRM CONFIRM CONFIRM
owncloud -- owncloud	ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers.	2015年10月29日	5.0	CVE-2015-5955 CONFIRM
owncloud -- owncloud	ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php.	2015年10月26日	4.0	CVE-2015-6670 CONFIRM
phpmyadmin -- phpmyadmin	The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter.	2015年10月28日	5.0	CVE-2015-7873 CONFIRM CONFIRM
polkit_project -- polkit	The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.	2015年10月26日	4.6	CVE-2015-3255 CONFIRM CONFIRM SUSE MLIST
polkit_project -- polkit	PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "_javascript_ rule evaluation."	2015年10月26日	4.6	CVE-2015-3256 CONFIRM SUSE MLIST
polkit_project -- polkit	Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.	2015年10月26日	4.6	CVE-2015-4625 BID MLIST MLIST MLIST SUSE MLIST MLIST MLIST FEDORA FEDORA
postgresql -- postgresql	The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.	2015年10月26日	6.4	CVE-2015-5288 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM FEDORA
postgresql -- postgresql	Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.	2015年10月26日	6.4	CVE-2015-5289 SECTRACK CONFIRM CONFIRM CONFIRM FEDORA CONFIRM
redhat -- jboss_enterprise_application_platform	The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.	2015年10月27日	4.3	CVE-2015-5178 CONFIRM SECTRACK REDHAT REDHAT REDHAT REDHAT REDHAT
redhat -- jboss_enterprise_application_platform	Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.CR9 allows remote attackers to hijack the authentication of administrators for requests that make arbitrary changes to an instance via vectors involving a file upload using a multipart/form-data submission.	2015年10月27日	6.8	CVE-2015-5188 CONFIRM CONFIRM SECTRACK REDHAT REDHAT REDHAT REDHAT REDHAT
redhat -- jboss_enterprise_application_platform	The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption) via a large request header.	2015年10月27日	5.0	CVE-2015-5220 CONFIRM SECTRACK REDHAT REDHAT REDHAT REDHAT REDHAT
rockwellautomation -- micrologix_1100_firmware	SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.	2015年10月28日	6.5	CVE-2015-6486 MISC
rockwellautomation -- micrologix_1100_firmware	Cross-site scripting (XSS) vulnerability in the web server on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2015年10月28日	4.3	CVE-2015-6488 MISC
rockwellautomation -- micrologix_1100_firmware	Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via unspecified vectors.	2015年10月28日	4.0	CVE-2015-6491 MISC
techno_project_japan -- enisys_gw	Techno Project Japan Enisys Gw before 1.4.1 allows remote authenticated users to write to arbitrary files and consequently execute arbitrary code via unspecified vectors.	2015年10月29日	6.5	CVE-2015-5669 CONFIRM JVNDB JVN
techno_project_japan -- enisys_gw	Cross-site scripting (XSS) vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2015年10月29日	4.3	CVE-2015-5670 CONFIRM JVNDB JVN
techno_project_japan -- enisys_gw	Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to bypass intended access restrictions and read arbitrary uploaded files via unspecified vectors.	2015年10月29日	5.0	CVE-2015-5671 CONFIRM JVNDB JVN
tibco -- spotfire_analytics_platform_for_aws	Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote authenticated users to obtain sensitive system information by visiting an unspecified URL.	2015年10月28日	4.0	CVE-2015-5712 CONFIRM CONFIRM
tibco -- spotfire_analytics_platform_for_aws	Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote attackers to obtain sensitive log information by visiting an unspecified URL.	2015年10月28日	5.0	CVE-2015-5713 CONFIRM CONFIRM

Low Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
apple -- mac_os_x	The File Bookmark component in Apple OS X before 10.11.1 allows local users to cause a denial of service (application crash) via crafted bookmark metadata in a folder.	2015年10月23日	2.1	CVE-2015-6987 CONFIRM APPLE
colorbox_project -- colorbox	The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and "add unexpected content to a Colorbox" via unspecified vectors, possibly related to a link in a comment.	2015年10月26日	3.5	CVE-2015-7881 MISC CONFIRM
ibm -- general_parallel_file_system	IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain sensitive information from system memory via unspecified vectors.	2015年10月25日	2.1	CVE-2015-4981 CONFIRM
ibm -- integration_bus	IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass intended access restrictions, and start or stop a service, by issuing a command.	2015年10月25日	3.2	CVE-2015-5011 AIXAPAR CONFIRM
infinite_automation_systems -- mango_automation	Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.	2015年10月28日	3.5	CVE-2015-6494 MISC
ininet_solutions -- scada_web_server	IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.	2015年10月24日	2.1	CVE-2015-1005 MISC
numara -- asset_manager	HP Asset Manager 9.40 and 9.41 before 9.41.11103 P4-rev1 and 9.50 before 9.50.11925 P3 allows local users to obtain sensitive information via unspecified vectors.	2015年10月25日	2.1	CVE-2015-5448 HP
openstack -- neutron	Race condition in OpenStack Neutron before 2014年2月4日 and 2015.1 before 2015年1月2日, when using the ML2 plugin or the security groups AMQP API, allows authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group rules are applied.	2015年10月27日	3.5	CVE-2015-5240 CONFIRM CONFIRM CONFIRM MLIST REDHAT
owncloud -- owncloud_desktop_client	ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a connection to a server using its own self-signed certificate.	2015年10月26日	2.6	CVE-2015-4456 CONFIRM CONFIRM
polkit_project -- polkit	The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.	2015年10月26日	2.1	CVE-2015-3218 BID SUSE MLIST MLIST MLIST FEDORA FEDORA
siemens -- ruggedcom_rugged_operating_system	Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of an Ethernet frame.	2015年10月28日	3.3	CVE-2015-7836 MISC CONFIRM

This product is provided subject to this Notification and this Privacy & Use policy.

A copy of this publication is available at www.us-cert.gov. If you need help or have questions, please send an email to info@xxxxxxxxxxx. Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT@xxxxxxxxxxxxxxxx to your address book.

OTHER RESOURCES:

STAY CONNECTED:

SUBSCRIBER SERVICES:
Manage Preferences | Unsubscribe | Help

This email was sent to linux-security@xxxxxxxxxxx using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (888) 282-0870 Powered by GovDelivery