Vulnerability Summary for the Week of December 14, 2015Please Note:

• The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low.

• The CVE indentity number is the publicly known ID given to that particular vulnerability. Therefore you can

search the status of that particular vulnerability using that ID.

• The CVSS (Common Vulnerability Scoring System) score is a standard scoring system used to determine the

severity of the vulnerability.

High Severity Vulnerabilities

The Primary Vendor --- Product

Description Date Published

CVSS Score

The CVE Identity

accunetix --

web_vulnerability_scanne

r

The AcuWVSSchedulerv10 service in Acunetix

Web Vulnerability Scanner (WVS) before 10 build

20151125 allows local users to gain privileges via

a command parameter in the reporttemplate

property in a params JSON object to

api/addScan.

2015-12-17 7.2 CVE-2015-4027EXPLOIT-DB (link is external)CONFIRM (linkis external)MISC (link is external)

apache --

commons_collections

Serialized-object interfaces in certain Cisco

Collaboration and Social Media; Endpoint Clients

and Client Software; Network Application,

Service, and Acceleration; Network and Content

Security Devices; Network Management and

Provisioning; Routing and Switching - Enterprise

and Service Provider; Unified Computing; Voice

and Unified Communications Devices; Video,

Streaming, TelePresence, and Transcoding

Devices; Wireless; and Cisco Hosted Services

products allow remote attackers to execute

arbitrary commands via a crafted serialized Java

object, related to the Apache Commons

Collections (ACC) library.

2015-12-15 7.5 CVE-2015-6420CISCO (link is external)

apache -- tomee The EjbObjectInputStream class in Apache

TomEE allows remote attackers to execute

arbitrary commands via a serialized Java stream.

2015-12-16 7.5 CVE-2015-8581MISC (link is external)BID (link is external)

bitrix -- mpbuilder Directory traversal vulnerability in the

bitrix.mpbuilder module before 1.0.12 for Bitrix

allows remote administrators to include and

execute arbitrary local files via a .. (dot dot) in

the element name of the "work" array parameter

to admin/bitrix.mpbuilder_step2.php.

2015-12-16 9.0 CVE-2015-8358MISC (link is external)CONFIRM (linkis external)BUGTRAQ (link is external)MISC (link is external)

cacti -- cacti SQL injection vulnerability in

include/top_graph_header.php in Cacti 0.8.8f

and earlier allows remote attackers to execute

arbitrary SQL commands via the rra_id

parameter in a properties action to graph.php.

2015-12-17 7.5 CVE-2015-8369FULLDISCMISC (link is external)

cisco --

prime_collaboration_assu

rance

Cisco Prime Collaboration Assurance before 11.0

has a hardcoded cmuser account, which allows

remote attackers to obtain access by

establishing an SSH session and leveraging

knowledge of this account's password, aka Bug

ID CSCus62707.

2015-12-12 9.0 CVE-2015-6389CISCO (link is external)

cisco --

epc3928_docsis_3.0_8x4_

wireless_residential_

gateway_with_embedded

_digital_voice_adapter

Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11,

and 5.7.1 allow remote attackers to bypass an

intended authentication requirement and

execute unspecified administrative functions via

a crafted HTTP request, aka Bug ID CSCux24941.

2015-12-13 7.5 CVE-2015-6401CISCO (link is external)

cisco -- spa300_firmware The TFTP implementation on Cisco Small

Business SPA30x, SPA50x, SPA51x phones 7.5.7

improperly validates firmware-image file

integrity, which allows local users to load a

Trojan horse image by leveraging shell access,

aka Bug ID CSCut67400.

2015-12-15 7.2 CVE-2015-6403CISCO (link is external)

cisco --

unified_computing_syste

m

Cisco Unified Computing System (UCS) 2.2(3f)A

on Fabric Interconnect 6200 devices allows

remote attackers to cause a denial of service

(CPU consumption or device outage) via a SYN

flood on the SSH port during the booting

2015-12-12 7.1 CVE-2015-6415CISCO (link is external)

process, aka Bug ID CSCuu81757.

cisco --

application_policy_infrast

ructure_controller

The boot manager in Cisco Application Policy

Infrastructure Controller (APIC) 1.1(0.920a)

allows local users to bypass intended access

restrictions and obtain single-user-mode root

access via unspecified vectors, aka Bug ID

CSCuu83985.

2015-12-18 7.2 CVE-2015-6424CISCO (link is external)

cisco --

prime_network_services_

controller

Cisco Prime Network Services Controller 3.0

allows local users to bypass intended access

restrictions and execute arbitrary commands via

additional parameters to an unspecified

command, aka Bug ID CSCus99427.

2015-12-18 7.2 CVE-2015-6426CISCO (link is external)

cool_video_gallery_proje

ct -- cool_video_gallery

lib/core.php in the Cool Video Gallery plugin 1.9

for WordPress allows remote attackers to

execute arbitrary code via shell metacharacters

in the "Width of preview image" and possibly

other input fields in the "Video Gallery Settings"

page.

2015-12-17 7.5 CVE-2015-7527MISC (link is external)MISCMISC (link is external)BUGTRAQ (link is external)MLIST (link is external)MISC (link is external)

gnu -- glibc The get_contents function in nss_files/files-

XXX.c in the Name Service Switch (NSS) in GNU C

Library (aka glibc or libc6) before 2.20 might

allow local users to cause a denial of service

(heap corruption) or gain privileges via a long

line in the NSS files database.

2015-12-17 7.2 CVE-2015-5277MLISTCONFIRMCONFIRM (linkis external)SECTRACK (link is external)REDHAT (link is external)

google -- chrome The ObjectBackedNativeHandler class in

extensions/renderer/object_backed_native_han

dler.cc in the extensions subsystem in Google

Chrome before 47.0.2526.80 improperly

implements handler functions, which allows

remote attackers to cause a denial of service or

possibly have unspecified other impact via

vectors that leverage "type confusion."

2015-12-14 10.0 CVE-2015-6788CONFIRMCONFIRM (linkis external)CONFIRM (linkis external)

google -- chrome Race condition in the MutationObserver

implementation in Blink, as used in Google

2015-12-14 9.3 CVE-2015-6789CONFIRMCONFIRM (link

Chrome before 47.0.2526.80, allows remote

attackers to cause a denial of service (use-after-

free) or possibly have unspecified other impact

by leveraging unanticipated object deletion.

is external)CONFIRM (linkis external)

google -- chrome Multiple unspecified vulnerabilities in Google

Chrome before 47.0.2526.80 allow attackers to

cause a denial of service or possibly have other

impact via unknown vectors.

2015-12-14 10.0 CVE-2015-6791CONFIRM (linkis external)CONFIRM (linkis external)CONFIRM (linkis external)CONFIRM (linkis external)CONFIRM (linkis external)CONFIRM (linkis external)

google -- chrome Multiple unspecified vulnerabilities in Google V8

before 4.7.80.23, as used in Google Chrome

before 47.0.2526.80, allow attackers to cause a

denial of service or possibly have other impact

via unknown vectors, a different issue than CVE-

2015-8478.

2015-12-14 10.0 CVE-2015-8548CONFIRM (linkis external)

isc -- bind Race condition in resolver.c in named in ISC BIND

9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2

allows remote attackers to cause a denial of

service (INSIST assertion failure and daemon

exit) via unspecified vectors.

2015-12-16 7.1 CVE-2015-8461CONFIRM

joomla -- joomla! Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow

remote attackers to conduct PHP object injection

attacks and execute arbitrary PHP code via the

HTTP User-Agent header, as exploited in the wild

in December 2015.

2015-12-16 7.5 CVE-2015-8562CONFIRMMISC (link is external)BID (link is external)

joomla -- joomla! Directory traversal vulnerability in Joomla! 3.4.x

before 3.4.6 allows remote attackers to have

unspecified impact via directory traversal

sequences in the XML install file in an extension

package archive.

2015-12-16 7.5 CVE-2015-8564CONFIRM

joomla -- joomla! Directory traversal vulnerability in Joomla! 3.2.0

through 3.3.x and 3.4.x before 3.4.6 allows

remote attackers to have unspecified impact via

2015-12-16 7.5 CVE-2015-8565CONFIRM

unknown vectors.

joomla -- session The Session package 1.x before 1.3.1 for Joomla!

Framework allows remote attackers to execute

arbitrary code via unspecified session values.

2015-12-16 7.5 CVE-2015-8566CONFIRMBID (link is external)

lepide --

active_directory_self_serv

ice

The password reset functionality in Lepide

Active Directory Self Service allows remote

authenticated users to change arbitrary domain

user passwords via a crafted request.

2015-12-15 7.4 CVE-2015-8570MISC (link is external)

linuxfoundation -- cups-

filters

Incomplete blacklist vulnerability in util.c in

foomatic-rip in cups-filters 1.0.42 before 1.2.0

and in foomatic-filters in Foomatic 4.0.x allows

remote attackers to execute arbitrary commands

via ` (backtick) characters in a print job.

2015-12-17 7.5 CVE-2015-8327MLISTMLISTCONFIRMUBUNTU (link is external)UBUNTU (link is external)DEBIANCONFIRMCONFIRM

mozilla -- firefox Multiple unspecified vulnerabilities in the

browser engine in Mozilla Firefox before 43.0

and Firefox ESR 38.x before 38.5 allow remote

attackers to cause a denial of service (memory

corruption and application crash) or possibly

execute arbitrary code via unknown vectors.

2015-12-16 10.0 CVE-2015-7201CONFIRMCONFIRMCONFIRMCONFIRM

mozilla -- firefox Multiple unspecified vulnerabilities in the

browser engine in Mozilla Firefox before 43.0

allow remote attackers to cause a denial of

service (memory corruption and application

crash) or possibly execute arbitrary code via

unknown vectors.

2015-12-16 10.0 CVE-2015-7202CONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRM

mozilla -- firefox Buffer overflow in the

DirectWriteFontInfo::LoadFontFamilyData

function in gfx/thebes/gfxDWriteFontList.cpp in

Mozilla Firefox before 43.0 might allow remote

2015-12-16 10.0 CVE-2015-7203CONFIRMCONFIRMCONFIRM

attackers to cause a denial of service or possibly

have unspecified other impact via a crafted font-

family name.

mozilla -- firefox Integer underflow in the

RTPReceiverVideo::ParseRtpPacket function in

Mozilla Firefox before 43.0 and Firefox ESR 38.x

before 38.5 might allow remote attackers to

obtain sensitive information, cause a denial of

service, or possibly have unspecified other

impact by triggering a crafted WebRTC RTP

packet.

2015-12-16 10.0 CVE-2015-7205CONFIRMCONFIRM

mozilla -- firefox Use-after-free vulnerability in Mozilla Firefox

before 43.0 and Firefox ESR 38.x before 38.5

allows remote attackers to execute arbitrary

code by triggering attempted use of a data

channel that has been closed by a WebRTC

function.

2015-12-16 7.5 CVE-2015-7210CONFIRMCONFIRM

mozilla -- firefox Integer overflow in the

mozilla::layers::BufferTextureClient::AllocateForS

urface function in Mozilla Firefox before 43.0 and

Firefox ESR 38.x before 38.5 allows remote

attackers to execute arbitrary code by triggering

a graphics operation that requires a large texture

allocation.

2015-12-16 7.5 CVE-2015-7212CONFIRMCONFIRM

mozilla -- firefox Buffer overflow in the XDRBuffer::grow function

in js/src/vm/Xdr.cpp in Mozilla Firefox before

43.0 might allow remote attackers to cause a

denial of service or possibly have unspecified

other impact via crafted JavaScript code.

2015-12-16 10.0 CVE-2015-7220CONFIRMCONFIRMCONFIRM

mozilla -- firefox Buffer overflow in the nsDeque::GrowCapacity

function in xpcom/glue/nsDeque.cpp in Mozilla

Firefox before 43.0 might allow remote attackers

to cause a denial of service or possibly have

unspecified other impact by triggering a deque

size change.

2015-12-16 10.0 CVE-2015-7221CONFIRMCONFIRMCONFIRM

sap -- mobile_platform The SysAdminWebTool servlets in SAP Mobile

Platform allow remote attackers to bypass

authentication and obtain sensitive information,

2015-12-17 7.5 CVE-2015-8600MISC (link is external)MISC (link is

gain privileges, or have unspecified other impact

via unknown vectors, aka SAP Security Note

2227855.

external)

xen -- xen Xen 4.6.x and earlier does not properly enforce

limits on page order inputs for the (1)

XENMEM_increase_reservation, (2)

XENMEM_populate_physmap, (3)

XENMEM_exchange, and possibly other

HYPERVISOR_memory_op suboperations, which

allows ARM guest OS administrators to cause a

denial of service (CPU consumption, guest

reboot, or watchdog timeout and host reboot)

and possibly have unspecified other impact via

unknown vectors.

2015-12-17 7.2 CVE-2015-8338CONFIRM

xen -- xen The libxl toolstack library in Xen 4.1.x through

4.6.x does not properly release mappings of files

used as kernels and initial ramdisks when

managing multiple domains in the same

process, which allows attackers to cause a denial

of service (memory and disk consumption) by

starting domains.

2015-12-17 7.8 CVE-2015-8341CONFIRM

xmlsoft -- libxml2 The xmlStringLenDecodeEntities function in

parser.c in libxml2 before 2.9.3 does not properly

prevent entity expansion, which allows context-

dependent attackers to cause a denial of service

(CPU consumption) via crafted XML data, a

different vulnerability than CVE-2014-3660.

2015-12-15 7.1 CVE-2015-5312CONFIRMCONFIRM (linkis external)CONFIRMUBUNTU (link is external)REDHAT (link is external)REDHAT (link is external)

Medium Severity Vulnerabilities

The Primary Vendor --- Product

Description Date Published CVSSScore

The CVE Identity

apache --

cordova_file_transf

er

CRLF injection vulnerability in the Apache Cordova

File Transfer Plugin (cordova-plugin-file-transfer)

for Android before 1.3.0 allows remote attackers to

inject arbitrary headers via CRLF sequences in the

filename of an uploaded file.

2015-12-17 4.3 CVE-2015-5204CONFIRMBID (link is external)

autodesk --

design_review

Integer overflow in Autodesk Design Review (ADR)

before 2013 Hotfix 2 allows remote attackers to

execute arbitrary code via a crafted biClrUsed value

in a BMP file, which triggers a buffer overflow.

2015-12-15 6.8 CVE-2015-8571CONFIRM (linkis external)MISC (link is external)

autodesk --

design_review

Multiple buffer overflows in Autodesk Design

Review (ADR) before 2013 Hotfix 2 allow remote

attackers to execute arbitrary code via crafted RLE

data in a (1) BMP or (2) FLI file, (3) encoded scan

lines in a PCX file, or (4) DataSubBlock or (5)

GlobalColorTable in a GIF file.

2015-12-15 6.8 CVE-2015-8572CONFIRM (linkis external)MISC (link is external)MISC (link is external)MISC (link is external)MISC (link is external)MISC (link is external)

avg --

internet_security

AVG Internet Security 2015 allocates memory with

Read, Write, Execute (RWX) permissions at

predictable addresses when protecting user-mode

processes, which allows attackers to bypass the DEP

and ASLR protection mechanisms via unspecified

vectors.

2015-12-16 6.4 CVE-2015-8578MISC (link is external)MISC (link is external)MISC (link is external)

bitrix -- xscan Directory traversal vulnerability in the bitrix.xscan

module before 1.0.4 for Bitrix allows remote

authenticated users to rename arbitrary files, and

consequently obtain sensitive information or cause

a denial of service, via a .. (dot dot) in the file

parameter to admin/bitrix.xscan_worker.php.

2015-12-16 6.5 CVE-2015-8357MISC (link is external)CONFIRM (linkis external)BUGTRAQ (link is external)MISC (link is external)

cacti -- cacti SQL injection vulnerability in the

host_new_graphs_save function in

2015-12-15 6.5 CVE-2015-8377FULLDISC

graphs_new.php in Cacti 0.8.8f and earlier allows

remote authenticated users to execute arbitrary

SQL commands via crafted serialized data in the

selected_graphs_array parameter in a save action.

chat_room_project

-- chat_room

The Chat Room module 7.x-2.x before 7.x-2.2 for

Drupal does not properly check permissions when

setting up a websocket for chat messages, which

allows remote attackers to bypass intended access

restrictions and read messages from arbitrary Chat

Rooms via unspecified vectors.

2015-12-17 5.0 CVE-2015-8601MISCCONFIRM

cisco --

unified_communica

tions_manager

Cisco Unified Communications Manager (UCM) 8.0

through 8.6 allows remote attackers to bypass an

XSS protection mechanism via a crafted parameter,

aka Bug ID CSCuu15266.

2015-12-15 4.3 CVE-2015-4206CISCO (link is external)

cisco -- ios The Neighbor Discovery (ND) protocol

implementation in the IPv6 stack in Cisco IOS

15.3(3)S0.1 on ASR devices mishandles internal

tables, which allows remote attackers to cause a

denial of service (memory consumption or device

crash) via a flood of crafted ND messages, aka Bug

ID CSCup28217.

2015-12-15 6.1 CVE-2015-6359CISCO (link is external)

cisco --

dpc3939_wireless_r

esidential_voice_ga

teway_firmware

The administrative web interface on Cisco DPC3939

(XB3) devices with firmware 121109aCMCST allows

remote authenticated users to execute arbitrary

commands via unspecified fields, aka Bug ID

CSCuw86170.

2015-12-12 6.5 CVE-2015-6361CISCO (link is external)

cisco --

dpq3925_8x4_docsi

s_3.0_wireless_resi

dential_

gateway_with_emb

edded_digital_voic

e_adapter

Cross-site request forgery (CSRF) vulnerability on

Cisco DPQ3925 devices with EDVA 5.5.2 allows

remote attackers to hijack the authentication of

arbitrary users, aka Bug ID CSCuv05943.

2015-12-13 6.8 CVE-2015-6378CISCO (link is external)

cisco --

prime_service_catal

og

Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and

11.0 does not properly restrict access to web pages,

which allows remote attackers to modify the

configuration via a direct request, aka Bug ID

CSCuw48188.

2015-12-12 6.5 CVE-2015-6395CISCO (link is external)

cisco --

integrated_manage

ment_controller_su

pervisor

The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco

Integrated Management Controller (IMC) before

2.0(9) allows remote authenticated users to cause a

denial of service (IP interface outage) via crafted

parameters in an HTTP request, aka Bug ID

CSCuv38286.

2015-12-15 6.8 CVE-2015-6399CISCO (link is external)

cisco --

emergency_respon

der

Multiple cross-site scripting (XSS) vulnerabilities in

Cisco Emergency Responder 10.5(1a) allow remote

attackers to inject arbitrary web script or HTML via

unspecified fields, aka Bug ID CSCuv25547.

2015-12-12 4.3 CVE-2015-6400CISCO (link is external)

cisco --

epc3928_docsis_3.0

_8x4_wireless_resid

ential_

gateway_with_emb

edded_digital_voic

e_adapter

Cross-site scripting (XSS) vulnerability in the

management interface on Cisco EPC3928 devices

with EDVA 5.5.10, 5.5.11, and 5.7.1 allows remote

attackers to inject arbitrary web script or HTML via

an unspecified value, aka Bug ID CSCux24935.

2015-12-13 4.3 CVE-2015-6402CISCO (link is external)

cisco --

hosted_collaboratio

n_solution

Cisco Hosted Collaboration Mediation Fulfillment

10.6(3) does not use RBAC, which allows remote

authenticated users to obtain sensitive credential

information by leveraging admin access and

making SOAP API requests, aka Bug ID

CSCuw84374.

2015-12-15 4.0 CVE-2015-6404CISCO (link is external)

cisco --

emergency_respon

der

Cross-site request forgery (CSRF) vulnerability in

Cisco Emergency Responder 10.5(1) and 10.5(1a)

allows remote attackers to hijack the authentication

of arbitrary users, aka Bug ID CSCuv26501.

2015-12-12 6.8 CVE-2015-6405CISCO (link is external)

cisco --

emergency_respon

der

Directory traversal vulnerability in the Tools menu

in Cisco Emergency Responder 10.5(1.10000.5)

allows remote authenticated users to write to

arbitrary files via a crafted filename, aka Bug ID

CSCuv21781.

2015-12-12 4.0 CVE-2015-6406CISCO (link is external)

cisco --

emergency_respon

der

Cisco Emergency Responder 10.5(3.10000.9) allows

remote attackers to upload files to arbitrary

locations via a crafted parameter, aka Bug ID

CSCuv25501.

2015-12-12 4.0 CVE-2015-6407CISCO (link is external)

cisco --

unity_connection

Cross-site request forgery (CSRF) vulnerability in

Cisco Unity Connection 11.5(0.98) allows remote

2015-12-12 6.8 CVE-2015-6408CISCO (link is

attackers to hijack the authentication of arbitrary

users, aka Bug ID CSCux24578.

external)

cisco --

telepresence_video

_communication_se

rver_software

The Mobile and Remote Access (MRA) services

implementation in Cisco Unified Communications

Manager mishandles edge-device identity

validation, which allows remote attackers to bypass

intended call-reception and call-setup restrictions

by spoofing a user, aka Bug ID CSCuu97283.

2015-12-13 4.0 CVE-2015-6410CISCO (link is external)

cisco --

firepower_manage

ment_center

Cisco FirePOWER Management Center 5.4.1.3, 6.0.0,

and 6.0.1 provides verbose responses to requests

for help files, which allows remote attackers to

obtain potentially sensitive version information by

reading an unspecified field, aka Bug ID

CSCux37061.

2015-12-15 5.0 CVE-2015-6411CISCO (link is external)

cisco --

telepresence_video

_communication_se

rver_software

Cisco TelePresence Video Communication Server

(VCS) Expressway X8.6 allows remote authenticated

users to bypass intended read-only restrictions and

upload Tandberg Linux Package (TLP) files by

visiting an administrative page, aka Bug ID

CSCuw55651.

2015-12-12 4.0 CVE-2015-6413CISCO (link is external)

cisco --

unified_web_and_e

-

mail_interaction_m

anager

Cross-site scripting (XSS) vulnerability in Cisco

Unified Email Interaction Manager and Unified Web

Interaction Manager 11.0(1) allows remote

attackers to inject arbitrary web script or HTML a

crafted URL, aka Bug ID CSCuw24479.

2015-12-13 4.3 CVE-2015-6416CISCO (link is external)

cisco --

videoscape_distribu

tion_suite_service_

manager

Cisco Videoscape Distribution Suite Service

Manager (VDS-SM) 3.4.0 and earlier does not always

use RBAC for backend database access, which

allows remote authenticated users to read or write

to database entries via (1) the GUI or (2) a crafted

HTTP request, aka Bug ID CSCuv87025.

2015-12-12 6.5 CVE-2015-6417CISCO (link is external)

cisco -- rv016_multi-

wan_vpn_firmware

The random-number generator on Cisco Small

Business RV routers 4.x and SA500 security

appliances 2.2.07 does not have sufficient entropy,

which makes it easier for remote attackers to

determine a TLS key pair via unspecified

computations upon handshake key-exchange data,

aka Bug ID CSCus15224.

2015-12-12 4.3 CVE-2015-6418CISCO (link is external)

cisco --

firesight_system_so

ftware

Cisco FireSIGHT Management Center with software

4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote

authenticated users to read arbitrary files via a

crafted GET request, aka Bug ID CSCur25410.

2015-12-12 6.8 CVE-2015-6419CISCO (link is external)

cisco --

unified_communica

tions_domain_man

ager

The self-service application in Cisco Unified

Communications Domain Manager (CUCDM) 10.6(1)

allows remote authenticated users to cause a denial

of service (subapplication outage) via malformed

requests, aka Bug ID CSCuu10981.

2015-12-13 4.0 CVE-2015-6422CISCO (link is external)

cisco --

unified_communica

tions_manager

The WebApplications Identity Management

subsystem in Cisco Unified Communications

Manager 10.5(0.98000.88) allows remote attackers

to cause a denial of service (subsystem outage) via

invalid session tokens, aka Bug ID CSCul83786.

2015-12-16 5.0 CVE-2015-6425CISCO (link is external)

cisco --

firesight_system_so

ftware

Cisco FireSIGHT Management Center allows remote

attackers to bypass the HTTP attack detection

feature and avoid triggering Snort IDS rules via an

SSL session that is mishandled after decryption, aka

Bug ID CSCux53437.

2015-12-18 5.0 CVE-2015-6427CISCO (link is external)

cisco --

dpq3925_8x4_docsi

s_3.0_wireless_resi

dential_

gateway_with_emb

edded_digital_voic

e_adapter

Cisco DPQ3925 devices with EDVA r1 Base allow

remote attackers to obtain sensitive information via

a crafted HTTP request, aka Bug ID CSCuv03958.

2015-12-18 5.0 CVE-2015-6428CISCO (link is external)

foxitsoftware --

phantompdf

Multiple use-after-free vulnerabilities in the (1) Print

method and (2) App object handling in Foxit Reader

before 7.2.2 and Foxit PhantomPDF before 7.2.2

allow remote attackers to execute arbitrary code via

a crafted PDF document.

2015-12-16 6.8 CVE-2015-8580CONFIRM (linkis external)MISC (link is external)MISC (link is external)

gnu -- grub2 Multiple integer underflows in Grub2 1.98 through

2.02 allow physically proximate attackers to bypass

authentication, obtain sensitive information, or

cause a denial of service (disk corruption) via

backspace characters in the (1) grub_username_get

function in grub-core/normal/auth.c or the (2)

grub_password_get function in lib/crypto.c, which

2015-12-16 6.9 CVE-2015-8370BUGTRAQ (link is external)MLIST (link is external)FEDORAMISC

trigger an "Off-by-two" or "Out of bounds

overwrite" memory error.

google -- chrome The WebPageSerializerImpl::openTagToString

function in

WebKit/Source/web/WebPageSerializerImpl.cpp in

the page serializer in Google Chrome before

47.0.2526.80 does not properly use HTML entities,

which might allow remote attackers to inject

arbitrary web script or HTML via a crafted

document, as demonstrated by a double-quote

character inside a single-quoted string.

2015-12-14 4.3 CVE-2015-6790CONFIRMCONFIRM (linkis external)CONFIRM (linkis external)

ibm --

websphere_applicat

ion_server

The Edge Component Caching Proxy in IBM

WebSphere Application Server (WAS) 8.0 before

8.0.0.12 and 8.5 before 8.5.5.8 does not properly

encrypt data, which allows remote authenticated

users to obtain sensitive information via

unspecified vectors.

2015-12-15 4.0 CVE-2015-5004CONFIRM (linkis external)AIXAPAR (link is external)

isc -- bind db.c in named in ISC BIND 9.x before 9.9.8-P2 and

9.10.x before 9.10.3-P2 allows remote attackers to

cause a denial of service (REQUIRE assertion failure

and daemon exit) via a malformed class attribute.

2015-12-16 5.0 CVE-2015-8000CONFIRM

joomla -- joomla! Cross-site request forgery (CSRF) vulnerability in the

com_templates component in Joomla! 3.2.0

through 3.3.x and 3.4.x before 3.4.6 allows remote

attackers to hijack the authentication of unspecified

victims via unknown vectors.

2015-12-16 6.8 CVE-2015-8563CONFIRMBID (link is external)

kaspersky --

total_security_2015

Kaspersky Total Security 2015 15.0.2.361 allocates

memory with Read, Write, Execute (RWX)

permissions at predictable addresses when

protecting user-mode processes, which allows

attackers to bypass the DEP and ASLR protection

mechanisms via unspecified vectors.

2015-12-16 6.4 CVE-2015-8579MISC (link is external)MISC (link is external)

mozilla -- firefox Mozilla Firefox before 43.0 does not properly store

the properties of unboxed objects, which allows

remote attackers to execute arbitrary code via

crafted JavaScript variable assignments.

2015-12-16 6.8 CVE-2015-7204CONFIRMCONFIRM

mozilla -- firefox Mozilla Firefox before 43.0 does not properly

restrict the availability of IFRAME Resource Timing

2015-12-16 5.0 CVE-2015-7207MISC (link is

API times, which allows remote attackers to bypass

the Same Origin Policy and obtain sensitive

information via crafted JavaScript code that

leverages history.back and performance.getEntries

calls, a related issue to CVE-2015-1300.

external)CONFIRMCONFIRM

mozilla -- firefox Mozilla Firefox before 43.0 stores cookies

containing vertical tab characters, which allows

remote attackers to obtain sensitive information by

reading HTTP Cookie headers.

2015-12-16 5.0 CVE-2015-7208CONFIRMCONFIRM

mozilla -- firefox Mozilla Firefox before 43.0 mishandles the #

(number sign) character in a data: URI, which allows

remote attackers to spoof web sites via unspecified

vectors.

2015-12-16 5.0 CVE-2015-7211CONFIRMCONFIRM

mozilla -- firefox Integer overflow in the

MPEG4Extractor::readMetaData function in

MPEG4Extractor.cpp in libstagefright in Mozilla

Firefox before 43.0 and Firefox ESR 38.x before 38.5

on 64-bit platforms allows remote attackers to

execute arbitrary code via a crafted MP4 video file

that triggers a buffer overflow.

2015-12-16 6.8 CVE-2015-7213CONFIRMCONFIRM

mozilla -- firefox Mozilla Firefox before 43.0 and Firefox ESR 38.x

before 38.5 allow remote attackers to bypass the

Same Origin Policy via data: and view-source: URIs.

2015-12-16 5.0 CVE-2015-7214CONFIRMCONFIRM

mozilla -- firefox The importScripts function in the Web Workers API

implementation in Mozilla Firefox before 43.0

allows remote attackers to bypass the Same Origin

Policy by triggering use of the no-cors mode in the

fetch API to attempt resource access that throws an

exception, leading to information disclosure after a

rethrow.

2015-12-16 5.0 CVE-2015-7215MISCMISC (link is external)MISC (link is external)CONFIRMCONFIRM

mozilla -- firefox The gdk-pixbuf configuration in Mozilla Firefox

before 43.0 on Linux GNOME platforms incorrectly

enables the JasPer decoder, which allows remote

attackers to cause a denial of service or possibly

have unspecified other impact via a crafted JPEG

2000 image.

2015-12-16 6.8 CVE-2015-7216CONFIRMCONFIRM

mozilla -- firefox The gdk-pixbuf configuration in Mozilla Firefox

before 43.0 on Linux GNOME platforms incorrectly

2015-12-16 4.3 CVE-2015-7217CONFIRM

enables the TGA decoder, which allows remote

attackers to cause a denial of service (heap-based

buffer overflow) via a crafted Truevision TGA image.

CONFIRM

mozilla -- firefox The HTTP/2 implementation in Mozilla Firefox

before 43.0 allows remote attackers to cause a

denial of service (integer underflow, assertion

failure, and application exit) via a single-byte

header frame that triggers incorrect memory

allocation.

2015-12-16 5.0 CVE-2015-7218CONFIRMCONFIRM

mozilla -- firefox The HTTP/2 implementation in Mozilla Firefox

before 43.0 allows remote attackers to cause a

denial of service (integer underflow, assertion

failure, and application exit) via a malformed

PushPromise frame that triggers decompressed-

buffer length miscalculation and incorrect memory

allocation.

2015-12-16 5.0 CVE-2015-7219CONFIRMCONFIRM

mozilla -- firefox Integer underflow in the Metadata::setData

function in MetaData.cpp in libstagefright in

Mozilla Firefox before 43.0 and Firefox ESR 38.x

before 38.5 allows remote attackers to execute

arbitrary code or cause a denial of service (incorrect

memory allocation and application crash) via an

MP4 video file with crafted covr metadata that

triggers a buffer overflow.

2015-12-16 6.8 CVE-2015-7222CONFIRMCONFIRM

mozilla -- firefox The WebExtension APIs in Mozilla Firefox before

43.0 allow remote attackers to gain privileges, and

possibly obtain sensitive information or conduct

cross-site scripting (XSS) attacks, via a crafted web

site.

2015-12-16 4.0 CVE-2015-7223CONFIRMCONFIRM

ntop -- ntopng ntopng (aka ntop) before 2.2 allows remote

authenticated users to change the login context

and gain privileges via the user cookie and

username parameter to admin/password_reset.lua.

2015-12-17 6.0 CVE-2015-8368EXPLOIT-DB (link is external)FULLDISCMISC (link is external)

php -- php The phar_get_entry_data function in ext/phar/util.c

in PHP before 5.5.30 and 5.6.x before 5.6.14 allows

remote attackers to cause a denial of service (NULL

pointer dereference and application crash) via a

2015-12-11 6.8 CVE-2015-7803CONFIRM (linkis external)CONFIRM (linkis external)CONFIRM (link

.phar file with a crafted TAR archive entry in which

the Link indicator references a file that does not

exist.

is external)MLIST (link is external)APPLE (link is external)CONFIRM (linkis external)

php -- php Off-by-one error in the phar_parse_zipfile function

in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x

before 5.6.14 allows remote attackers to cause a

denial of service (uninitialized pointer dereference

and application crash) by including the / filename in

a .zip PHAR archive.

2015-12-11 6.8 CVE-2015-7804CONFIRM (linkis external)CONFIRM (linkis external)CONFIRM (linkis external)MLIST (link is external)APPLE (link is external)CONFIRM (linkis external)

phpmailer_project

-- phpmailer

Multiple CRLF injection vulnerabilities in PHPMailer

before 5.2.14 allow attackers to inject arbitrary

SMTP commands via CRLF sequences in an (1) email

address to the validateAddress function in

class.phpmailer.php or (2) SMTP command to the

sendCommand function in class.smtp.php, a

different vulnerability than CVE-2012-0796.

2015-12-16 5.0 CVE-2015-8476CONFIRM (linkis external)CONFIRM (linkis external)BID (link is external)MLIST (link is external)MLIST (link is external)DEBIAN

schneider-electric --

proclima

Multiple buffer overflows in the F1BookView

ActiveX control in F1 Bookview in Schneider Electric

ProClima before 6.2 allow remote attackers to

execute arbitrary code via the (1) Attach, (2)

DefinedName, (3) DefinedNameLocal, (4)

ODBCPrepareEx, (5) ObjCreatePolygon, (6)

SetTabbedTextEx, or (7) SetValidationRule method,

a different vulnerability than CVE-2015-8561.

2015-12-15 6.8 CVE-2015-7918MISCMISC (link is external)MISC (link is external)MISC (link is external)MISC (link is external)MISC (link is external)MISC (link is external)MISC (link is external)CONFIRM (linkis external)

schneider-electric --

proclima

The F1BookView ActiveX control in F1 Bookview in

Schneider Electric ProClima before 6.2 allows

remote attackers to execute arbitrary code or cause

a denial of service (memory corruption) via a

crafted integer value to the (1) AttachToSS, (2)

CopyAll, (3) CopyRange, (4) CopyRangeEx, or (5)

SwapTable method, a different vulnerability than

CVE-2015-7918.

2015-12-15 6.8 CVE-2015-8561MISCMISC (link is external)MISC (link is external)MISC (link is external)MISC (link is external)CONFIRM (linkis external)

synnefoims --

internet_managem

ent_software

Cross-site scripting (XSS) vulnerability in

synnefoclient in Synnefo Internet Management

Software (IMS) 2015 allows remote attackers to

inject arbitrary web script or HTML via the

plan_name parameter to

packagehistory/listusagesdata.

2015-12-15 4.3 CVE-2015-8247BUGTRAQ (link is external)FULLDISC

theforeman --

foreman

Multiple cross-site scripting (XSS) vulnerabilities in

information popups in Foreman before 1.10.0 allow

remote attackers to inject arbitrary web script or

HTML via (1) global parameters, (2) smart class

parameters, or (3) smart variables in the (a) host or

(b) hostgroup edit forms.

2015-12-17 4.3 CVE-2015-7518MLIST (link is external)CONFIRMCONFIRM

xen -- xen The memory_exchange function in

common/memory.c in Xen 3.2.x through 4.6.x does

not properly hand back pages to a domain, which

might allow guest OS administrators to cause a

denial of service (host crash) via unspecified vectors

related to domain teardown.

2015-12-17 4.7 CVE-2015-8339CONFIRM (linkis external)CONFIRM

xen -- xen The memory_exchange function in

common/memory.c in Xen 3.2.x through 4.6.x does

not properly release locks, which might allow guest

OS administrators to cause a denial of service

(deadlock or host crash) via unspecified vectors,

related to XENMEM_exchange error handling.

2015-12-17 4.7 CVE-2015-8340CONFIRM (linkis external)CONFIRM

xmlsoft -- libxml2 Heap-based buffer overflow in the

xmlDictComputeFastQKey function in dict.c in

libxml2 before 2.9.3 allows context-dependent

attackers to cause a denial of service via unspecified

vectors.

2015-12-15 5.0 CVE-2015-7497CONFIRMCONFIRM (linkis external)CONFIRMUBUNTU (link is external)

REDHAT (link is external)REDHAT (link is external)

xmlsoft -- libxml2 Heap-based buffer overflow in the

xmlParseXmlDecl function in parser.c in libxml2

before 2.9.3 allows context-dependent attackers to

cause a denial of service via unspecified vectors

related to extracting errors after an encoding

conversion failure.

2015-12-15 5.0 CVE-2015-7498CONFIRMCONFIRM (linkis external)CONFIRMUBUNTU (link is external)REDHAT (link is external)REDHAT (link is external)

xmlsoft -- libxml2 Heap-based buffer overflow in the xmlGROW

function in parser.c in libxml2 before 2.9.3 allows

context-dependent attackers to obtain sensitive

process memory information via unspecified

vectors.

2015-12-15 5.0 CVE-2015-7499CONFIRMCONFIRMCONFIRM (linkis external)CONFIRMUBUNTU (link is external)REDHAT (link is external)REDHAT (link is external)

xmlsoft -- libxml2 The xmlParseMisc function in parser.c in libxml2

before 2.9.3 allows context-dependent attackers to

cause a denial of service (out-of-bounds heap read)

via unspecified vectors related to incorrect entities

boundaries and start tags.

2015-12-15 5.0 CVE-2015-7500CONFIRMCONFIRM (linkis external)CONFIRMUBUNTU (link is external)REDHAT (link is external)REDHAT (link is external)

xmlsoft -- libxml2 The xmlNextChar function in libxml2 2.9.2 does not

properly check the state, which allows context-

dependent attackers to cause a denial of service

(heap-based buffer over-read and application

crash) or obtain sensitive information via crafted

XML data.

2015-12-15 6.4 CVE-2015-8241CONFIRMCONFIRM (linkis external)CONFIRMUBUNTU (link is external)MLIST (link is external)MLIST (link is external)REDHAT (link

is external)REDHAT (link is external)

xmlsoft -- libxml2 The xmlSAX2TextNode function in SAX2.c in the

push interface in the HTML parser in libxml2 before

2.9.3 allows context-dependent attackers to cause a

denial of service (stack-based buffer over-read and

application crash) or obtain sensitive information

via crafted XML data.

2015-12-15 5.8 CVE-2015-8242CONFIRMCONFIRM (linkis external)CONFIRMCONFIRMUBUNTU (link is external)MLIST (link is external)MLIST (link is external)REDHAT (link is external)REDHAT (link is external)

xmlsoft -- libxml2 The xmlParseXMLDecl function in parser.c in

libxml2 before 2.9.3 allows context-dependent

attackers to obtain sensitive information via an (1)

unterminated encoding value or (2) incomplete

XML declaration in XML data, which triggers an out-

of-bounds heap read.

2015-12-15 5.0 CVE-2015-8317CONFIRMCONFIRMCONFIRM (linkis external)CONFIRMCONFIRMMISCUBUNTU (link is external)MLIST (link is external)MLIST (link is external)REDHAT (link is external)

Low Severity Vulnerabilities

The Primary Vendor --- Product

Description Date Published CVSSScore

The CVE Identity

apple -- iphone_os CFNetwork HTTPProtocol in Apple iOS before 9.2 and

OS X before 10.11.2 allows man-in-the-middle

attackers to bypass the HSTS protection mechanism

via a crafted URL.

2015-12-11 2.6 CVE-2015-7094CONFIRM (linkis external)CONFIRM (linkis external)APPLE (link is external)APPLE (link is external)

cisco --

telepresence_video

_communication_s

erver_software

Cisco TelePresence Video Communication Server

(VCS) X8.6 uses the same encryption key across

different customers' installations, which makes it

easier for local users to defeat cryptographic

protection mechanisms by leveraging knowledge of

a key from another installation, aka Bug ID

CSCuw64516.

2015-12-12 2.1 CVE-2015-6414CISCO (link is external)

mcafee --

virusscan_enterpris

e

The Buffer Overflow Protection (BOP) feature in

McAfee VirusScan Enterprise before 8.8 Patch 6

allocates memory with Read, Write, Execute (RWX)

permissions at predictable addresses on 32-bit

platforms when protecting another application,

which allows attackers to bypass the DEP and ASLR

protection mechanisms via unspecified vectors.

2015-12-16 2.6 CVE-2015-8577CONFIRM (linkis external)MISC (link is external)MISC (link is external)

redhat --

jboss_enterprise_a

pplication_platform

Red Hat JBoss Enterprise Application Platform (EAP)

before 6.4.5 does not properly authorize access to

shut down the server, which allows remote

authenticated users with the Monitor, Deployer, or

Auditor role to cause a denial of service via

unspecified vectors.

2015-12-16 3.5 CVE-2015-5304CONFIRM (linkis external)SECTRACK (link is external)REDHAT (link is external)REDHAT (link is external)REDHAT (link is external)REDHAT (link is external)REDHAT (link is external)

symantec --

endpoint_encryptio

EACommunicatorSrv.exe in the Framework Service

in the client in Symantec Endpoint Encryption (SEE)

2015-12-18 2.3 CVE-2015-6556CONFIRM (link

n before 11.1.0 allows remote authenticated users to

discover credentials by triggering a memory dump.

is external)BID (link is external)

token_insert_entity

_project --

token_insert_entity

The Token Insert Entity module 7.x-1.x before 7.x-1.1

for Drupal does not properly check permissions,

which allows remote authenticated users with

certain permissions to bypass intended access

restrictions and possibly obtain sensitive

information by inserting a token, which embeds a

rendered entity in the main node.

2015-12-17 3.5 CVE-2015-8602MISCCONFIRM

• Sources: http://nvd.nist.gov (For more information visit the National Vulnerabilities Database (NVD) which

contains a database of every vulnerability that has ever been published).

Uganda Communications Commission – UGCERTEmail: info@ug-cert.ug Tel + 256 414 302 100/150 Toll Free: 0800 133 911

Website www.ug-cert.ug Face book / Twitter: UGCERT