4homepages -- 4images Cross-site scripting (XSS) vulnerability in 4images 1.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat_description parameter in an updatecat action to admin/categories.php. 2015-10-05 4.3 CVE-2015-7708

FULLDISC

MISC

ajaxplorer -- ajaxplorer Directory traversal vulnerability in AjaXplorer 2.0 allows remote attackers to read arbitrary files via unspecified vectors. 2015-10-05 5.0 CVE-2015-5650

JVNDB

JVN

apple -- safari The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site. 2015-10-09 4.3 CVE-2015-5828

CONFIRM

APPLE

apple -- mac_os_x Apple Online Store Kit in Apple OS X before 10.11 improperly validates iCloud keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app. 2015-10-09 4.3 CVE-2015-5836

CONFIRM

APPLE

apple -- mac_os_x The filtering implementation in AppleEvents in Apple OS X before 10.11 mishandles attempts to send events to a different user, which allows attackers to bypass intended access restrictions by leveraging a screen-sharing connection. 2015-10-09 6.8 CVE-2015-5849

CONFIRM

APPLE

apple -- mac_os_x IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. 2015-10-09 4.3 CVE-2015-5865

CONFIRM

APPLE

apple -- mac_os_x The bidirectional text-display and text-selection implementations in Terminal in Apple OS X before 10.11 interpret directional override formatting characters differently, which allows remote attackers to spoof the content of a text document via a crafted character sequence. 2015-10-09 5.0 CVE-2015-5883

CONFIRM

APPLE

apple -- mac_os_x The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate. 2015-10-09 4.3 CVE-2015-5894

CONFIRM

APPLE

apple -- mac_os_x The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework. 2015-10-09 4.6 CVE-2015-5897

CONFIRM

APPLE

apple -- mac_os_x The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors. 2015-10-09 4.9 CVE-2015-5902

CONFIRM

APPLE

apple -- mac_os_x Heimdal, as used in Apple OS X before 10.11, allows remote attackers to conduct replay attacks against the SMB server via packet data that represents a Kerberos authenticated request. 2015-10-09 6.8 CVE-2015-5913

CONFIRM

APPLE

apple -- mac_os_x The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists because of an incomplete fix for CVE-2014-4498. 2015-10-09 4.7 CVE-2015-5914

MISC

CONFIRM

APPLE

apple -- mac_os_x Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors. 2015-10-09 5.0 CVE-2015-5915

CONFIRM

APPLE

apple -- mac_os_x libxpc in launchd in Apple OS X before 10.11 does not restrict the creation of processes for network connections, which allows remote attackers to cause a denial of service (resource consumption) by repeatedly connecting to the SSH port, a different vulnerability than CVE-2015-7761. 2015-10-09 5.0 CVE-2015-7760

CONFIRM

APPLE

apple -- mac_os_x Mail in Apple OS X before 10.11 does not properly recognize user preferences, which allows attackers to obtain sensitive information via an unspecified action during the printing of an e-mail message, a different vulnerability than CVE-2015-7760. 2015-10-09 5.0 CVE-2015-7761

CONFIRM

APPLE

cisco -- nx-os Cisco NX-OS 6.0(2)U6(0.46) on N3K devices allows remote authenticated users to cause a denial of service (temporary SNMP outage) via an SNMP request for an OID that does not exist, aka Bug ID CSCuw36684. 2015-10-02 4.0 CVE-2015-6308

CISCO

cisco -- email_security_appliance Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows remote authenticated users to cause a denial of service (file-descriptor consumption and device reload) via crafted HTTP requests, aka Bug ID CSCuw32211. 2015-10-02 6.8 CVE-2015-6309

CISCO

cisco -- unified_communications_manager_im_and_presence_service The REST interface in Cisco Unified Communications Manager IM and Presence Service 11.5(1) allows remote attackers to cause a denial of service (SIP proxy service restart) via a crafted HTTP request, aka Bug ID CSCuw31632. 2015-10-08 5.0 CVE-2015-6310

CISCO

cisco -- wireless_lan_controller Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i management data to a managed access point, aka Bug ID CSCub65236. 2015-10-08 6.1 CVE-2015-6311

CISCO

dotclear -- dotclear Cross-site scripting (XSS) vulnerability in Dotclear before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-10-03 4.3 CVE-2015-5651

CONFIRM

JVNDB

JVN

e-catchup -- basercms baserCMS before 3.0.8 allows remote authenticated users to modify arbitrary user settings via a crafted request. 2015-10-05 6.5 CVE-2015-5640

JVNDB

JVN

CONFIRM

e-catchup -- basercms SQL injection vulnerability in baserCMS before 3.0.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2015-10-05 6.5 CVE-2015-5641

JVNDB

JVN

CONFIRM

glpi-project -- glpi GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the _profiles_id parameter to front/user.form.php. 2015-10-05 4.0 CVE-2015-7685

CONFIRM

CONFIRM

FULLDISC

gollum_project -- gollum The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check. 2015-10-05 4.3 CVE-2015-7314

CONFIRM

CONFIRM

MLIST

JVNDB

JVN

google -- android Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270. 2015-10-06 6.4 CVE-2015-3847

MLIST

google -- android mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22954006. 2015-10-06 5.0 CVE-2015-3862

MLIST

google -- android Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to bypass an intended screen-recording warning feature and obtain sensitive screen-snapshot information via a crafted application that references a long application name, aka internal bug 23345192. 2015-10-06 4.3 CVE-2015-3878

MLIST

google -- android mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bugs 20915134 and 23142203, a different vulnerability than CVE-2015-7718. 2015-10-06 5.0 CVE-2015-6605

MLIST

google -- android mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22278703, a different vulnerability than CVE-2015-6605. 2015-10-06 5.0 CVE-2015-7718

MLIST

ibm -- openpages_grc_platform IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to modify arbitrary user filters via a JSON request. 2015-10-03 4.0 CVE-2015-0141

CONFIRM

ibm -- openpages_grc_platform IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service (maintenance-mode transition and data-storage outage) by calling the System Administration Mode function. 2015-10-03 4.0 CVE-2015-0142

CONFIRM

ibm -- openpages_grc_platform IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to obtain sensitive information by reading error messages. 2015-10-03 4.0 CVE-2015-0143

CONFIRM

ibm -- openpages_grc_platform Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. 2015-10-03 6.8 CVE-2015-0145

CONFIRM

ibm -- content_template_catalog Cross-site scripting (XSS) vulnerability in IBM Content Template Catalog 4.x before 4.1.4 for WebSphere Portal 8.0.x and 4.x before 4.3.1 for WebSphere Portal 8.5.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2015-10-03 4.3 CVE-2015-0195

CONFIRM

ibm -- change_and_configuration_management_database IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file. 2015-10-03 5.0 CVE-2015-1934

CONFIRM

ibm -- websphere_extreme_scale IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. 2015-10-03 4.3 CVE-2015-2025

CONFIRM

AIXAPAR

AIXAPAR

ibm -- websphere_extreme_scale Cross-site request forgery (CSRF) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. 2015-10-03 6.0 CVE-2015-2026

CONFIRM

AIXAPAR

AIXAPAR

ibm -- websphere_extreme_scale CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. 2015-10-03 4.3 CVE-2015-2028

CONFIRM

AIXAPAR

AIXAPAR

ibm -- websphere_extreme_scale Session fixation vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to hijack web sessions via a session identifier. 2015-10-03 4.3 CVE-2015-2029

CONFIRM

AIXAPAR

AIXAPAR

ibm -- websphere_extreme_scale IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 has an improper account-lockout setting, which makes it easier for remote attackers to obtain access via a brute-force attack. 2015-10-03 5.0 CVE-2015-2030

CONFIRM

AIXAPAR

AIXAPAR

ibm -- emptoris_program_management Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2015-10-05 4.3 CVE-2015-4939

CONFIRM

ibm -- urbancode_deploy IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTH_TOKEN values to execution logs, which allows remote authenticated users to gain privileges by leveraging the ability to create and execute a process. 2015-10-05 6.0 CVE-2015-4964

CONFIRM

ibm -- change_and_configuration_management_database maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2) debug application file. 2015-10-05 4.0 CVE-2015-4965

CONFIRM

ibm -- change_and_configuration_management_database SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2015-10-05 6.5 CVE-2015-4967

CONFIRM

ibm -- b2b_advanced_communications Cross-site scripting (XSS) vulnerability in IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2015-10-05 4.3 CVE-2015-4973

CONFIRM

AIXAPAR

ibm -- b2b_advanced_communications IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2, when access by guests is enabled, place an internal hostname and a payload path in a response, which allows remote authenticated users to obtain sensitive information by leveraging a trading-partner relationship and reading response fields. 2015-10-05 4.3 CVE-2015-5022

CONFIRM

AIXAPAR

ibm -- emptoris_sourcing IBM Emptoris Sourcing 10.0.2.0 before iFix6, 10.0.2.2 before iFix11, 10.0.2.3, 10.0.2.5 before iFix4, 10.0.2.6 before iFix8, 10.0.2.7 before iFix1, and 10.0.4.x before iFix2 allows remote authenticated users to obtain sensitive supplier-bid information via unspecified vectors. 2015-10-05 4.0 CVE-2015-5024

CONFIRM

icz -- matchasns Multiple SQL injection vulnerabilities in ICZ MATCHA INVOICE before 2.5.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2015-10-05 6.5 CVE-2015-5642

CONFIRM

JVNDB

JVN

icz -- matchasns The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors. 2015-10-05 6.8 CVE-2015-5643

CONFIRM

JVNDB

JVN

icz -- matchasns The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors. 2015-10-05 6.8 CVE-2015-5644

CONFIRM

JVNDB

JVN

icz -- matchasns ICZ MATCHA SNS before 1.3.7 allows remote authenticated users to obtain administrative privileges via unspecified vectors. 2015-10-05 6.5 CVE-2015-5645

CONFIRM

JVNDB

JVN

igniterealtime -- openfire Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp. 2015-10-05 6.5 CVE-2015-7707

EXPLOIT-DB

MISC

MISC

MISC

juniper -- pulse_connect_secure The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 provides different messages for attempts to join a meeting depending on the status of the meeting, which allows remote attackers to enumerate valid meeting ids via a series of requests. 2015-10-05 5.0 CVE-2015-7322

MISC

CONFIRM

luke_mewburn -- tnftpd The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring. 2015-10-09 5.0 CVE-2015-5917

MISC

CONFIRM

MISC

APPLE

ntp -- ntp ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field. 2015-10-05 5.8 CVE-2014-9750

CERT-VN

CONFIRM

CONFIRM

CONFIRM

ntp -- ntp The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address. 2015-10-05 6.8 CVE-2014-9751

CERT-VN

CONFIRM

CONFIRM

CONFIRM

omron -- cx-programmer Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request. 2015-10-05 5.0 CVE-2015-0987

MISC

simpestreams_project -- simplestreams Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response. 2015-10-09 6.8 CVE-2015-1337

CONFIRM

UBUNTU

UBUNTU