vulnerability summary for the week of july 13, 2015

SB15-201: Vulnerability Summary for the Week of July 13, 2015 07/20/2015 08:20 AM EDT

Original release date: July 20, 2015

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

PrimaryVendor -- Product

Description PublishedCVSS Score

Source & Patch Info

adobe -- acrobat Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-

2015-07-15

10.0 CVE-2015-3095CONFIRM

http://cve.mitre.org/

https://helpx.adobe.com/security/products/reader/apsb15-15.html

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3095


https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-3095&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)

https://mail.google.com/mail/u/0/#14eabb9682963c83_low

https://mail.google.com/mail/u/0/#14eabb9682963c83_medium

https://mail.google.com/mail/u/0/#14eabb9682963c83_high

http://nvd.nist.gov/cvss.cfm



Source & Patch Info

5087, CVE-2015-5094, CVE-2015-5100, CVE-2015-5102, CVE-2015-5103, CVE-2015-5104, and CVE-2015-5115.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a differentvulnerability than CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, and CVE-2015-5086.

2015-07-15

10.0CVE-2015-4435CONFIRM

adobe -- acrobat


2015-07-15


adobe -- acrobat Adobe Reader and Acrobat 10.x before 2015-07- 10.0 CVE-2015-













Source & Patch Info

10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a differentvulnerability than CVE-2015-4435, CVE-2015-4438, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, and CVE-2015-5086.

154441CONFIRM

adobe -- acrobat


2015-07-15


adobe -- acrobat Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before

2015-07-15





https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-4446&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)









Source & Patch Info

2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and perform a transition from Low Integrity to Medium Integrity via unspecified vectors, a differentvulnerability than CVE-2015-5090 and CVE-2015-5106.

adobe -- acrobat


2015-07-15


adobe -- acrobat Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-

2015-07-15












Source & Patch Info

5095, CVE-2015-5099, CVE-2015-5101, CVE-2015-5111, CVE-2015-5113, and CVE-2015-5114.

adobe -- acrobat


2015-07-15


adobe -- acrobat


2015-07-15















Source & Patch Info

10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a differentvulnerability than CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, and CVE-2015-5086.

155085CONFIRM

adobe -- acrobat


2015-07-15



2015-07-15














Source & Patch Info

2015.008.20082 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3095, CVE-2015-5094, CVE-2015-5100, CVE-2015-5102, CVE-2015-5103, CVE-2015-5104, and CVE-2015-5115.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and perform a transition from Low Integrity to Medium Integrity via unspecified vectors, a differentvulnerability than CVE-2015-4446 and CVE-2015-5106.

2015-07-15


adobe -- acrobat

Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to cause a denial of service via invalid data.

2015-07-15


adobe -- acrobat Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x

2015-07-15

10.0 CVE-2015-5093







https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-5091&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C)







Source & Patch Info

before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.

CONFIRM

adobe -- acrobat

Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3095, CVE-2015-5087, CVE-2015-5100, CVE-2015-5102, CVE-2015-5103, CVE-2015-5104, and CVE-2015-5115.

2015-07-15


adobe -- acrobat Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-

2015-07-15













Source & Patch Info

4448, CVE-2015-5099, CVE-2015-5101, CVE-2015-5111, CVE-2015-5113, and CVE-2015-5114.

adobe -- acrobat

Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5098 and CVE-2015-5105.

2015-07-15


adobe -- acrobat

Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5108 and CVE-2015-5109.

2015-07-15


adobe -- acrobat Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and

2015-07-15
















Source & Patch Info

Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5096 and CVE-2015-5105.

adobe -- acrobat

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4448, CVE-2015-5095, CVE-2015-5101, CVE-2015-5111, CVE-2015-5113, and CVE-2015-5114.

2015-07-15


adobe -- acrobat Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3095, CVE-2015-5087, CVE-2015-5094,

2015-07-15












Source & Patch Info

CVE-2015-5102, CVE-2015-5103, CVE-2015-5104, and CVE-2015-5115.

adobe -- acrobat


2015-07-15


adobe -- acrobat


2015-07-15


adobe -- acrobat Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat

2015-07-15

10.0 CVE-2015-5103














Source & Patch Info

and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3095, CVE-2015-5087, CVE-2015-5094, CVE-2015-5100, CVE-2015-5102, CVE-2015-5104, and CVE-2015-5115.

CONFIRM

adobe -- acrobat


2015-07-15


adobe -- acrobat Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before

2015-07-15













Source & Patch Info

2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5096 and CVE-2015-5098.

adobe -- acrobat


2015-07-15


adobe -- acrobat


2015-07-15


adobe -- acrobat Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x

2015-07-15

10.0 CVE-2015-5109














Source & Patch Info

before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5097 and CVE-2015-5108.

CONFIRM

adobe -- acrobat

Stack-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.

2015-07-15


adobe -- acrobat Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4448, CVE-2015-5095, CVE-2015-5099, CVE-2015-5101, CVE-2015-5113, and

2015-07-15













Source & Patch Info

CVE-2015-5114.

adobe -- acrobat


2015-07-15


adobe -- acrobat


2015-07-15


adobe -- acrobat Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before

2015-07-15
















Source & Patch Info

2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3095, CVE-2015-5087, CVE-2015-5094, CVE-2015-5100, CVE-2015-5102, CVE-2015-5103, and CVE-2015-5104.

adobe -- shockwave_player

Adobe Shockwave Player before 12.1.9.159 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5121.

2015-07-14




2015-07-14


adobe -- flash_player Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x

2015-07-14

10.0 CVE-2015-5122CERT-VNMISCCONFIRM

https://helpx.adobe.com/security/products/flash-player/apsa15-04.html

https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-5122_-_seco.html

http://www.kb.cert.org/vuls/id/338736




https://helpx.adobe.com/security/products/shockwave/apsb15-17.html










Source & Patch Info

through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.

adobe -- flash_player

Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a ValueOf function, as exploited in the wild in July 2015.

2015-07-14

10.0

CVE-2015-5123CERT-VNCONFIRMMISC

centreon -- centreon SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the sid parameter to

2015-07-14

7.5 CVE-2015-1560CONFIRMBUGTRAQMISC

http://packetstormsecurity.com/files/132607/Merethis-Centreon-2.5.4-SQL-Injection-Remote-Command-Execution.html

http://www.securityfocus.com/archive/1/archive/1/535961/100/0/threaded

https://forge.centreon.com/projects/centreon/repository/revisions/d14f213b9c60de1bad0b464fd6403c828cf12582




http://blog.trendmicro.com/trendlabs-security-intelligence/new-zero-day-vulnerability-cve-2015-5123-in-adobe-flash-emerges-from-hacking-team-leak/








Source & Patch Info

include/common/XmlTree/GetXmlTree.php.

cisco -- videoscape_distribution_suite_for_internet_streaming

Cisco Videoscape Distribution Suite Service Broker (aka VDS-SB), when a VDSM configuration on UCS is used, and Videoscape Distribution Suite for Internet Streaming (aka VDS-IS or CDS-IS) before 3.3.1 R7 and 4.x before 4.0.0 R4 allow remote attackers to cause a denial of service (device reload) via a crafted HTTP request, aka Bug IDs CSCus79834 and CSCuu63409.

2015-07-16

7.8CVE-2015-0725CISCO

djangoproject -- django

The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.

2015-07-14

7.8

CVE-2015-5143CONFIRMUBUNTUDEBIAN


validators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.

2015-07-14


emc -- recoverpoint_for_virtual_machines

EMC RecoverPoint for Virtual Machines (VMs) 4.2 allows local users to obtain root-shell access by bypassing the Installation Manager Boxmgmt CLI interface.

2015-07-10

7.2CVE-2015-4526BUGTRAQ

ibm -- business_process_manager The REST API in IBM Business Process 2015-07- 9.0 CVE-2015-


https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-1961&vector=(AV:N/AC:L/Au:S/C:C/I:C/A:C)

http://seclists.org/bugtraq/2015/Jul/59



https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-4526&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C)

https://www.djangoproject.com/weblog/2015/jul/08/security-releases/




http://www.debian.org/security/2015/dsa-3305

http://www.ubuntu.com/usn/USN-2671-1





http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150715-vds






Source & Patch Info

Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via an unspecified API call.

131961CONFIRMAIXAPAR

juniper -- junos

The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the "set system ports console insecure" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port.

2015-07-14

7.2

CVE-2015-3007SECTRACKCONFIRM

juniper -- junos Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.2X52 before 13.2X52-D25, 13.3 before 13.3R6, 14.1R3 before 14.1R3-S2, 14.1 before 14.1R4, 14.1X53 before 14.1X53-D12, 14.1X53 before 14.1X53-D16, 14.1X55 before 14.1X55-D25, 14.2 before 14.2R2, and 15.1 before 15.1R1 allows remote attackers to cause a denial of service (mbuf and

2015-07-14

7.1 CVE-2015-5358SECTRACKCONFIRM

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10686

http://www.securitytracker.com/id/1032842




https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-5358&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:C)







http://www-01.ibm.com/support/docview.wss?uid=swg1JR53356

http://www-01.ibm.com/support/docview.wss?uid=swg21959052




Source & Patch Info

connection consumption and restart) via a large number of requests that trigger a TCP connection to move to the LAST_ACK state when there is more data to send.

juniper -- junos

Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R7, 13.3 before 13.3R5, 14.1R3 before 14.1R3-S2, 14.1 before 14.1R4, 14.2 before 14.2R2, and 15.1 before 15.1R1 allows remote attackers to cause a denial of service (NULL pointer dereference and RDP crash) via a large number of BGP-VPLS advertisements with updated BGP local preference values.

2015-07-14

7.1


juniper -- junos The BFD daemon in Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before 14.1X50-D85, 14.1X55 before 14.1X55-D20, 14.2 before 14.2R3, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D10 allows remote attackers to cause a denial of service (bfdd crash and restart) or

2015-07-14







https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-5362&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)









Source & Patch Info

execute arbitrary code via a crafted BFD packet.

linuxfoundation -- cups-filters

Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job.

2015-07-14

7.5

CVE-2015-3258CONFIRMBIDMLISTDEBIANUBUNTUCONFIRM


Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.

2015-07-14

7.5

CVE-2015-3279CONFIRMBIDMLISTMLISTDEBIANUBUNTUCONFIRMCONFIRMCONFIRM

microsoft -- internet_explorer

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory CorruptionVulnerability," a different vulnerability than CVE-2015-2389 and CVE-2015-2411.

2015-07-14

9.3CVE-2015-1733MS

http://technet.microsoft.com/security/bulletin/MS15-065




http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365

http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7366#NEWS


http://ubuntu.com/usn/usn-2659-1


http://www.openwall.com/lists/oss-security/2015/07/03/2


http://www.securityfocus.com/bid/75557

https://bugzilla.redhat.com/show_bug.cgi?id=1238990















Source & Patch Info


Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory CorruptionVulnerability," a different vulnerability than CVE-2015-2388.

2015-07-14

9.3CVE-2015-1738MS

microsoft -- sql_server

Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified function calls, which allows remote authenticated users to execute arbitrary code by leveraging certain permissions and making a crafted query, as demonstrated by the VIEW SERVER STATE permission, aka "SQL Server Remote Code ExecutionVulnerability."

2015-07-14

7.1CVE-2015-1762MS


Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remote authenticated users to execute arbitrary code via a crafted query, aka "SQL Server Remote Code Execution Vulnerability."

2015-07-14

8.5CVE-2015-1763MS

microsoft -- internet_explorer Microsoft Internet Explorer 9 through 11 2015-07- 9.3 CVE-2015-






https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-1763&vector=(AV:N/AC:M/Au:S/C:C/I:C/A:C)




https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-1762&vector=(AV:N/AC:H/Au:S/C:C/I:C/A:C)







Source & Patch Info

allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory CorruptionVulnerability," a different vulnerability than CVE-2015-2401 and CVE-2015-2408.

141767MS

microsoft -- windows_8.1

Hyper-V in Microsoft Windows 8.1 and Windows Server 2012 R2 does not properly initialize guest OS system data structures, which allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (buffer overflow) by leveraging guest OS privileges, aka "Hyper-V Buffer OverflowVulnerability."

2015-07-14

7.2CVE-2015-2361MS

microsoft -- windows_8

Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly initialize guest OS system data structures, which allows guest OS users to execute arbitrary code on the host OS by leveraging guest OS privileges, aka "Hyper-V System Data Structure Vulnerability."

2015-07-14

7.2CVE-2015-2362MS

microsoft -- windows_2003_server win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows

2015-07-14

7.2 CVE-2015-2363MS

















Source & Patch Info

7 SP1, Windows 8, Windows 8.1, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

microsoft -- windows_2003_server

The graphics component in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application that leverages an incorrect bitmap conversion, aka "Graphics Component EOP Vulnerability."

2015-07-14

7.2CVE-2015-2364MS


win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of PrivilegeVulnerability."

2015-07-14

7.2CVE-2015-2365MS

microsoft -- windows_7 win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012

2015-07-14

7.2 CVE-2015-2366MS















Source & Patch Info

Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."


The authentication implementation in the RPC subsystem in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not prevent DCE/RPC connection reflection, which allows local users to gain privileges via a crafted application, aka "Windows RPC Elevation of Privilege Vulnerability."

2015-07-14

7.2CVE-2015-2370MS

microsoft -- vbscript

vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."

2015-07-14

9.3

CVE-2015-2372MSMS

microsoft -- windows_7 The Remote Desktop Protocol (RDP) server service in Microsoft Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a series of crafted packets, aka "Remote Desktop Protocol

2015-07-14

10.0 CVE-2015-2373MS
















Source & Patch Info

(RDP) Remote Code Execution Vulnerability."

microsoft -- excel

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Office for Mac 2011, Excel Viewer 2007 SP3, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

2015-07-14

9.3CVE-2015-2376MS

microsoft -- excel

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory CorruptionVulnerability."

2015-07-14

9.3CVE-2015-2377MS

microsoft -- office Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft

2015-07-14

9.3 CVE-2015-2379MS















Source & Patch Info

Office Memory CorruptionVulnerability."

microsoft -- office

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, and Word 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

2015-07-14

9.3CVE-2015-2380MS


Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2384 and CVE-2015-2425.

2015-07-14

9.3CVE-2015-2383MS



2015-07-14

9.3CVE-2015-2384MS

microsoft -- internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted

2015-07-14

9.3 CVE-2015-2385MS



















Source & Patch Info

web site, aka "Internet Explorer Memory CorruptionVulnerability," a different vulnerability than CVE-2015-2390, CVE-2015-2397, CVE-2015-2404, CVE-2015-2406, and CVE-2015-2422.


ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "ATMFD.DLL Memory CorruptionVulnerability."

2015-07-14

7.2CVE-2015-2387MS



2015-07-14

9.3CVE-2015-2388MS

microsoft -- internet_explorer Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory CorruptionVulnerability," a different vulnerability than CVE-2015-

2015-07-14

9.3 CVE-2015-2389MS















Source & Patch Info

1733 and CVE-2015-2411.


Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory CorruptionVulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2397, CVE-2015-2404, CVE-2015-2406, and CVE-2015-2422.

2015-07-14

9.3CVE-2015-2390MS


Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

2015-07-14

9.3CVE-2015-2391MS



2015-07-14

9.3CVE-2015-2397MS

microsoft -- internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted

2015-07-14

9.3 CVE-2015-2401MS



















Source & Patch Info

web site, aka "Internet Explorer Memory CorruptionVulnerability," a different vulnerability than CVE-2015-1767 and CVE-2015-2408.



2015-07-14

9.3CVE-2015-2403MS



2015-07-14

9.3CVE-2015-2404MS



2015-07-14

9.3CVE-2015-2406MS

microsoft -- internet_explorer Microsoft Internet Explorer 9 through 11 2015-07- 9.3 CVE-2015-

















Source & Patch Info


142408MS



2015-07-14

9.3CVE-2015-2411MS

microsoft -- excel


2015-07-14

9.3CVE-2015-2415MS


JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "JScript9 Memory CorruptionVulnerability."

2015-07-14

9.3CVE-2015-2419MS

















Source & Patch Info



2015-07-14

9.3CVE-2015-2422MS

microsoft -- powerpoint

Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

2015-07-14

9.3CVE-2015-2424MS



2015-07-14

9.3CVE-2015-2425MS

oracle -- jdk Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality,

2015-07-16


http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html


















Source & Patch Info

integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.

oracle -- fusion_middleware

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Configuration Service.

2015-07-16


oracle -- jdk

Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Install.

2015-07-16



Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator , a different vulnerability than CVE-2015-2603, CVE-2015-2604, CVE-2015-2605, CVE-2015-2606, and CVE-2015-4745.

2015-07-16


oracle -- fusion_middleware Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows

2015-07-16

















https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-2593&vector=(AV:A/AC:L/Au:S/C:C/I:C/A:N)



Source & Patch Info

remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2604, CVE-2015-2605, CVE-2015-2606, and CVE-2015-4745.


Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2603, CVE-2015-2605, CVE-2015-2606, and CVE-2015-4745.

2015-07-16

7.5

...

[Message clipped] View entire message

National CERT <[email protected]> Jul 28

to cirttl.lict


https://mail.google.com/mail/u/0/?ui=2&ik=c613e49ac1&view=lg&msg=14eabb9682963c83




Source & Patch Info

adobe -- acrobat


2015-07-15


adobe -- acrobat


2015-07-15


adobe -- acrobat Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and

2015-07-15
















Source & Patch Info

Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a differentvulnerability than CVE-2015-4435, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, and CVE-2015-5086.

adobe -- acrobat


2015-07-15


adobe -- acrobat

Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified

2015-07-15












Source & Patch Info

vectors, a differentvulnerability than CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, and CVE-2015-5086.

adobe -- acrobat


2015-07-15


adobe -- acrobat


2015-07-15












Source & Patch Info

adobe -- acrobat


2015-07-15


adobe -- acrobat


2015-07-15


adobe -- acrobat

Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and

2015-07-15
















Source & Patch Info

Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a differentvulnerability than CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-5085, and CVE-2015-5086.

adobe -- acrobat


2015-07-15


adobe -- acrobat

Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified

2015-07-15












Source & Patch Info

vectors, a differentvulnerability than CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, and CVE-2015-5085.

adobe -- acrobat


2015-07-15


adobe -- acrobat


2015-07-15












Source & Patch Info

adobe -- acrobat

Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to cause a denial of service via invalid data.

2015-07-15


adobe -- acrobat

Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.

2015-07-15


adobe -- acrobat


2015-07-15
















Source & Patch Info

adobe -- acrobat


2015-07-15


adobe -- acrobat


2015-07-15


adobe -- acrobat

Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before

2015-07-15
















Source & Patch Info

2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5108 and CVE-2015-5109.

adobe -- acrobat


2015-07-15


adobe -- acrobat


2015-07-15















Source & Patch Info

10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3095, CVE-2015-5087, CVE-2015-5094, CVE-2015-5102, CVE-2015-5103, CVE-2015-5104, and CVE-2015-5115.

155100CONFIRM

adobe -- acrobat


2015-07-15


adobe -- acrobat

Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before

2015-07-15














Source & Patch Info


adobe -- acrobat


2015-07-15


adobe -- acrobat Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a

2015-07-15












Source & Patch Info

different vulnerability than CVE-2015-3095, CVE-2015-5087, CVE-2015-5094, CVE-2015-5100, CVE-2015-5102, CVE-2015-5103, and CVE-2015-5115.

adobe -- acrobat


2015-07-15


adobe -- acrobat


2015-07-15


adobe -- acrobatInteger overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat

2015-07-15
















Source & Patch Info

Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5097 and CVE-2015-5109.

adobe -- acrobat


2015-07-15


adobe -- acrobat


2015-07-15


adobe -- acrobatUse-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15

2015-07-15

10.0CVE-2015-5111














Source & Patch Info

and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4448, CVE-2015-5095, CVE-2015-5099, CVE-2015-5101, CVE-2015-5113, and CVE-2015-5114.

CONFIRM

adobe -- acrobat


2015-07-15


adobe -- acrobat

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before

2015-07-15













Source & Patch Info

2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4448, CVE-2015-5095, CVE-2015-5099, CVE-2015-5101, CVE-2015-5111, and CVE-2015-5113.

adobe -- acrobat


2015-07-15




2015-07-14


adobe -- shockwave_playerAdobe Shockwave Player before 12.1.9.159 allows attackers to execute arbitrary code or cause a denial of

2015-07-14
















Source & Patch Info

service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5120.


Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.

2015-07-14

10.0

CVE-2015-5122CERT-VNMISCCONFIRM

adobe -- flash_player Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via

2015-07-14

10.0 CVE-2015-5123CERT-VNCONFIRMMISC















Source & Patch Info

crafted Flash content that overrides a ValueOf function, as exploited in the wild in July 2015.

centreon -- centreon

SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the sid parameter to include/common/XmlTree/GetXmlTree.php.

2015-07-14

7.5

CVE-2015-1560CONFIRMBUGTRAQMISC



2015-07-16

7.8CVE-2015-0725CISCO



2015-07-14

7.8




















Source & Patch Info



2015-07-14




2015-07-10


ibm -- business_process_manager

The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via an unspecified API call.

2015-07-13

9.0

CVE-2015-1961CONFIRMAIXAPAR

juniper -- junos


2015-07-14

7.2


juniper -- junosJuniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-

2015-07-14

7.1CVE-2015-5358

























Source & Patch Info

D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.2X52 before 13.2X52-D25, 13.3 before 13.3R6, 14.1R3 before 14.1R3-S2, 14.1 before 14.1R4, 14.1X53 before 14.1X53-D12, 14.1X53 before 14.1X53-D16, 14.1X55 before 14.1X55-D25, 14.2 before 14.2R2, and 15.1 before 15.1R1 allows remote attackers to cause a denial of service (mbuf and connection consumption and restart) via a large number of requests that trigger a TCP connection to move to the LAST_ACK state when there is more data to send.

SECTRACKCONFIRM

juniper -- junos


2015-07-14

7.1


juniper -- junos The BFD daemon in Juniper Junos OS 2015-07- 9.3 CVE-2015-














Source & Patch Info

12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before 14.1X50-D85, 14.1X55 before 14.1X55-D20, 14.2 before 14.2R3, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D10 allows remote attackers to cause a denial of service (bfdd crash and restart) or execute arbitrary code via a crafted BFD packet.

14

5362SECTRACKCONFIRM



2015-07-14

7.5




2015-07-14

7.5

CVE-2015-3279CONFIRMBIDMLISTMLISTDEBIANUBUNTUCONFIRM


























Source & Patch Info

CONFIRMCONFIRM



2015-07-14

9.3CVE-2015-1733MS



2015-07-14

9.3CVE-2015-1738MS



2015-07-14

7.1CVE-2015-1762MS

















Source & Patch Info


Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remote authenticated users to execute arbitrary code via a crafted query, aka "SQL Server Remote Code Execution Vulnerability."

2015-07-14

8.5CVE-2015-1763MS


Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory CorruptionVulnerability," a different vulnerability than CVE-2015-2401 and CVE-2015-2408.

2015-07-14

9.3CVE-2015-1767MS



2015-07-14

7.2CVE-2015-2361MS


Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly initialize

2015-07-14

7.2CVE-2015-2362MS



















Source & Patch Info

guest OS system data structures, which allows guest OS users to execute arbitrary code on the host OS by leveraging guest OS privileges, aka "Hyper-V System Data Structure Vulnerability."


win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

2015-07-14

7.2CVE-2015-2363MS



2015-07-14

7.2CVE-2015-2364MS


win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows

2015-07-14

7.2CVE-2015-2365MS















Source & Patch Info

7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of PrivilegeVulnerability."


win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

2015-07-14

7.2CVE-2015-2366MS



2015-07-14

7.2CVE-2015-2370MS


vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to

2015-07-14

9.3

CVE-2015-2372MSMS
















Source & Patch Info

execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."


The Remote Desktop Protocol (RDP) server service in Microsoft Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a series of crafted packets, aka "Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability."

2015-07-14

10.0CVE-2015-2373MS

microsoft -- excel


2015-07-14

9.3CVE-2015-2376MS

microsoft -- excel

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of

2015-07-14

9.3CVE-2015-2377MS















Source & Patch Info

service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory CorruptionVulnerability."

microsoft -- office

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory CorruptionVulnerability."

2015-07-14

9.3CVE-2015-2379MS

microsoft -- office


2015-07-14

9.3CVE-2015-2380MS



2015-07-14

9.3CVE-2015-2383MS

microsoft -- internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary

2015-07-14

9.3 CVE-2015-2384


















Source & Patch Info

code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2383 and CVE-2015-2425.

MS



2015-07-14

9.3CVE-2015-2385MS



2015-07-14

7.2CVE-2015-2387MS


Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory

2015-07-14

9.3CVE-2015-2388MS
















Source & Patch Info

CorruptionVulnerability," a different vulnerability than CVE-2015-1738.



2015-07-14

9.3CVE-2015-2389MS



2015-07-14

9.3CVE-2015-2390MS



2015-07-14

9.3CVE-2015-2391MS

microsoft -- internet_explorerMicrosoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of

2015-07-14

9.3CVE-2015-2397MS



















Source & Patch Info

service (memory corruption) via a crafted web site, aka "Internet Explorer Memory CorruptionVulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2404, CVE-2015-2406, and CVE-2015-2422.



2015-07-14

9.3CVE-2015-2401MS



2015-07-14

9.3CVE-2015-2403MS



2015-07-14

9.3CVE-2015-2404MS















Source & Patch Info



2015-07-14

9.3CVE-2015-2406MS



2015-07-14

9.3CVE-2015-2408MS



2015-07-14

9.3CVE-2015-2411MS

microsoft -- excel

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of

2015-07-14

9.3CVE-2015-2415MS



















Source & Patch Info

service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory CorruptionVulnerability."


JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "JScript9 Memory CorruptionVulnerability."

2015-07-14

9.3CVE-2015-2419MS



2015-07-14

9.3CVE-2015-2422MS



2015-07-14

9.3CVE-2015-2424MS

microsoft -- internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary

2015-07-14

9.3 CVE-2015-2425


















Source & Patch Info

code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2383 and CVE-2015-2384.

MS

oracle -- jdk

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.

2015-07-16




2015-07-16


oracle -- jdk


2015-07-16



2015-07-16





















Source & Patch Info

remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator , a different vulnerability than CVE-2015-2603, CVE-2015-2604, CVE-2015-2605, CVE-2015-2606, and CVE-2015-4745.



2015-07-16




2015-07-16



2015-07-16











Source & Patch Info

remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2603, CVE-2015-2604, CVE-2015-2606, and CVE-2015-4745.

...

[Message clipped] View entire message

National CERT <[email protected]> Jul 28

to cirttl.lict

SB15-201: Vulnerability Summary for the Week of July 13, 2015




Source & Patch Info


2015-07-15






https://mail.google.com/mail/u/0/?ui=2&ik=c613e49ac1&view=lg&msg=14ed30c53b49fc91



Source & Patch Info


adobe -- acrobat


2015-07-15


adobe -- acrobat Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a differentvulnerability than

2015-07-15












Source & Patch Info

CVE-2015-4435, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, and CVE-2015-5086.

adobe -- acrobat


2015-07-15


adobe -- acrobat


2015-07-15












Source & Patch Info

adobe -- acrobat


2015-07-15


adobe -- acrobat


2015-07-15


adobe -- acrobat Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and

2015-07-15
















Source & Patch Info

Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5095, CVE-2015-5099, CVE-2015-5101, CVE-2015-5111, CVE-2015-5113, and CVE-2015-5114.

adobe -- acrobat


2015-07-15


adobe -- acrobat Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a differentvulnerability than

2015-07-15












Source & Patch Info

CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-5085, and CVE-2015-5086.

adobe -- acrobat


2015-07-15


adobe -- acrobat


2015-07-15












Source & Patch Info

adobe -- acrobat


2015-07-15


adobe -- acrobat


2015-07-15



2015-07-15
















Source & Patch Info

2015.008.20082 on Windows and OS X allow attackers to cause a denial of service via invalid data.

adobe -- acrobat

Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.

2015-07-15


adobe -- acrobat


2015-07-15


adobe -- acrobat Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and

2015-07-15
















Source & Patch Info

Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4448, CVE-2015-5099, CVE-2015-5101, CVE-2015-5111, CVE-2015-5113, and CVE-2015-5114.

adobe -- acrobat


2015-07-15


adobe -- acrobat


2015-07-15












Source & Patch Info

adobe -- acrobat


2015-07-15


adobe -- acrobat


2015-07-15


adobe -- acrobat Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X

2015-07-15
















Source & Patch Info

allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3095, CVE-2015-5087, CVE-2015-5094, CVE-2015-5102, CVE-2015-5103, CVE-2015-5104, and CVE-2015-5115.

adobe -- acrobat


2015-07-15


adobe -- acrobat Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-

2015-07-15












Source & Patch Info

3095, CVE-2015-5087, CVE-2015-5094, CVE-2015-5100, CVE-2015-5103, CVE-2015-5104, and CVE-2015-5115.

adobe -- acrobat


2015-07-15


adobe -- acrobat


2015-07-15


adobe -- acrobat Heap-based buffer overflow in Adobe 2015-07- 10.0 CVE-2015-













Source & Patch Info

Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5096 and CVE-2015-5098.

155105CONFIRM

adobe -- acrobat


2015-07-15


adobe -- acrobat Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary

2015-07-15














Source & Patch Info

code via unspecified vectors, a different vulnerability than CVE-2015-5097 and CVE-2015-5109.

adobe -- acrobat


2015-07-15


adobe -- acrobat


2015-07-15


adobe -- acrobat Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X

2015-07-15
















Source & Patch Info

allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4448, CVE-2015-5095, CVE-2015-5099, CVE-2015-5101, CVE-2015-5113, and CVE-2015-5114.

adobe -- acrobat


2015-07-15


adobe -- acrobat Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4448, CVE-2015-5095, CVE-2015-5099,

2015-07-15












Source & Patch Info

CVE-2015-5101, CVE-2015-5111, and CVE-2015-5113.

adobe -- acrobat


2015-07-15




2015-07-14




2015-07-14
















Source & Patch Info


Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.

2015-07-14

10.0

CVE-2015-5122CERT-VNMISCCONFIRM


Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a ValueOf function, as exploited in the wild in July 2015.

2015-07-14

10.0

CVE-2015-5123CERT-VNCONFIRMMISC

centreon -- centreon SQL injection vulnerability in the 2015-07- 7.5 CVE-2015-

















Source & Patch Info

isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the sid parameter to include/common/XmlTree/GetXmlTree.php.

14

1560CONFIRMBUGTRAQMISC



2015-07-16

7.8CVE-2015-0725CISCO



2015-07-14

7.8




2015-07-14






















Source & Patch Info



2015-07-10


ibm -- business_process_manager

The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via an unspecified API call.

2015-07-13

9.0

CVE-2015-1961CONFIRMAIXAPAR

juniper -- junos


2015-07-14

7.2


juniper -- junos Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.2X52 before 13.2X52-D25, 13.3 before 13.3R6, 14.1R3 before

2015-07-14

























Source & Patch Info

14.1R3-S2, 14.1 before 14.1R4, 14.1X53 before 14.1X53-D12, 14.1X53 before 14.1X53-D16, 14.1X55 before 14.1X55-D25, 14.2 before 14.2R2, and 15.1 before 15.1R1 allows remote attackers to cause a denial of service (mbuf and connection consumption and restart) via a large number of requests that trigger a TCP connection to move to the LAST_ACK state when there is more data to send.

juniper -- junos


2015-07-14

7.1


juniper -- junos The BFD daemon in Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R6, 14.1

2015-07-14
















Source & Patch Info

before 14.1R5, 14.1X50 before 14.1X50-D85, 14.1X55 before 14.1X55-D20, 14.2 before 14.2R3, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D10 allows remote attackers to cause a denial of service (bfdd crash and restart) or execute arbitrary code via a crafted BFD packet.



2015-07-14

7.5




2015-07-14

7.5

CVE-2015-3279CONFIRMBIDMLISTMLISTDEBIANUBUNTUCONFIRMCONFIRMCONFIRM

microsoft -- internet_explorer Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of

2015-07-14

9.3 CVE-2015-1733MS




























Source & Patch Info

service (memory corruption) via a crafted web site, aka "Internet Explorer Memory CorruptionVulnerability," a different vulnerability than CVE-2015-2389 and CVE-2015-2411.



2015-07-14

9.3CVE-2015-1738MS



2015-07-14

7.1CVE-2015-1762MS

microsoft -- sql_server Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions,

2015-07-14

8.5 CVE-2015-1763MS















Source & Patch Info

which allows remote authenticated users to execute arbitrary code via a crafted query, aka "SQL Server Remote Code Execution Vulnerability."



2015-07-14

9.3CVE-2015-1767MS



2015-07-14

7.2CVE-2015-2361MS

microsoft -- windows_8 Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly initialize guest OS system data structures, which allows guest OS users to execute arbitrary code on the host OS by leveraging guest OS privileges, aka "Hyper-V System Data

2015-07-14

7.2 CVE-2015-2362MS















Source & Patch Info

Structure Vulnerability."


win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

2015-07-14

7.2CVE-2015-2363MS



2015-07-14

7.2CVE-2015-2364MS

microsoft -- windows_2003_server win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of

2015-07-14

7.2 CVE-2015-2365MS















Source & Patch Info

PrivilegeVulnerability."


win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

2015-07-14

7.2CVE-2015-2366MS



2015-07-14

7.2CVE-2015-2370MS


vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."

2015-07-14

9.3

CVE-2015-2372MSMS
















Source & Patch Info


The Remote Desktop Protocol (RDP) server service in Microsoft Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a series of crafted packets, aka "Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability."

2015-07-14

10.0CVE-2015-2373MS

microsoft -- excel


2015-07-14

9.3CVE-2015-2376MS

microsoft -- excel


2015-07-14

9.3CVE-2015-2377MS

microsoft -- office Microsoft Word 2007 SP3, Office 2010 2015-07- 9.3 CVE-2015-

















Source & Patch Info

SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory CorruptionVulnerability."

142379MS

microsoft -- office


2015-07-14

9.3CVE-2015-2380MS



2015-07-14

9.3CVE-2015-2383MS

microsoft -- internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-

2015-07-14

9.3 CVE-2015-2384MS

















Source & Patch Info

2383 and CVE-2015-2425.



2015-07-14

9.3CVE-2015-2385MS



2015-07-14

7.2CVE-2015-2387MS



2015-07-14

9.3CVE-2015-2388MS

microsoft -- internet_explorer Microsoft Internet Explorer 10 and 11 2015-07- 9.3 CVE-2015-

















Source & Patch Info


142389MS



2015-07-14

9.3CVE-2015-2390MS



2015-07-14

9.3CVE-2015-2391MS

microsoft -- internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory CorruptionVulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2404,

2015-07-14

9.3 CVE-2015-2397MS

















Source & Patch Info

CVE-2015-2406, and CVE-2015-2422.



2015-07-14

9.3CVE-2015-2401MS



2015-07-14

9.3CVE-2015-2403MS



2015-07-14

9.3CVE-2015-2404MS

microsoft -- internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory

2015-07-14

9.3 CVE-2015-2406MS



















Source & Patch Info

CorruptionVulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2397, CVE-2015-2404, and CVE-2015-2422.



2015-07-14

9.3CVE-2015-2408MS



2015-07-14

9.3CVE-2015-2411MS

microsoft -- excel


2015-07-14

9.3CVE-2015-2415MS

microsoft -- internet_explorer JScript 9 in Microsoft Internet Explorer 10 2015-07- 9.3 CVE-2015-

















Source & Patch Info

and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "JScript9 Memory CorruptionVulnerability."

142419MS



2015-07-14

9.3CVE-2015-2422MS



2015-07-14

9.3CVE-2015-2424MS

microsoft -- internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-

2015-07-14

9.3 CVE-2015-2425MS

















Source & Patch Info

2383 and CVE-2015-2384.

oracle -- jdk

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.

2015-07-16




2015-07-16


oracle -- jdk


2015-07-16


oracle -- fusion_middleware Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator , a different vulnerability than CVE-2015-2603, CVE-2015-2604, CVE-2015-2605,

2015-07-16




















Source & Patch Info

CVE-2015-2606, and CVE-2015-4745.



2015-07-16




2015-07-16


oracle -- fusion_middleware Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2603, CVE-2015-2604,

2015-07-16
















Source & Patch Info

CVE-2015-2606, and CVE-2015-4745.



2015-07-16


oracle -- jdk

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integ





vulnerability summary for the week of july 13, 2015

Documents

differentvulnerabilitythan

acrobat adobe reader

acrobat reader dc continuous

acrobat reader dc classic

unspecified vectors

cvss base score

low severity

high severity