Professional Documents
Culture Documents
Vulnerability Summary For The Week of July 13, 2015
Vulnerability Summary For The Week of July 13, 2015
- 6.9
- Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information
may include identifying information, values, definitions, and related links. Patch information is provided when available.
Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct
result of US-CERT analysis.
High Vulnerabilities
Primary
Vendor -- Product
adobe -- acrobat
Description
Published
Adobe Reader and Acrobat 10.x before 2015-07- 10.0 CVE-201510.1.15 and 11.x before 11.0.12, Acrobat
15
3095
and Acrobat Reader DC Classic before
CONFIRM
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allow attackers to execute arbitrary code
or cause a denial of service (memory
corruption) via unspecified vectors, a
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
adobe -- acrobat
Adobe Reader and Acrobat 10.x before 2015-07- 7.5 CVE-201510.1.15 and 11.x before 11.0.12, Acrobat
15
4446
and Acrobat Reader DC Classic before
CONFIRM
2015.006.30060, and Acrobat and
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
adobe -- acrobat
Adobe Reader and Acrobat 10.x before 2015-07- 10.0 CVE-201510.1.15 and 11.x before 11.0.12, Acrobat
15
5087
and Acrobat Reader DC Classic before
CONFIRM
2015.006.30060, and Acrobat and
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
adobe -- acrobat
Primary
Vendor -- Product
Description
Acrobat 10.x before 10.1.15 and 11.x
before 11.0.12, Acrobat and Acrobat
Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allows attackers to execute arbitrary
code via unspecified vectors.
adobe -- acrobat
adobe -- acrobat
Published
15
5093
CONFIRM
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
adobe -- acrobat
CVE-20152015-0710.0 5097
15
CONFIRM
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
adobe -- acrobat
Primary
Vendor -- Product
adobe -- acrobat
adobe -- acrobat
Description
Published
15
5103
CONFIRM
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
CVE-20152015-0710.0 5108
15
CONFIRM
adobe -- acrobat
Primary
Vendor -- Product
Description
Acrobat 10.x before 10.1.15 and 11.x
before 11.0.12, Acrobat and Acrobat
Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allows attackers to execute arbitrary
code via unspecified vectors, a
different vulnerability than CVE-20155097 and CVE-2015-5108.
adobe -- acrobat
adobe -- acrobat
Published
15
5109
CONFIRM
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
adobe -- acrobat
Adobe Reader and Acrobat 10.x before 2015-07- 10.0 CVE-201510.1.15 and 11.x before 11.0.12, Acrobat
15
5115
Primary
Vendor -- Product
Description
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allow attackers to execute arbitrary code
or cause a denial of service (memory
corruption) via unspecified vectors, a
different vulnerability than CVE-20153095, CVE-2015-5087, CVE-2015-5094,
CVE-2015-5100, CVE-2015-5102, CVE2015-5103, and CVE-2015-5104.
Published
CONFIRM
adobe -- shockwave_player
CVE-20152015-0710.0 5120
14
CONFIRM
adobe -- shockwave_player
CVE-20152015-0710.0 5121
14
CONFIRM
adobe -- flash_player
Primary
Vendor -- Product
Description
Published
adobe -- flash_player
centreon -- centreon
Primary
Vendor -- Product
Description
Published
djangoproject -- django
CVE-20155143
2015-077.8 CONFIRM
14
UBUNTU
DEBIAN
djangoproject -- django
CVE-20152015-077.8 5145
14
CONFIRM
emc -- recoverpoint_for_virtual_machines
CVE-20152015-077.2 4526
10
BUGTRAQ
Primary
Vendor -- Product
Description
Published
ibm -- business_process_manager
juniper -- junos
juniper -- junos
Primary
Vendor -- Product
Description
Published
juniper -- junos
juniper -- junos
Primary
Vendor -- Product
Description
Published
linuxfoundation -- cups-filters
linuxfoundation -- cups-filters
CVE-20153279
Integer overflow in filter/texttopdf.c in
CONFIRM
texttopdf in cups-filters before 1.0.71
BID
allows remote attackers to cause a denial
MLIST
2015-07of service (crash) or possibly execute
7.5 MLIST
14
arbitrary code via a crafted line size in a
DEBIAN
print job, which triggers a heap-based
UBUNTU
buffer overflow.
CONFIRM
CONFIRM
CONFIRM
microsoft -- internet_explorer
Primary
Vendor -- Product
Description
Published
microsoft -- internet_explorer
microsoft -- sql_server
microsoft -- sql_server
microsoft -- internet_explorer
Primary
Vendor -- Product
Description
Published
14
1767
MS
microsoft -- windows_8.1
microsoft -- windows_8
microsoft -- windows_2003_server
win32k.sys in the kernel-mode drivers in 2015-07- 7.2 CVE-2015Microsoft Windows Server 2003 SP2 and
14
2363
R2 SP2, Windows Vista SP2, Windows
MS
Server 2008 SP2 and R2 SP1, Windows
Primary
Vendor -- Product
Description
Published
microsoft -- windows_2003_server
microsoft -- windows_2003_server
microsoft -- windows_7
win32k.sys in the kernel-mode drivers in 2015-07- 7.2 CVE-2015Microsoft Windows 7 SP1, Windows
14
2366
Server 2008 R2 SP1, Windows 8,
MS
Windows 8.1, Windows Server 2012
Primary
Vendor -- Product
Description
Published
microsoft -- windows_2003_server
microsoft -- vbscript
microsoft -- windows_7
Primary
Vendor -- Product
Description
Published
microsoft -- excel
microsoft -- excel
microsoft -- office
Primary
Vendor -- Product
Description
Published
microsoft -- office
microsoft -- internet_explorer
CVE-20152015-079.3 2383
14
MS
microsoft -- internet_explorer
CVE-20152015-079.3 2384
14
MS
microsoft -- internet_explorer
Microsoft Internet Explorer 6 through 11 2015-07- 9.3 CVE-2015allows remote attackers to execute
14
2385
arbitrary code or cause a denial of
MS
service (memory corruption) via a crafted
Primary
Vendor -- Product
Description
Published
microsoft -- windows_2003_server
microsoft -- internet_explorer
microsoft -- internet_explorer
Primary
Vendor -- Product
Description
Published
microsoft -- internet_explorer
microsoft -- internet_explorer
microsoft -- internet_explorer
microsoft -- internet_explorer
CVE-20152015-079.3 2391
14
MS
Microsoft Internet Explorer 9 through 11 2015-07- 9.3 CVE-2015allows remote attackers to execute
14
2401
arbitrary code or cause a denial of
MS
service (memory corruption) via a crafted
Primary
Vendor -- Product
Description
Published
microsoft -- internet_explorer
microsoft -- internet_explorer
microsoft -- internet_explorer
microsoft -- internet_explorer
CVE-20152015-079.3 2403
14
MS
Primary
Vendor -- Product
Description
Published
14
2408
MS
microsoft -- internet_explorer
microsoft -- excel
microsoft -- internet_explorer
Primary
Vendor -- Product
Description
Published
microsoft -- internet_explorer
microsoft -- powerpoint
microsoft -- internet_explorer
oracle -- jdk
CVE-20152015-079.3 2425
14
MS
Unspecified vulnerability in Oracle Java 2015-07- 10.0 CVE-2015SE 6u95, 7u80, and 8u45, and Java SE
16
2590
Embedded 7u75 and 8u33 allows remote
CONFIRM
attackers to affect confidentiality,
Primary
Vendor -- Product
Description
Published
oracle -- fusion_middleware
oracle -- jdk
oracle -- fusion_middleware
oracle -- fusion_middleware
CVE-20152015-077.2 2597
16
CONFIRM
Primary
Vendor -- Product
Description
Published
oracle -- fusion_middleware
...
[Message clipped] View entire message
National CERT
<nationalcertbd@gmail.com>
to cirttl.lict
High Vulnerabilities
Jul 28
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
adobe -- acrobat
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
adobe -- acrobat
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
adobe -- acrobat
CVE-20152015-0710.0 5093
15
CONFIRM
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
adobe -- acrobat
CVE-20152015-0710.0 5097
15
CONFIRM
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
adobe -- acrobat
Primary
Vendor -- Product
Description
Published
15
5100
CONFIRM
adobe -- acrobat
adobe -- acrobat
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
adobe -- acrobat
CVE-20152015-0710.0 5108
15
CONFIRM
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
adobe -- acrobat
CVE-20152015-0710.0 5109
15
CONFIRM
Primary
Vendor -- Product
Description
and 11.x before 11.0.12, Acrobat and
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allows attackers to execute arbitrary
code via unspecified vectors, a
different vulnerability than CVE-20154448, CVE-2015-5095, CVE-2015-5099,
CVE-2015-5101, CVE-2015-5113, and
CVE-2015-5114.
Published
CONFIRM
adobe -- acrobat
adobe -- acrobat
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- shockwave_player
CVE-20152015-0710.0 5120
14
CONFIRM
adobe -- shockwave_player
CVE-20152015-0710.0 5121
14
CONFIRM
Primary
Vendor -- Product
Description
Published
adobe -- flash_player
adobe -- flash_player
Primary
Vendor -- Product
Description
Published
centreon -- centreon
djangoproject -- django
CVE-20155143
2015-077.8 CONFIRM
14
UBUNTU
DEBIAN
Primary
Vendor -- Product
Description
Published
djangoproject -- django
CVE-20152015-077.8 5145
14
CONFIRM
emc -- recoverpoint_for_virtual_machines
CVE-20152015-077.2 4526
10
BUGTRAQ
ibm -- business_process_manager
juniper -- junos
juniper -- junos
2015-07CVE-20157.1
14
5358
Primary
Vendor -- Product
Description
D35, 12.1X47 before 12.1X47-D25, 12.3
before 12.3R9, 12.3X48 before 12.3X48D15, 13.2 before 13.2R7, 13.2X51 before
13.2X51-D35, 13.2X52 before 13.2X52D25, 13.3 before 13.3R6, 14.1R3 before
14.1R3-S2, 14.1 before 14.1R4, 14.1X53
before 14.1X53-D12, 14.1X53 before
14.1X53-D16, 14.1X55 before 14.1X55D25, 14.2 before 14.2R2, and 15.1
before 15.1R1 allows remote attackers to
cause a denial of service (mbuf and
connection consumption and restart) via
a large number of requests that trigger a
TCP connection to move to the
LAST_ACK state when there is more
data to send.
Published
SECTRACK
CONFIRM
juniper -- junos
juniper -- junos
Primary
Vendor -- Product
Description
Published
14
5362
SECTRACK
CONFIRM
linuxfoundation -- cups-filters
linuxfoundation -- cups-filters
Primary
Vendor -- Product
Description
Published
microsoft -- internet_explorer
microsoft -- internet_explorer
microsoft -- sql_server
Primary
Vendor -- Product
Description
Published
microsoft -- sql_server
microsoft -- internet_explorer
microsoft -- windows_8.1
microsoft -- windows_8
Primary
Vendor -- Product
Description
Published
microsoft -- windows_2003_server
microsoft -- windows_2003_server
microsoft -- windows_2003_server
Primary
Vendor -- Product
Description
Published
microsoft -- windows_7
microsoft -- windows_2003_server
microsoft -- vbscript
CVE-20152015-072372
9.3
14
MS
MS
Primary
Vendor -- Product
Description
Published
microsoft -- windows_7
microsoft -- excel
microsoft -- excel
Primary
Vendor -- Product
Description
Published
microsoft -- office
microsoft -- office
microsoft -- internet_explorer
CVE-20152015-079.3 2383
14
MS
microsoft -- internet_explorer
Primary
Vendor -- Product
Description
code or cause a denial of service
(memory corruption) via a crafted web
site, aka "Internet Explorer Memory
Corruption Vulnerability," a
different vulnerability than CVE-20152383 and CVE-2015-2425.
Published
MS
microsoft -- internet_explorer
microsoft -- windows_2003_server
microsoft -- internet_explorer
Primary
Vendor -- Product
Description
Published
CorruptionVulnerability," a
different vulnerability than CVE-20151738.
microsoft -- internet_explorer
microsoft -- internet_explorer
microsoft -- internet_explorer
CVE-20152015-079.3 2391
14
MS
microsoft -- internet_explorer
CVE-20152015-079.3 2397
14
MS
Primary
Vendor -- Product
Description
Published
microsoft -- internet_explorer
microsoft -- internet_explorer
microsoft -- internet_explorer
CVE-20152015-079.3 2403
14
MS
Primary
Vendor -- Product
Description
Published
microsoft -- internet_explorer
microsoft -- internet_explorer
microsoft -- internet_explorer
microsoft -- excel
Primary
Vendor -- Product
Description
Published
microsoft -- internet_explorer
microsoft -- internet_explorer
microsoft -- powerpoint
microsoft -- internet_explorer
Primary
Vendor -- Product
Description
code or cause a denial of service
(memory corruption) via a crafted web
site, aka "Internet Explorer Memory
Corruption Vulnerability," a
different vulnerability than CVE-20152383 and CVE-2015-2384.
Published
MS
oracle -- jdk
oracle -- fusion_middleware
oracle -- jdk
oracle -- fusion_middleware
CVE-20152015-077.2 2597
16
CONFIRM
Primary
Vendor -- Product
Description
Published
oracle -- fusion_middleware
oracle -- fusion_middleware
oracle -- fusion_middleware
Primary
Vendor -- Product
Description
Published
National CERT
to cirttl.lict
<nationalcertbd@gmail.com>
Jul 28
High Vulnerabilities
Primary
Vendor -- Product
adobe -- acrobat
adobe -- acrobat
Description
Published
Primary
Vendor -- Product
Description
Published
and CVE-2015-5086.
adobe -- acrobat
adobe -- acrobat
adobe -- acrobat
Adobe Reader and Acrobat 10.x before 2015-07- 10.0 CVE-201510.1.15 and 11.x before 11.0.12, Acrobat
15
4445
and Acrobat Reader DC Classic before
CONFIRM
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
Primary
Vendor -- Product
Description
Published
and CVE-2015-5086.
adobe -- acrobat
adobe -- acrobat
adobe -- acrobat
Adobe Reader and Acrobat 10.x before 2015-07- 10.0 CVE-201510.1.15 and 11.x before 11.0.12, Acrobat
15
5086
and Acrobat Reader DC Classic before
CONFIRM
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
adobe -- acrobat
CVE-20152015-0710.0 5093
15
CONFIRM
Adobe Reader and Acrobat 10.x before 2015-07- 10.0 CVE-201510.1.15 and 11.x before 11.0.12, Acrobat
15
5094
and Acrobat Reader DC Classic before
CONFIRM
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allow attackers to execute arbitrary code
or cause a denial of service (memory
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
adobe -- acrobat
Primary
Vendor -- Product
Description
Acrobat 10.x before 10.1.15 and 11.x
before 11.0.12, Acrobat and Acrobat
Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allows attackers to execute arbitrary
code via unspecified vectors, a
different vulnerability than CVE-20155108 and CVE-2015-5109.
adobe -- acrobat
adobe -- acrobat
Published
15
5097
CONFIRM
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
adobe -- acrobat
Adobe Reader and Acrobat 10.x before 2015-07- 10.0 CVE-201510.1.15 and 11.x before 11.0.12, Acrobat
15
5104
and Acrobat Reader DC Classic before
CONFIRM
2015.006.30060, and Acrobat and
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
CVE-20152015-0710.0 5108
15
CONFIRM
adobe -- acrobat
CVE-20152015-0710.0 5109
15
CONFIRM
adobe -- acrobat
Primary
Vendor -- Product
Description
Published
adobe -- acrobat
adobe -- acrobat
adobe -- acrobat
Primary
Vendor -- Product
adobe -- acrobat
adobe -- shockwave_player
Description
Published
15
5114
CONFIRM
Primary
Vendor -- Product
Description
Published
adobe -- shockwave_player
adobe -- flash_player
adobe -- flash_player
CVE-20152015-0710.0 5121
14
CONFIRM
Primary
Vendor -- Product
Description
Published
centreon -- centreon
Primary
Vendor -- Product
Description
remote attackers to cause a denial of
service (session store consumption) via
multiple requests with unique session
keys.
Published
djangoproject -- django
CVE-20152015-077.8 5145
14
CONFIRM
emc -- recoverpoint_for_virtual_machines
CVE-20152015-077.2 4526
10
BUGTRAQ
ibm -- business_process_manager
juniper -- junos
Primary
Vendor -- Product
Description
Published
juniper -- junos
juniper -- junos
Primary
Vendor -- Product
Description
Published
juniper -- junos
linuxfoundation -- cups-filters
linuxfoundation -- cups-filters
Primary
Vendor -- Product
Description
Published
microsoft -- internet_explorer
microsoft -- internet_explorer
microsoft -- sql_server
Primary
Vendor -- Product
Description
Published
microsoft -- sql_server
microsoft -- internet_explorer
microsoft -- windows_8.1
Primary
Vendor -- Product
Description
Published
microsoft -- windows_8
microsoft -- windows_2003_server
microsoft -- windows_2003_server
Primary
Vendor -- Product
Description
Published
microsoft -- windows_2003_server
microsoft -- windows_7
microsoft -- windows_2003_server
Primary
Vendor -- Product
Description
Published
microsoft -- vbscript
microsoft -- windows_7
microsoft -- excel
microsoft -- excel
Primary
Vendor -- Product
Description
Published
14
2377
MS
microsoft -- office
microsoft -- office
microsoft -- internet_explorer
Primary
Vendor -- Product
Description
Published
microsoft -- internet_explorer
microsoft -- internet_explorer
microsoft -- windows_2003_server
microsoft -- internet_explorer
CVE-20152015-079.3 2384
14
MS
Primary
Vendor -- Product
Description
Published
14
2388
MS
microsoft -- internet_explorer
microsoft -- internet_explorer
microsoft -- internet_explorer
CVE-20152015-079.3 2391
14
MS
Primary
Vendor -- Product
Description
Published
microsoft -- internet_explorer
microsoft -- internet_explorer
microsoft -- internet_explorer
microsoft -- internet_explorer
CVE-20152015-079.3 2403
14
MS
Microsoft Internet Explorer 6 through 11 2015-07- 9.3 CVE-2015allows remote attackers to execute
14
2404
arbitrary code or cause a denial of
MS
service (memory corruption) via a crafted
web site, aka "Internet Explorer Memory
CorruptionVulnerability," a
different vulnerability than CVE-2015-
Primary
Vendor -- Product
Description
Published
microsoft -- internet_explorer
microsoft -- internet_explorer
microsoft -- internet_explorer
microsoft -- excel
Primary
Vendor -- Product
Description
SP1, and Office Compatibility Pack SP3
allow remote attackers to execute
arbitrary code or cause a denial of
service (memory corruption) via a crafted
Office document, aka "Microsoft Office
Memory CorruptionVulnerability."
Published
MS
microsoft -- internet_explorer
microsoft -- internet_explorer
microsoft -- powerpoint
Primary
Vendor -- Product
Description
Published
microsoft -- internet_explorer
oracle -- jdk
oracle -- fusion_middleware
oracle -- jdk
CVE-20152015-077.2 2597
16
CONFIRM
oracle -- fusion_middleware
CVE-20152015-079.3 2425
14
MS
Primary
Vendor -- Product
Description
component in Oracle Fusion Middleware
2.2.2, 2.3, 2.4, 3.0, and 3.1 allows
remote attackers to affect confidentiality,
integrity, and availability via unknown
vectors related to Integrator , a
different vulnerability than CVE-20152603, CVE-2015-2604, CVE-2015-2605,
CVE-2015-2606, and CVE-2015-4745.
Published
CONFIRM
oracle -- fusion_middleware
oracle -- fusion_middleware
oracle -- fusion_middleware
Primary
Vendor -- Product
Description
component in Oracle Fusion Middleware
2.2.2, 2.3, 2.4, 3.0, and 3.1 allows
remote attackers to affect confidentiality,
integrity, and availability via unknown
vectors related to Integrator, a
different vulnerability than CVE-20152602, CVE-2015-2603, CVE-2015-2604,
CVE-2015-2606, and CVE-2015-4745.
Published
CONFIRM
oracle -- fusion_middleware
oracle -- jdk