SB15-201: Vulnerability Summary for the Week of July 13, 2015

07/20/2015 08:20 AM EDT

Original release date: July 20, 2015

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity,
determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low
severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0
Low

- 6.9

- Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information
may include identifying information, values, definitions, and related links. Patch information is provided when available.
Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct
result of US-CERT analysis.

High Vulnerabilities
Primary
Vendor -- Product
adobe -- acrobat

Description

Published

CVSS Source &

Score Patch Info

Adobe Reader and Acrobat 10.x before 2015-07- 10.0 CVE-201510.1.15 and 11.x before 11.0.12, Acrobat
15
3095
and Acrobat Reader DC Classic before
CONFIRM
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allow attackers to execute arbitrary code
or cause a denial of service (memory
corruption) via unspecified vectors, a

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

different vulnerability than CVE-20155087, CVE-2015-5094, CVE-2015-5100,

CVE-2015-5102, CVE-2015-5103, CVE2015-5104, and CVE-2015-5115.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to bypass JavaScript API
10.0 4435
15
execution restrictions via unspecified
CONFIRM
vectors, a differentvulnerability than
CVE-2015-4438, CVE-2015-4441, CVE2015-4445, CVE-2015-4447, CVE-20154451, CVE-2015-4452, CVE-2015-5085,
and CVE-2015-5086.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to bypass JavaScript API
10.0 4438
15
execution restrictions via unspecified
CONFIRM
vectors, a differentvulnerability than
CVE-2015-4435, CVE-2015-4441, CVE2015-4445, CVE-2015-4447, CVE-20154451, CVE-2015-4452, CVE-2015-5085,
and CVE-2015-5086.

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to bypass JavaScript API
10.0 4441
15
execution restrictions via unspecified
CONFIRM
vectors, a differentvulnerability than
CVE-2015-4435, CVE-2015-4438, CVE2015-4445, CVE-2015-4447, CVE-20154451, CVE-2015-4452, CVE-2015-5085,
and CVE-2015-5086.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to bypass JavaScript API
10.0 4445
15
execution restrictions via unspecified
CONFIRM
vectors, a differentvulnerability than
CVE-2015-4435, CVE-2015-4438, CVE2015-4441, CVE-2015-4447, CVE-20154451, CVE-2015-4452, CVE-2015-5085,
and CVE-2015-5086.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before 2015-07- 7.5 CVE-201510.1.15 and 11.x before 11.0.12, Acrobat
15
4446
and Acrobat Reader DC Classic before
CONFIRM
2015.006.30060, and Acrobat and

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

Acrobat Reader DC Continuous before

2015.008.20082 on Windows and OS X
allow attackers to bypass intended
access restrictions and perform a
transition from Low Integrity to Medium
Integrity via unspecified vectors, a
differentvulnerability than CVE-20155090 and CVE-2015-5106.

adobe -- acrobat

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to bypass JavaScript API
10.0 4447
15
execution restrictions via unspecified
CONFIRM
vectors, a differentvulnerability than
CVE-2015-4435, CVE-2015-4438, CVE2015-4441, CVE-2015-4445, CVE-20154451, CVE-2015-4452, CVE-2015-5085,
and CVE-2015-5086.
Use-after-free vulnerability in Adobe
2015-07- 10.0 CVE-2015Reader and Acrobat 10.x before 10.1.15
15
4448
and 11.x before 11.0.12, Acrobat and
CONFIRM
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allows attackers to execute arbitrary
code via unspecified vectors, a

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

different vulnerability than CVE-20155095, CVE-2015-5099, CVE-2015-5101,

CVE-2015-5111, CVE-2015-5113, and
CVE-2015-5114.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to bypass JavaScript API
10.0 4451
15
execution restrictions via unspecified
CONFIRM
vectors, a differentvulnerability than
CVE-2015-4435, CVE-2015-4438, CVE2015-4441, CVE-2015-4445, CVE-20154447, CVE-2015-4452, CVE-2015-5085,
and CVE-2015-5086.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to bypass JavaScript API
10.0 4452
15
execution restrictions via unspecified
CONFIRM
vectors, a differentvulnerability than
CVE-2015-4435, CVE-2015-4438, CVE2015-4441, CVE-2015-4445, CVE-20154447, CVE-2015-4451, CVE-2015-5085,
and CVE-2015-5086.

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to bypass JavaScript API
10.0 5085
15
execution restrictions via unspecified
CONFIRM
vectors, a differentvulnerability than
CVE-2015-4435, CVE-2015-4438, CVE2015-4441, CVE-2015-4445, CVE-20154447, CVE-2015-4451, CVE-2015-4452,
and CVE-2015-5086.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to bypass JavaScript API
10.0 5086
15
execution restrictions via unspecified
CONFIRM
vectors, a differentvulnerability than
CVE-2015-4435, CVE-2015-4438, CVE2015-4441, CVE-2015-4445, CVE-20154447, CVE-2015-4451, CVE-2015-4452,
and CVE-2015-5085.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before 2015-07- 10.0 CVE-201510.1.15 and 11.x before 11.0.12, Acrobat
15
5087
and Acrobat Reader DC Classic before
CONFIRM
2015.006.30060, and Acrobat and

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

Acrobat Reader DC Continuous before

2015.008.20082 on Windows and OS X
allow attackers to execute arbitrary code
or cause a denial of service (memory
corruption) via unspecified vectors, a
different vulnerability than CVE-20153095, CVE-2015-5094, CVE-2015-5100,
CVE-2015-5102, CVE-2015-5103, CVE2015-5104, and CVE-2015-5115.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
CVE-20152015.008.20082 on Windows and OS X 2015-077.5 5090
allow attackers to bypass intended
15
CONFIRM
access restrictions and perform a
transition from Low Integrity to Medium
Integrity via unspecified vectors, a
differentvulnerability than CVE-20154446 and CVE-2015-5106.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
CVE-20152015.006.30060, and Acrobat and
2015-077.8 5091
Acrobat Reader DC Continuous before
15
CONFIRM
2015.008.20082 on Windows and OS X
allow attackers to cause a denial of
service via invalid data.

adobe -- acrobat

Buffer overflow in Adobe Reader and

2015-07- 10.0 CVE-2015-

Primary
Vendor -- Product

Description
Acrobat 10.x before 10.1.15 and 11.x
before 11.0.12, Acrobat and Acrobat
Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allows attackers to execute arbitrary
code via unspecified vectors.

adobe -- acrobat

adobe -- acrobat

Published

15

CVSS Source &

Score Patch Info

5093
CONFIRM

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to execute arbitrary code
10.0 5094
15
or cause a denial of service (memory
CONFIRM
corruption) via unspecified vectors, a
different vulnerability than CVE-20153095, CVE-2015-5087, CVE-2015-5100,
CVE-2015-5102, CVE-2015-5103, CVE2015-5104, and CVE-2015-5115.
Use-after-free vulnerability in Adobe
2015-07- 10.0 CVE-2015Reader and Acrobat 10.x before 10.1.15
15
5095
and 11.x before 11.0.12, Acrobat and
CONFIRM
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allows attackers to execute arbitrary
code via unspecified vectors, a

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

different vulnerability than CVE-20154448, CVE-2015-5099, CVE-2015-5101,

CVE-2015-5111, CVE-2015-5113, and
CVE-2015-5114.

adobe -- acrobat

Heap-based buffer overflow in Adobe

Reader and Acrobat 10.x before 10.1.15
and 11.x before 11.0.12, Acrobat and
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
CVE-20152015-07Acrobat Reader DC Continuous before
10.0 5096
15
2015.008.20082 on Windows and OS X
CONFIRM
allows attackers to execute arbitrary
code via unspecified vectors, a
different vulnerability than CVE-20155098 and CVE-2015-5105.

adobe -- acrobat

Integer overflow in Adobe Reader and

Acrobat 10.x before 10.1.15 and 11.x
before 11.0.12, Acrobat and Acrobat
Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allows attackers to execute arbitrary
code via unspecified vectors, a
different vulnerability than CVE-20155108 and CVE-2015-5109.

adobe -- acrobat

CVE-20152015-0710.0 5097
15
CONFIRM

Heap-based buffer overflow in Adobe

2015-07- 10.0 CVE-2015Reader and Acrobat 10.x before 10.1.15
15
5098
and 11.x before 11.0.12, Acrobat and
CONFIRM
Acrobat Reader DC Classic before

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

2015.006.30060, and Acrobat and

Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allows attackers to execute arbitrary
code via unspecified vectors, a
different vulnerability than CVE-20155096 and CVE-2015-5105.

adobe -- acrobat

adobe -- acrobat

Use-after-free vulnerability in Adobe

Reader and Acrobat 10.x before 10.1.15
and 11.x before 11.0.12, Acrobat and
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
CVE-20152015-072015.008.20082 on Windows and OS X
10.0 5099
15
allows attackers to execute arbitrary
CONFIRM
code via unspecified vectors, a
different vulnerability than CVE-20154448, CVE-2015-5095, CVE-2015-5101,
CVE-2015-5111, CVE-2015-5113, and
CVE-2015-5114.
Adobe Reader and Acrobat 10.x before 2015-07- 10.0 CVE-201510.1.15 and 11.x before 11.0.12, Acrobat
15
5100
and Acrobat Reader DC Classic before
CONFIRM
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allow attackers to execute arbitrary code
or cause a denial of service (memory
corruption) via unspecified vectors, a
different vulnerability than CVE-2015-

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

3095, CVE-2015-5087, CVE-2015-5094,

CVE-2015-5102, CVE-2015-5103, CVE2015-5104, and CVE-2015-5115.

adobe -- acrobat

Use-after-free vulnerability in Adobe

Reader and Acrobat 10.x before 10.1.15
and 11.x before 11.0.12, Acrobat and
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
CVE-20152015-072015.008.20082 on Windows and OS X
10.0 5101
15
allows attackers to execute arbitrary
CONFIRM
code via unspecified vectors, a
different vulnerability than CVE-20154448, CVE-2015-5095, CVE-2015-5099,
CVE-2015-5111, CVE-2015-5113, and
CVE-2015-5114.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to execute arbitrary code
10.0 5102
15
or cause a denial of service (memory
CONFIRM
corruption) via unspecified vectors, a
different vulnerability than CVE-20153095, CVE-2015-5087, CVE-2015-5094,
CVE-2015-5100, CVE-2015-5103, CVE2015-5104, and CVE-2015-5115.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

2015-07- 10.0 CVE-2015-

Primary
Vendor -- Product

adobe -- acrobat

adobe -- acrobat

Description

Published

10.1.15 and 11.x before 11.0.12, Acrobat

and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allow attackers to execute arbitrary code
or cause a denial of service (memory
corruption) via unspecified vectors, a
different vulnerability than CVE-20153095, CVE-2015-5087, CVE-2015-5094,
CVE-2015-5100, CVE-2015-5102, CVE2015-5104, and CVE-2015-5115.

15

CVSS Source &

Score Patch Info

5103
CONFIRM

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to execute arbitrary code
10.0 5104
15
or cause a denial of service (memory
CONFIRM
corruption) via unspecified vectors, a
different vulnerability than CVE-20153095, CVE-2015-5087, CVE-2015-5094,
CVE-2015-5100, CVE-2015-5102, CVE2015-5103, and CVE-2015-5115.
Heap-based buffer overflow in Adobe
2015-07- 10.0 CVE-2015Reader and Acrobat 10.x before 10.1.15
15
5105
and 11.x before 11.0.12, Acrobat and
CONFIRM
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

Acrobat Reader DC Continuous before

2015.008.20082 on Windows and OS X
allows attackers to execute arbitrary
code via unspecified vectors, a
different vulnerability than CVE-20155096 and CVE-2015-5098.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
CVE-20152015.008.20082 on Windows and OS X 2015-077.5 5106
allow attackers to bypass intended
15
CONFIRM
access restrictions and perform a
transition from Low Integrity to Medium
Integrity via unspecified vectors, a
differentvulnerability than CVE-20154446 and CVE-2015-5090.

adobe -- acrobat

Integer overflow in Adobe Reader and

Acrobat 10.x before 10.1.15 and 11.x
before 11.0.12, Acrobat and Acrobat
Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allows attackers to execute arbitrary
code via unspecified vectors, a
different vulnerability than CVE-20155097 and CVE-2015-5109.

CVE-20152015-0710.0 5108
15
CONFIRM

adobe -- acrobat

Integer overflow in Adobe Reader and

2015-07- 10.0 CVE-2015-

Primary
Vendor -- Product

Description
Acrobat 10.x before 10.1.15 and 11.x
before 11.0.12, Acrobat and Acrobat
Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allows attackers to execute arbitrary
code via unspecified vectors, a
different vulnerability than CVE-20155097 and CVE-2015-5108.

adobe -- acrobat

adobe -- acrobat

Published

15

CVSS Source &

Score Patch Info

5109
CONFIRM

Stack-based buffer overflow in Adobe

Reader and Acrobat 10.x before 10.1.15
and 11.x before 11.0.12, Acrobat and
Acrobat Reader DC Classic before
CVE-20152015-072015.006.30060, and Acrobat and
10.0 5110
15
Acrobat Reader DC Continuous before
CONFIRM
2015.008.20082 on Windows and OS X
allows attackers to execute arbitrary
code via unspecified vectors.
Use-after-free vulnerability in Adobe
2015-07- 10.0 CVE-2015Reader and Acrobat 10.x before 10.1.15
15
5111
and 11.x before 11.0.12, Acrobat and
CONFIRM
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allows attackers to execute arbitrary
code via unspecified vectors, a
different vulnerability than CVE-20154448, CVE-2015-5095, CVE-2015-5099,

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

CVE-2015-5101, CVE-2015-5113, and

CVE-2015-5114.

adobe -- acrobat

Use-after-free vulnerability in Adobe

Reader and Acrobat 10.x before 10.1.15
and 11.x before 11.0.12, Acrobat and
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
CVE-20152015-072015.008.20082 on Windows and OS X
10.0 5113
15
allows attackers to execute arbitrary
CONFIRM
code via unspecified vectors, a
different vulnerability than CVE-20154448, CVE-2015-5095, CVE-2015-5099,
CVE-2015-5101, CVE-2015-5111, and
CVE-2015-5114.

adobe -- acrobat

Use-after-free vulnerability in Adobe

Reader and Acrobat 10.x before 10.1.15
and 11.x before 11.0.12, Acrobat and
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
CVE-20152015-072015.008.20082 on Windows and OS X
10.0 5114
15
allows attackers to execute arbitrary
CONFIRM
code via unspecified vectors, a
different vulnerability than CVE-20154448, CVE-2015-5095, CVE-2015-5099,
CVE-2015-5101, CVE-2015-5111, and
CVE-2015-5113.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before 2015-07- 10.0 CVE-201510.1.15 and 11.x before 11.0.12, Acrobat
15
5115

Primary
Vendor -- Product

Description
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allow attackers to execute arbitrary code
or cause a denial of service (memory
corruption) via unspecified vectors, a
different vulnerability than CVE-20153095, CVE-2015-5087, CVE-2015-5094,
CVE-2015-5100, CVE-2015-5102, CVE2015-5103, and CVE-2015-5104.

Published

CVSS Source &

Score Patch Info

CONFIRM

adobe -- shockwave_player

Adobe Shockwave Player before

12.1.9.159 allows attackers to execute
arbitrary code or cause a denial of
service (memory corruption) via
unspecified vectors, a
different vulnerability than CVE-20155121.

CVE-20152015-0710.0 5120
14
CONFIRM

adobe -- shockwave_player

Adobe Shockwave Player before

12.1.9.159 allows attackers to execute
arbitrary code or cause a denial of
service (memory corruption) via
unspecified vectors, a
different vulnerability than CVE-20155120.

CVE-20152015-0710.0 5121
14
CONFIRM

adobe -- flash_player

Use-after-free vulnerability in the

2015-07- 10.0 CVE-2015DisplayObject class in the ActionScript 3
14
5122
(AS3) implementation in Adobe Flash
CERT-VN
Player 13.x through 13.0.0.302 on
MISC
Windows and OS X, 14.x through
CONFIRM

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

18.0.0.203 on Windows and OS X, 11.x

through 11.2.202.481 on Linux, and 12.x
through 18.0.0.204 on Linux Chrome
installations allows remote attackers to
execute arbitrary code or cause a denial
of service (memory corruption) via
crafted Flash content that leverages
improper handling of the
opaqueBackground property, as
exploited in the wild in July 2015.

adobe -- flash_player

centreon -- centreon

Use-after-free vulnerability in the

BitmapData class in the ActionScript 3
(AS3) implementation in Adobe Flash
Player 13.x through 13.0.0.302 on
Windows and OS X, 14.x through
CVE-201518.0.0.203 on Windows and OS X, 11.x
5123
through 11.2.202.481 on Linux, and 12.x 2015-0710.0 CERT-VN
through 18.0.0.204 on Linux Chrome
14
CONFIRM
installations allows remote attackers to
MISC
execute arbitrary code or cause a denial
of service (memory corruption) via
crafted Flash content that overrides a
ValueOf function, as exploited in the wild
in July 2015.
SQL injection vulnerability in the
2015-07- 7.5 CVE-2015isUserAdmin function in
14
1560
include/common/common-Func.php in
CONFIRM
Centreon (formerly Merethis Centreon)
BUGTRAQ
2.5.4 and earlier allows remote attackers
MISC
to execute arbitrary SQL commands via

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

the sid parameter to

include/common/XmlTree/GetXmlTree.ph
p.
Cisco Videoscape Distribution Suite
Service Broker (aka VDS-SB), when a
VDSM configuration on UCS is used, and
Videoscape Distribution Suite for Internet
cisco -CVE-2015Streaming (aka VDS-IS or CDS-IS)
2015-07videoscape_distribution_suite_for_internet_streami
7.8 0725
before 3.3.1 R7 and 4.x before 4.0.0 R4
16
ng
CISCO
allow remote attackers to cause a denial
of service (device reload) via a crafted
HTTP request, aka Bug IDs
CSCus79834 and CSCuu63409.

djangoproject -- django

The session backends in Django before

1.4.21, 1.5.x through 1.6.x, 1.7.x before
1.7.9, and 1.8.x before 1.8.3 allows
remote attackers to cause a denial of
service (session store consumption) via
multiple requests with unique session
keys.

CVE-20155143
2015-077.8 CONFIRM
14
UBUNTU
DEBIAN

djangoproject -- django

validators.URLValidator in Django 1.8.x

before 1.8.3 allows remote attackers to
cause a denial of service (CPU
consumption) via unspecified vectors.

CVE-20152015-077.8 5145
14
CONFIRM

emc -- recoverpoint_for_virtual_machines

EMC RecoverPoint for Virtual Machines

(VMs) 4.2 allows local users to obtain
root-shell access by bypassing the
Installation Manager Boxmgmt CLI
interface.

CVE-20152015-077.2 4526
10
BUGTRAQ

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

ibm -- business_process_manager

The REST API in IBM Business Process

Manager (BPM) 7.5.x through 7.5.1.2,
8.0.x through 8.0.1.3, 8.5.0 through
CVE-20158.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6
2015-071961
through 8.5.6.0 allows remote
9.0
13
CONFIRM
authenticated users to bypass intended
AIXAPAR
access restrictions and execute arbitrary
JavaScript code on the server via an
unspecified API call.

juniper -- junos

The Juniper SRX Series services

gateways with Junos OS 12.1X46 before
12.1X46-D35, 12.1X47 before 12.1X47CVE-2015D25, and 12.3X48 before 12.3X48-D15
2015-073007
do not properly implement the "set
7.2
14
SECTRACK
system ports console insecure" feature,
CONFIRM
which allows physically proximate
attackers to gain administrative privileges
by leveraging access to the console port.

juniper -- junos

Juniper Junos OS 12.1X44 before

2015-07- 7.1 CVE-201512.1X44-D50, 12.1X46 before 12.1X4614
5358
D35, 12.1X47 before 12.1X47-D25, 12.3
SECTRACK
before 12.3R9, 12.3X48 before 12.3X48CONFIRM
D15, 13.2 before 13.2R7, 13.2X51 before
13.2X51-D35, 13.2X52 before 13.2X52D25, 13.3 before 13.3R6, 14.1R3 before
14.1R3-S2, 14.1 before 14.1R4, 14.1X53
before 14.1X53-D12, 14.1X53 before
14.1X53-D16, 14.1X55 before 14.1X55D25, 14.2 before 14.2R2, and 15.1
before 15.1R1 allows remote attackers to

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

cause a denial of service (mbuf and

connection consumption and restart) via
a large number of requests that trigger a
TCP connection to move to the
LAST_ACK state when there is more
data to send.

juniper -- junos

juniper -- junos

Juniper Junos OS 12.1X44 before

12.1X44-D50, 12.1X46 before 12.1X46D35, 12.1X47 before 12.1X47-D25, 12.3
before 12.3R9, 12.3X48 before 12.3X48D10, 13.2 before 13.2R7, 13.3 before
CVE-201513.3R5, 14.1R3 before 14.1R3-S2, 14.1
2015-075359
before 14.1R4, 14.2 before 14.2R2, and
7.1
14
SECTRACK
15.1 before 15.1R1 allows remote
CONFIRM
attackers to cause a denial of service
(NULL pointer dereference and RDP
crash) via a large number of BGP-VPLS
advertisements with updated BGP local
preference values.
The BFD daemon in Juniper Junos OS 2015-07- 9.3 CVE-201512.1X44 before 12.1X44-D50, 12.1X46
14
5362
before 12.1X46-D35, 12.1X47 before
SECTRACK
12.1X47-D25, 12.3 before 12.3R10,
CONFIRM
12.3X48 before 12.3X48-D15, 13.2
before 13.2R8, 13.3 before 13.3R6, 14.1
before 14.1R5, 14.1X50 before 14.1X50D85, 14.1X55 before 14.1X55-D20, 14.2
before 14.2R3, 15.1 before 15.1R1, and
15.1X49 before 15.1X49-D10 allows
remote attackers to cause a denial of

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

service (bfdd crash and restart) or

execute arbitrary code via a crafted BFD
packet.

linuxfoundation -- cups-filters

CVE-2015Heap-based buffer overflow in the

3258
WriteProlog function in filter/texttopdf.c in
CONFIRM
texttopdf in cups-filters before 1.0.70
2015-07BID
allows remote attackers to cause a denial
7.5
14
MLIST
of service (crash) or possibly execute
DEBIAN
arbitrary code via a small line size in a
UBUNTU
print job.
CONFIRM

linuxfoundation -- cups-filters

CVE-20153279
Integer overflow in filter/texttopdf.c in
CONFIRM
texttopdf in cups-filters before 1.0.71
BID
allows remote attackers to cause a denial
MLIST
2015-07of service (crash) or possibly execute
7.5 MLIST
14
arbitrary code via a crafted line size in a
DEBIAN
print job, which triggers a heap-based
UBUNTU
buffer overflow.
CONFIRM
CONFIRM
CONFIRM

microsoft -- internet_explorer

Microsoft Internet Explorer 10 and 11

allows remote attackers to execute
arbitrary code or cause a denial of
CVE-2015service (memory corruption) via a crafted 2015-079.3 1733
web site, aka "Internet Explorer Memory
14
MS
CorruptionVulnerability," a
different vulnerability than CVE-20152389 and CVE-2015-2411.

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

microsoft -- internet_explorer

Microsoft Internet Explorer 8 and 9

allows remote attackers to execute
arbitrary code or cause a denial of
CVE-2015service (memory corruption) via a crafted 2015-079.3 1738
web site, aka "Internet Explorer Memory
14
MS
CorruptionVulnerability," a
different vulnerability than CVE-20152388.

microsoft -- sql_server

Microsoft SQL Server 2008 SP3 and

SP4, 2008 R2 SP2 and SP3, 2012 SP1
and SP2, and 2014, when transactional
replication is configured, does not
prevent use of uninitialized memory in
CVE-2015unspecified function calls, which allows 2015-077.1 1762
remote authenticated users to execute
14
MS
arbitrary code by leveraging certain
permissions and making a crafted query,
as demonstrated by the VIEW SERVER
STATE permission, aka "SQL Server
Remote Code ExecutionVulnerability."

microsoft -- sql_server

Microsoft SQL Server 2008 SP3 and

SP4, 2008 R2 SP2 and SP3, 2012 SP1
and SP2, and 2014 does not prevent use
of uninitialized memory in certain
CVE-20152015-07attempts to execute virtual functions,
8.5 1763
14
which allows remote authenticated users
MS
to execute arbitrary code via a crafted
query, aka "SQL Server Remote Code
Execution Vulnerability."

microsoft -- internet_explorer

Microsoft Internet Explorer 9 through 11

2015-07- 9.3 CVE-2015-

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

allows remote attackers to execute

arbitrary code or cause a denial of
service (memory corruption) via a crafted
web site, aka "Internet Explorer Memory
CorruptionVulnerability," a
different vulnerability than CVE-20152401 and CVE-2015-2408.

14

1767
MS

microsoft -- windows_8.1

Hyper-V in Microsoft Windows 8.1 and

Windows Server 2012 R2 does not
properly initialize guest OS system data
structures, which allows guest OS users
CVE-20152015-07to execute arbitrary code on the host OS
7.2 2361
14
or cause a denial of service (buffer
MS
overflow) by leveraging guest OS
privileges, aka "Hyper-V Buffer
OverflowVulnerability."

microsoft -- windows_8

Hyper-V in Microsoft Windows Server

2008 SP2 and R2 SP1, Windows 8,
Windows 8.1, and Windows Server 2012
Gold and R2 does not properly initialize
CVE-2015guest OS system data structures, which 2015-077.2 2362
allows guest OS users to execute
14
MS
arbitrary code on the host OS by
leveraging guest OS privileges, aka
"Hyper-V System Data
Structure Vulnerability."

microsoft -- windows_2003_server

win32k.sys in the kernel-mode drivers in 2015-07- 7.2 CVE-2015Microsoft Windows Server 2003 SP2 and
14
2363
R2 SP2, Windows Vista SP2, Windows
MS
Server 2008 SP2 and R2 SP1, Windows

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

7 SP1, Windows 8, Windows 8.1,

Windows Server 2012, and Windows RT
allows local users to gain privileges via a
crafted application, aka "Win32k
Elevation of Privilege Vulnerability."

microsoft -- windows_2003_server

The graphics component in Microsoft

Windows Server 2003 SP2 and R2 SP2,
Windows Vista SP2, Windows Server
2008 SP2 and R2 SP1, Windows 7 SP1,
Windows 8, Windows 8.1, Windows
CVE-20152015-07Server 2012 Gold and R2, and Windows
7.2 2364
14
RT Gold and 8.1 allows local users to
MS
gain privileges via a crafted application
that leverages an incorrect bitmap
conversion, aka "Graphics Component
EOP Vulnerability."

microsoft -- windows_2003_server

win32k.sys in the kernel-mode drivers in

Microsoft Windows Server 2003 SP2 and
R2 SP2, Windows Vista SP2, Windows
Server 2008 SP2 and R2 SP1, Windows
CVE-20157 SP1, Windows 8, Windows 8.1,
2015-077.2 2365
Windows Server 2012 Gold and R2, and
14
MS
Windows RT Gold and 8.1 allows local
users to gain privileges via a crafted
application, aka "Win32k Elevation of
PrivilegeVulnerability."

microsoft -- windows_7

win32k.sys in the kernel-mode drivers in 2015-07- 7.2 CVE-2015Microsoft Windows 7 SP1, Windows
14
2366
Server 2008 R2 SP1, Windows 8,
MS
Windows 8.1, Windows Server 2012

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

Gold and R2, and Windows RT Gold and

8.1 allows local users to gain privileges
via a crafted application, aka "Win32k
Elevation of Privilege Vulnerability."

microsoft -- windows_2003_server

The authentication implementation in the

RPC subsystem in Microsoft Windows
Server 2003 SP2 and R2 SP2, Windows
Vista SP2, Windows Server 2008 SP2
and R2 SP1, Windows 7 SP1, Windows
CVE-20158, Windows 8.1, Windows Server 2012 2015-077.2 2370
Gold and R2, and Windows RT Gold and
14
MS
8.1 does not prevent DCE/RPC
connection reflection, which allows local
users to gain privileges via a crafted
application, aka "Windows RPC
Elevation of Privilege Vulnerability."

microsoft -- vbscript

vbscript.dll in Microsoft VBScript 5.6

through 5.8, as used with Internet
Explorer 6 through 11 and other
CVE-2015products, allows remote attackers to
2015-072372
9.3
execute arbitrary code or cause a denial
14
MS
of service (memory corruption) via a
MS
crafted web site, aka "VBScript Memory
Corruption Vulnerability."

microsoft -- windows_7

The Remote Desktop Protocol (RDP)

2015-07- 10.0 CVE-2015server service in Microsoft Windows 7
14
2373
SP1, Windows 8, and Windows Server
MS
2012 allows remote attackers to execute
arbitrary code via a series of crafted
packets, aka "Remote Desktop Protocol

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

(RDP) Remote Code

Execution Vulnerability."

microsoft -- excel

Microsoft Excel 2007 SP3, Excel 2010

SP2, Excel 2013 SP1, Excel 2013 RT
SP1, Office for Mac 2011, Excel Viewer
2007 SP3, Office Compatibility Pack
SP3, Excel Services on SharePoint
Server 2007 SP3, Excel Services on
CVE-20152015-07SharePoint Server 2010 SP2, and Excel
9.3 2376
14
Services on SharePoint Server 2013 SP1
MS
allow remote attackers to execute
arbitrary code or cause a denial of
service (memory corruption) via a crafted
Office document, aka "Microsoft Office
Memory Corruption Vulnerability."

microsoft -- excel

Microsoft Excel 2007 SP3, Excel 2010

SP2, Excel 2013 SP1, Excel 2013 RT
SP1, and Office Compatibility Pack SP3
CVE-2015allow remote attackers to execute
2015-079.3 2377
arbitrary code or cause a denial of
14
MS
service (memory corruption) via a crafted
Office document, aka "Microsoft Office
Memory CorruptionVulnerability."

microsoft -- office

Microsoft Word 2007 SP3, Office 2010

2015-07- 9.3 CVE-2015SP2, Word 2010 SP2, Word 2013 SP1,
14
2379
Word 2013 RT SP1, Office for Mac 2011,
MS
and Word Viewer allow remote attackers
to execute arbitrary code or cause a
denial of service (memory corruption) via
a crafted Office document, aka "Microsoft

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

Office Memory CorruptionVulnerability."

microsoft -- office

Microsoft Word 2007 SP3, Office 2010

SP2, Word 2010 SP2, Word 2013 SP1,
and Word 2013 RT SP1 allow remote
CVE-2015attackers to execute arbitrary code or
2015-079.3 2380
cause a denial of service (memory
14
MS
corruption) via a crafted Office document,
aka "Microsoft Office Memory
Corruption Vulnerability."

microsoft -- internet_explorer

Microsoft Internet Explorer 11 allows

remote attackers to execute arbitrary
code or cause a denial of service
(memory corruption) via a crafted web
site, aka "Internet Explorer Memory
Corruption Vulnerability," a
different vulnerability than CVE-20152384 and CVE-2015-2425.

CVE-20152015-079.3 2383
14
MS

microsoft -- internet_explorer

Microsoft Internet Explorer 11 allows

remote attackers to execute arbitrary
code or cause a denial of service
(memory corruption) via a crafted web
site, aka "Internet Explorer Memory
Corruption Vulnerability," a
different vulnerability than CVE-20152383 and CVE-2015-2425.

CVE-20152015-079.3 2384
14
MS

microsoft -- internet_explorer

Microsoft Internet Explorer 6 through 11 2015-07- 9.3 CVE-2015allows remote attackers to execute
14
2385
arbitrary code or cause a denial of
MS
service (memory corruption) via a crafted

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

web site, aka "Internet Explorer Memory

CorruptionVulnerability," a
different vulnerability than CVE-20152390, CVE-2015-2397, CVE-2015-2404,
CVE-2015-2406, and CVE-2015-2422.

microsoft -- windows_2003_server

ATMFD.DLL in the Adobe Type Manager

Font Driver in Microsoft Windows Server
2003 SP2, Windows Vista SP2, Windows
Server 2008 SP2 and R2 SP1, Windows
CVE-20157 SP1, Windows 8, Windows 8.1,
2015-077.2 2387
Windows Server 2012 Gold and R2, and
14
MS
Windows RT Gold and 8.1 allows local
users to gain privileges via a crafted
application, aka "ATMFD.DLL Memory
CorruptionVulnerability."

microsoft -- internet_explorer

Microsoft Internet Explorer 8 and 9

allows remote attackers to execute
arbitrary code or cause a denial of
CVE-2015service (memory corruption) via a crafted 2015-079.3 2388
web site, aka "Internet Explorer Memory
14
MS
CorruptionVulnerability," a
different vulnerability than CVE-20151738.

microsoft -- internet_explorer

Microsoft Internet Explorer 10 and 11

2015-07- 9.3 CVE-2015allows remote attackers to execute
14
2389
arbitrary code or cause a denial of
MS
service (memory corruption) via a crafted
web site, aka "Internet Explorer Memory
CorruptionVulnerability," a
different vulnerability than CVE-2015-

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

1733 and CVE-2015-2411.

microsoft -- internet_explorer

Microsoft Internet Explorer 6 through 11

allows remote attackers to execute
arbitrary code or cause a denial of
service (memory corruption) via a crafted
CVE-20152015-07web site, aka "Internet Explorer Memory
9.3 2390
14
CorruptionVulnerability," a
MS
different vulnerability than CVE-20152385, CVE-2015-2397, CVE-2015-2404,
CVE-2015-2406, and CVE-2015-2422.

microsoft -- internet_explorer

Microsoft Internet Explorer 9 allows

remote attackers to execute arbitrary
code or cause a denial of service
(memory corruption) via a crafted web
site, aka "Internet Explorer Memory
Corruption Vulnerability."

microsoft -- internet_explorer

Microsoft Internet Explorer 6 through 11

allows remote attackers to execute
arbitrary code or cause a denial of
service (memory corruption) via a crafted
CVE-20152015-07web site, aka "Internet Explorer Memory
9.3 2397
14
CorruptionVulnerability," a
MS
different vulnerability than CVE-20152385, CVE-2015-2390, CVE-2015-2404,
CVE-2015-2406, and CVE-2015-2422.

microsoft -- internet_explorer

CVE-20152015-079.3 2391
14
MS

Microsoft Internet Explorer 9 through 11 2015-07- 9.3 CVE-2015allows remote attackers to execute
14
2401
arbitrary code or cause a denial of
MS
service (memory corruption) via a crafted

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

web site, aka "Internet Explorer Memory

CorruptionVulnerability," a
different vulnerability than CVE-20151767 and CVE-2015-2408.

microsoft -- internet_explorer

Microsoft Internet Explorer 8 allows

remote attackers to execute arbitrary
code or cause a denial of service
(memory corruption) via a crafted web
site, aka "Internet Explorer Memory
Corruption Vulnerability."

microsoft -- internet_explorer

Microsoft Internet Explorer 6 through 11

allows remote attackers to execute
arbitrary code or cause a denial of
service (memory corruption) via a crafted
CVE-20152015-07web site, aka "Internet Explorer Memory
9.3 2404
14
CorruptionVulnerability," a
MS
different vulnerability than CVE-20152385, CVE-2015-2390, CVE-2015-2397,
CVE-2015-2406, and CVE-2015-2422.

microsoft -- internet_explorer

Microsoft Internet Explorer 6 through 11

allows remote attackers to execute
arbitrary code or cause a denial of
service (memory corruption) via a crafted
CVE-20152015-07web site, aka "Internet Explorer Memory
9.3 2406
14
CorruptionVulnerability," a
MS
different vulnerability than CVE-20152385, CVE-2015-2390, CVE-2015-2397,
CVE-2015-2404, and CVE-2015-2422.

microsoft -- internet_explorer

Microsoft Internet Explorer 9 through 11

CVE-20152015-079.3 2403
14
MS

2015-07- 9.3 CVE-2015-

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

allows remote attackers to execute

arbitrary code or cause a denial of
service (memory corruption) via a crafted
web site, aka "Internet Explorer Memory
CorruptionVulnerability," a
different vulnerability than CVE-20151767 and CVE-2015-2401.

14

2408
MS

microsoft -- internet_explorer

Microsoft Internet Explorer 10 and 11

allows remote attackers to execute
arbitrary code or cause a denial of
CVE-2015service (memory corruption) via a crafted 2015-079.3 2411
web site, aka "Internet Explorer Memory
14
MS
CorruptionVulnerability," a
different vulnerability than CVE-20151733 and CVE-2015-2389.

microsoft -- excel

Microsoft Excel 2007 SP3, Excel 2010

SP2, Excel 2013 SP1, Excel 2013 RT
SP1, and Office Compatibility Pack SP3
CVE-2015allow remote attackers to execute
2015-079.3 2415
arbitrary code or cause a denial of
14
MS
service (memory corruption) via a crafted
Office document, aka "Microsoft Office
Memory CorruptionVulnerability."

microsoft -- internet_explorer

JScript 9 in Microsoft Internet Explorer 10

and 11 allows remote attackers to
CVE-2015execute arbitrary code or cause a denial 2015-079.3 2419
of service (memory corruption) via a
14
MS
crafted web site, aka "JScript9 Memory
CorruptionVulnerability."

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

microsoft -- internet_explorer

Microsoft Internet Explorer 6 through 11

allows remote attackers to execute
arbitrary code or cause a denial of
service (memory corruption) via a crafted
CVE-20152015-07web site, aka "Internet Explorer Memory
9.3 2422
14
CorruptionVulnerability," a
MS
different vulnerability than CVE-20152385, CVE-2015-2390, CVE-2015-2397,
CVE-2015-2404, and CVE-2015-2406.

microsoft -- powerpoint

Microsoft PowerPoint 2007 SP3, Word

2007 SP3, PowerPoint 2010 SP2, Word
2010 SP2, PowerPoint 2013 SP1, Word
2013 SP1, and PowerPoint 2013 RT SP1
CVE-20152015-07allow remote attackers to execute
9.3 2424
14
arbitrary code or cause a denial of
MS
service (memory corruption) via a crafted
Office document, aka "Microsoft Office
Memory Corruption Vulnerability."

microsoft -- internet_explorer

Microsoft Internet Explorer 11 allows

remote attackers to execute arbitrary
code or cause a denial of service
(memory corruption) via a crafted web
site, aka "Internet Explorer Memory
Corruption Vulnerability," a
different vulnerability than CVE-20152383 and CVE-2015-2384.

oracle -- jdk

CVE-20152015-079.3 2425
14
MS

Unspecified vulnerability in Oracle Java 2015-07- 10.0 CVE-2015SE 6u95, 7u80, and 8u45, and Java SE
16
2590
Embedded 7u75 and 8u33 allows remote
CONFIRM
attackers to affect confidentiality,

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

integrity, and availability via unknown

vectors related to Libraries, a
different vulnerability than CVE-20154732.

oracle -- fusion_middleware

Unspecified vulnerability in the Oracle

Access Manager component in Oracle
CVE-2015Fusion Middleware 11.1.2.2 allows
2015-077.1 2593
remote authenticated users to affect
16
CONFIRM
confidentiality and integrity via unknown
vectors related to Configuration Service.

oracle -- jdk

Unspecified vulnerability in Oracle Java

SE 7u80 and 8u45 allows local users to
affect confidentiality, integrity, and
availability via unknown vectors related
to Install.

oracle -- fusion_middleware

Unspecified vulnerability in the Oracle

Endeca Information Discovery Studio
component in Oracle Fusion Middleware
2.2.2, 2.3, 2.4, 3.0, and 3.1 allows
CVE-2015remote attackers to affect confidentiality, 2015-077.5 2602
integrity, and availability via unknown
16
CONFIRM
vectors related to Integrator , a
different vulnerability than CVE-20152603, CVE-2015-2604, CVE-2015-2605,
CVE-2015-2606, and CVE-2015-4745.

oracle -- fusion_middleware

CVE-20152015-077.2 2597
16
CONFIRM

Unspecified vulnerability in the Oracle

2015-07- 7.5 CVE-2015Endeca Information Discovery Studio
16
2603
component in Oracle Fusion Middleware
CONFIRM
2.2.2, 2.3, 2.4, 3.0, and 3.1 allows

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

remote attackers to affect confidentiality,

integrity, and availability via unknown
vectors related to Integrator, a
different vulnerability than CVE-20152602, CVE-2015-2604, CVE-2015-2605,
CVE-2015-2606, and CVE-2015-4745.

oracle -- fusion_middleware

Unspecified vulnerability in the Oracle

Endeca Information Discovery Studio
component in Oracle Fusion Middleware
2.2.2, 2.3, 2.4, 3.0, and 3.1 allows
remote attackers to affect confidentiality, 2015-077.5
integrity, and availability via unknown
16
vectors related to Integrator, a
different vulnerability than CVE-20152602, CVE-2015-2603, CVE-2015-2605,
CVE-2015-2606, and CVE-2015-4745.

...
[Message clipped] View entire message

National CERT

<nationalcertbd@gmail.com>

to cirttl.lict

High Vulnerabilities

Jul 28

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to execute arbitrary code
10.0 3095
15
or cause a denial of service (memory
CONFIRM
corruption) via unspecified vectors, a
different vulnerability than CVE-20155087, CVE-2015-5094, CVE-2015-5100,
CVE-2015-5102, CVE-2015-5103, CVE2015-5104, and CVE-2015-5115.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to bypass JavaScript API
10.0 4435
15
execution restrictions via unspecified
CONFIRM
vectors, a differentvulnerability than
CVE-2015-4438, CVE-2015-4441, CVE2015-4445, CVE-2015-4447, CVE-20154451, CVE-2015-4452, CVE-2015-5085,
and CVE-2015-5086.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

CVE-201510.1.15 and 11.x before 11.0.12, Acrobat 2015-0710.0 4438
and Acrobat Reader DC Classic before
15
CONFIRM
2015.006.30060, and Acrobat and

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

Acrobat Reader DC Continuous before

2015.008.20082 on Windows and OS X
allow attackers to bypass JavaScript API
execution restrictions via unspecified
vectors, a differentvulnerability than
CVE-2015-4435, CVE-2015-4441, CVE2015-4445, CVE-2015-4447, CVE-20154451, CVE-2015-4452, CVE-2015-5085,
and CVE-2015-5086.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to bypass JavaScript API
10.0 4441
15
execution restrictions via unspecified
CONFIRM
vectors, a differentvulnerability than
CVE-2015-4435, CVE-2015-4438, CVE2015-4445, CVE-2015-4447, CVE-20154451, CVE-2015-4452, CVE-2015-5085,
and CVE-2015-5086.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
CVE-20152015.006.30060, and Acrobat and
2015-0710.0 4445
Acrobat Reader DC Continuous before
15
CONFIRM
2015.008.20082 on Windows and OS X
allow attackers to bypass JavaScript API
execution restrictions via unspecified

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

vectors, a differentvulnerability than

CVE-2015-4435, CVE-2015-4438, CVE2015-4441, CVE-2015-4447, CVE-20154451, CVE-2015-4452, CVE-2015-5085,
and CVE-2015-5086.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
CVE-20152015.008.20082 on Windows and OS X 2015-077.5 4446
allow attackers to bypass intended
15
CONFIRM
access restrictions and perform a
transition from Low Integrity to Medium
Integrity via unspecified vectors, a
differentvulnerability than CVE-20155090 and CVE-2015-5106.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to bypass JavaScript API
10.0 4447
15
execution restrictions via unspecified
CONFIRM
vectors, a differentvulnerability than
CVE-2015-4435, CVE-2015-4438, CVE2015-4441, CVE-2015-4445, CVE-20154451, CVE-2015-4452, CVE-2015-5085,
and CVE-2015-5086.

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

adobe -- acrobat

Use-after-free vulnerability in Adobe

Reader and Acrobat 10.x before 10.1.15
and 11.x before 11.0.12, Acrobat and
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
CVE-20152015-072015.008.20082 on Windows and OS X
10.0 4448
15
allows attackers to execute arbitrary
CONFIRM
code via unspecified vectors, a
different vulnerability than CVE-20155095, CVE-2015-5099, CVE-2015-5101,
CVE-2015-5111, CVE-2015-5113, and
CVE-2015-5114.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to bypass JavaScript API
10.0 4451
15
execution restrictions via unspecified
CONFIRM
vectors, a differentvulnerability than
CVE-2015-4435, CVE-2015-4438, CVE2015-4441, CVE-2015-4445, CVE-20154447, CVE-2015-4452, CVE-2015-5085,
and CVE-2015-5086.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

CVE-201510.1.15 and 11.x before 11.0.12, Acrobat 2015-0710.0 4452
and Acrobat Reader DC Classic before
15
CONFIRM
2015.006.30060, and Acrobat and

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

Acrobat Reader DC Continuous before

2015.008.20082 on Windows and OS X
allow attackers to bypass JavaScript API
execution restrictions via unspecified
vectors, a differentvulnerability than
CVE-2015-4435, CVE-2015-4438, CVE2015-4441, CVE-2015-4445, CVE-20154447, CVE-2015-4451, CVE-2015-5085,
and CVE-2015-5086.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to bypass JavaScript API
10.0 5085
15
execution restrictions via unspecified
CONFIRM
vectors, a differentvulnerability than
CVE-2015-4435, CVE-2015-4438, CVE2015-4441, CVE-2015-4445, CVE-20154447, CVE-2015-4451, CVE-2015-4452,
and CVE-2015-5086.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
CVE-20152015.006.30060, and Acrobat and
2015-0710.0 5086
Acrobat Reader DC Continuous before
15
CONFIRM
2015.008.20082 on Windows and OS X
allow attackers to bypass JavaScript API
execution restrictions via unspecified

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

vectors, a differentvulnerability than

CVE-2015-4435, CVE-2015-4438, CVE2015-4441, CVE-2015-4445, CVE-20154447, CVE-2015-4451, CVE-2015-4452,
and CVE-2015-5085.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to execute arbitrary code
10.0 5087
15
or cause a denial of service (memory
CONFIRM
corruption) via unspecified vectors, a
different vulnerability than CVE-20153095, CVE-2015-5094, CVE-2015-5100,
CVE-2015-5102, CVE-2015-5103, CVE2015-5104, and CVE-2015-5115.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
CVE-20152015.008.20082 on Windows and OS X 2015-077.5 5090
allow attackers to bypass intended
15
CONFIRM
access restrictions and perform a
transition from Low Integrity to Medium
Integrity via unspecified vectors, a
differentvulnerability than CVE-20154446 and CVE-2015-5106.

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
CVE-20152015.006.30060, and Acrobat and
2015-077.8 5091
Acrobat Reader DC Continuous before
15
CONFIRM
2015.008.20082 on Windows and OS X
allow attackers to cause a denial of
service via invalid data.

adobe -- acrobat

Buffer overflow in Adobe Reader and

Acrobat 10.x before 10.1.15 and 11.x
before 11.0.12, Acrobat and Acrobat
Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allows attackers to execute arbitrary
code via unspecified vectors.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to execute arbitrary code
10.0 5094
15
or cause a denial of service (memory
CONFIRM
corruption) via unspecified vectors, a
different vulnerability than CVE-20153095, CVE-2015-5087, CVE-2015-5100,
CVE-2015-5102, CVE-2015-5103, CVE2015-5104, and CVE-2015-5115.

CVE-20152015-0710.0 5093
15
CONFIRM

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

adobe -- acrobat

Use-after-free vulnerability in Adobe

Reader and Acrobat 10.x before 10.1.15
and 11.x before 11.0.12, Acrobat and
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
CVE-20152015-072015.008.20082 on Windows and OS X
10.0 5095
15
allows attackers to execute arbitrary
CONFIRM
code via unspecified vectors, a
different vulnerability than CVE-20154448, CVE-2015-5099, CVE-2015-5101,
CVE-2015-5111, CVE-2015-5113, and
CVE-2015-5114.

adobe -- acrobat

Heap-based buffer overflow in Adobe

Reader and Acrobat 10.x before 10.1.15
and 11.x before 11.0.12, Acrobat and
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
CVE-20152015-07Acrobat Reader DC Continuous before
10.0 5096
15
2015.008.20082 on Windows and OS X
CONFIRM
allows attackers to execute arbitrary
code via unspecified vectors, a
different vulnerability than CVE-20155098 and CVE-2015-5105.

adobe -- acrobat

Integer overflow in Adobe Reader and

Acrobat 10.x before 10.1.15 and 11.x
before 11.0.12, Acrobat and Acrobat
Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before

CVE-20152015-0710.0 5097
15
CONFIRM

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

2015.008.20082 on Windows and OS X

allows attackers to execute arbitrary
code via unspecified vectors, a
different vulnerability than CVE-20155108 and CVE-2015-5109.

adobe -- acrobat

Heap-based buffer overflow in Adobe

Reader and Acrobat 10.x before 10.1.15
and 11.x before 11.0.12, Acrobat and
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
CVE-20152015-07Acrobat Reader DC Continuous before
10.0 5098
15
2015.008.20082 on Windows and OS X
CONFIRM
allows attackers to execute arbitrary
code via unspecified vectors, a
different vulnerability than CVE-20155096 and CVE-2015-5105.

adobe -- acrobat

Use-after-free vulnerability in Adobe

Reader and Acrobat 10.x before 10.1.15
and 11.x before 11.0.12, Acrobat and
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
CVE-20152015-072015.008.20082 on Windows and OS X
10.0 5099
15
allows attackers to execute arbitrary
CONFIRM
code via unspecified vectors, a
different vulnerability than CVE-20154448, CVE-2015-5095, CVE-2015-5101,
CVE-2015-5111, CVE-2015-5113, and
CVE-2015-5114.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

2015-07- 10.0 CVE-2015-

Primary
Vendor -- Product

Description

Published

10.1.15 and 11.x before 11.0.12, Acrobat

and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allow attackers to execute arbitrary code
or cause a denial of service (memory
corruption) via unspecified vectors, a
different vulnerability than CVE-20153095, CVE-2015-5087, CVE-2015-5094,
CVE-2015-5102, CVE-2015-5103, CVE2015-5104, and CVE-2015-5115.

15

CVSS Source &

Score Patch Info

5100
CONFIRM

adobe -- acrobat

Use-after-free vulnerability in Adobe

Reader and Acrobat 10.x before 10.1.15
and 11.x before 11.0.12, Acrobat and
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
CVE-20152015-072015.008.20082 on Windows and OS X
10.0 5101
15
allows attackers to execute arbitrary
CONFIRM
code via unspecified vectors, a
different vulnerability than CVE-20154448, CVE-2015-5095, CVE-2015-5099,
CVE-2015-5111, CVE-2015-5113, and
CVE-2015-5114.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
CVE-20152015-07and Acrobat Reader DC Classic before
10.0 5102
15
2015.006.30060, and Acrobat and
CONFIRM
Acrobat Reader DC Continuous before

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

2015.008.20082 on Windows and OS X

allow attackers to execute arbitrary code
or cause a denial of service (memory
corruption) via unspecified vectors, a
different vulnerability than CVE-20153095, CVE-2015-5087, CVE-2015-5094,
CVE-2015-5100, CVE-2015-5103, CVE2015-5104, and CVE-2015-5115.

adobe -- acrobat

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to execute arbitrary code
10.0 5103
15
or cause a denial of service (memory
CONFIRM
corruption) via unspecified vectors, a
different vulnerability than CVE-20153095, CVE-2015-5087, CVE-2015-5094,
CVE-2015-5100, CVE-2015-5102, CVE2015-5104, and CVE-2015-5115.
Adobe Reader and Acrobat 10.x before 2015-07- 10.0 CVE-201510.1.15 and 11.x before 11.0.12, Acrobat
15
5104
and Acrobat Reader DC Classic before
CONFIRM
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allow attackers to execute arbitrary code
or cause a denial of service (memory
corruption) via unspecified vectors, a

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

different vulnerability than CVE-20153095, CVE-2015-5087, CVE-2015-5094,

CVE-2015-5100, CVE-2015-5102, CVE2015-5103, and CVE-2015-5115.

adobe -- acrobat

Heap-based buffer overflow in Adobe

Reader and Acrobat 10.x before 10.1.15
and 11.x before 11.0.12, Acrobat and
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
CVE-20152015-07Acrobat Reader DC Continuous before
10.0 5105
15
2015.008.20082 on Windows and OS X
CONFIRM
allows attackers to execute arbitrary
code via unspecified vectors, a
different vulnerability than CVE-20155096 and CVE-2015-5098.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
CVE-20152015.008.20082 on Windows and OS X 2015-077.5 5106
allow attackers to bypass intended
15
CONFIRM
access restrictions and perform a
transition from Low Integrity to Medium
Integrity via unspecified vectors, a
differentvulnerability than CVE-20154446 and CVE-2015-5090.

adobe -- acrobat

Integer overflow in Adobe Reader and

Acrobat 10.x before 10.1.15 and 11.x
before 11.0.12, Acrobat and Acrobat

CVE-20152015-0710.0 5108
15
CONFIRM

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

Reader DC Classic before

2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allows attackers to execute arbitrary
code via unspecified vectors, a
different vulnerability than CVE-20155097 and CVE-2015-5109.

adobe -- acrobat

Integer overflow in Adobe Reader and

Acrobat 10.x before 10.1.15 and 11.x
before 11.0.12, Acrobat and Acrobat
Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allows attackers to execute arbitrary
code via unspecified vectors, a
different vulnerability than CVE-20155097 and CVE-2015-5108.

adobe -- acrobat

Stack-based buffer overflow in Adobe

Reader and Acrobat 10.x before 10.1.15
and 11.x before 11.0.12, Acrobat and
Acrobat Reader DC Classic before
CVE-20152015-072015.006.30060, and Acrobat and
10.0 5110
15
Acrobat Reader DC Continuous before
CONFIRM
2015.008.20082 on Windows and OS X
allows attackers to execute arbitrary
code via unspecified vectors.

adobe -- acrobat

Use-after-free vulnerability in Adobe

2015-07CVE-201510.0
Reader and Acrobat 10.x before 10.1.15
15
5111

CVE-20152015-0710.0 5109
15
CONFIRM

Primary
Vendor -- Product

Description
and 11.x before 11.0.12, Acrobat and
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allows attackers to execute arbitrary
code via unspecified vectors, a
different vulnerability than CVE-20154448, CVE-2015-5095, CVE-2015-5099,
CVE-2015-5101, CVE-2015-5113, and
CVE-2015-5114.

Published

CVSS Source &

Score Patch Info

CONFIRM

adobe -- acrobat

Use-after-free vulnerability in Adobe

Reader and Acrobat 10.x before 10.1.15
and 11.x before 11.0.12, Acrobat and
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
CVE-20152015-072015.008.20082 on Windows and OS X
10.0 5113
15
allows attackers to execute arbitrary
CONFIRM
code via unspecified vectors, a
different vulnerability than CVE-20154448, CVE-2015-5095, CVE-2015-5099,
CVE-2015-5101, CVE-2015-5111, and
CVE-2015-5114.

adobe -- acrobat

Use-after-free vulnerability in Adobe

Reader and Acrobat 10.x before 10.1.15
CVE-2015and 11.x before 11.0.12, Acrobat and
2015-0710.0 5114
Acrobat Reader DC Classic before
15
CONFIRM
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

2015.008.20082 on Windows and OS X

allows attackers to execute arbitrary
code via unspecified vectors, a
different vulnerability than CVE-20154448, CVE-2015-5095, CVE-2015-5099,
CVE-2015-5101, CVE-2015-5111, and
CVE-2015-5113.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to execute arbitrary code
10.0 5115
15
or cause a denial of service (memory
CONFIRM
corruption) via unspecified vectors, a
different vulnerability than CVE-20153095, CVE-2015-5087, CVE-2015-5094,
CVE-2015-5100, CVE-2015-5102, CVE2015-5103, and CVE-2015-5104.

adobe -- shockwave_player

Adobe Shockwave Player before

12.1.9.159 allows attackers to execute
arbitrary code or cause a denial of
service (memory corruption) via
unspecified vectors, a
different vulnerability than CVE-20155121.

CVE-20152015-0710.0 5120
14
CONFIRM

adobe -- shockwave_player

Adobe Shockwave Player before

12.1.9.159 allows attackers to execute
arbitrary code or cause a denial of

CVE-20152015-0710.0 5121
14
CONFIRM

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

service (memory corruption) via

unspecified vectors, a
different vulnerability than CVE-20155120.

adobe -- flash_player

adobe -- flash_player

Use-after-free vulnerability in the

DisplayObject class in the ActionScript 3
(AS3) implementation in Adobe Flash
Player 13.x through 13.0.0.302 on
Windows and OS X, 14.x through
18.0.0.203 on Windows and OS X, 11.x
CVE-2015through 11.2.202.481 on Linux, and 12.x
5122
2015-07through 18.0.0.204 on Linux Chrome
10.0 CERT-VN
14
installations allows remote attackers to
MISC
execute arbitrary code or cause a denial
CONFIRM
of service (memory corruption) via
crafted Flash content that leverages
improper handling of the
opaqueBackground property, as
exploited in the wild in July 2015.
Use-after-free vulnerability in the
2015-07- 10.0 CVE-2015BitmapData class in the ActionScript 3
14
5123
(AS3) implementation in Adobe Flash
CERT-VN
Player 13.x through 13.0.0.302 on
CONFIRM
Windows and OS X, 14.x through
MISC
18.0.0.203 on Windows and OS X, 11.x
through 11.2.202.481 on Linux, and 12.x
through 18.0.0.204 on Linux Chrome
installations allows remote attackers to
execute arbitrary code or cause a denial
of service (memory corruption) via

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

crafted Flash content that overrides a

ValueOf function, as exploited in the wild
in July 2015.

centreon -- centreon

SQL injection vulnerability in the

isUserAdmin function in
include/common/common-Func.php in
CVE-2015Centreon (formerly Merethis Centreon)
1560
2015-072.5.4 and earlier allows remote attackers
7.5 CONFIRM
14
to execute arbitrary SQL commands via
BUGTRAQ
the sid parameter to
MISC
include/common/XmlTree/GetXmlTree.ph
p.

Cisco Videoscape Distribution Suite

Service Broker (aka VDS-SB), when a
VDSM configuration on UCS is used, and
Videoscape Distribution Suite for Internet
cisco -CVE-2015Streaming (aka VDS-IS or CDS-IS)
2015-07videoscape_distribution_suite_for_internet_streami
7.8 0725
before 3.3.1 R7 and 4.x before 4.0.0 R4
16
ng
CISCO
allow remote attackers to cause a denial
of service (device reload) via a crafted
HTTP request, aka Bug IDs
CSCus79834 and CSCuu63409.

djangoproject -- django

The session backends in Django before

1.4.21, 1.5.x through 1.6.x, 1.7.x before
1.7.9, and 1.8.x before 1.8.3 allows
remote attackers to cause a denial of
service (session store consumption) via
multiple requests with unique session
keys.

CVE-20155143
2015-077.8 CONFIRM
14
UBUNTU
DEBIAN

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

djangoproject -- django

validators.URLValidator in Django 1.8.x

before 1.8.3 allows remote attackers to
cause a denial of service (CPU
consumption) via unspecified vectors.

CVE-20152015-077.8 5145
14
CONFIRM

emc -- recoverpoint_for_virtual_machines

EMC RecoverPoint for Virtual Machines

(VMs) 4.2 allows local users to obtain
root-shell access by bypassing the
Installation Manager Boxmgmt CLI
interface.

CVE-20152015-077.2 4526
10
BUGTRAQ

ibm -- business_process_manager

The REST API in IBM Business Process

Manager (BPM) 7.5.x through 7.5.1.2,
8.0.x through 8.0.1.3, 8.5.0 through
CVE-20158.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6
2015-071961
through 8.5.6.0 allows remote
9.0
13
CONFIRM
authenticated users to bypass intended
AIXAPAR
access restrictions and execute arbitrary
JavaScript code on the server via an
unspecified API call.

juniper -- junos

The Juniper SRX Series services

gateways with Junos OS 12.1X46 before
12.1X46-D35, 12.1X47 before 12.1X47CVE-2015D25, and 12.3X48 before 12.3X48-D15
2015-073007
do not properly implement the "set
7.2
14
SECTRACK
system ports console insecure" feature,
CONFIRM
which allows physically proximate
attackers to gain administrative privileges
by leveraging access to the console port.

juniper -- junos

Juniper Junos OS 12.1X44 before

12.1X44-D50, 12.1X46 before 12.1X46-

2015-07CVE-20157.1
14
5358

Primary
Vendor -- Product

Description
D35, 12.1X47 before 12.1X47-D25, 12.3
before 12.3R9, 12.3X48 before 12.3X48D15, 13.2 before 13.2R7, 13.2X51 before
13.2X51-D35, 13.2X52 before 13.2X52D25, 13.3 before 13.3R6, 14.1R3 before
14.1R3-S2, 14.1 before 14.1R4, 14.1X53
before 14.1X53-D12, 14.1X53 before
14.1X53-D16, 14.1X55 before 14.1X55D25, 14.2 before 14.2R2, and 15.1
before 15.1R1 allows remote attackers to
cause a denial of service (mbuf and
connection consumption and restart) via
a large number of requests that trigger a
TCP connection to move to the
LAST_ACK state when there is more
data to send.

Published

CVSS Source &

Score Patch Info

SECTRACK
CONFIRM

juniper -- junos

Juniper Junos OS 12.1X44 before

12.1X44-D50, 12.1X46 before 12.1X46D35, 12.1X47 before 12.1X47-D25, 12.3
before 12.3R9, 12.3X48 before 12.3X48D10, 13.2 before 13.2R7, 13.3 before
CVE-201513.3R5, 14.1R3 before 14.1R3-S2, 14.1
2015-075359
before 14.1R4, 14.2 before 14.2R2, and
7.1
14
SECTRACK
15.1 before 15.1R1 allows remote
CONFIRM
attackers to cause a denial of service
(NULL pointer dereference and RDP
crash) via a large number of BGP-VPLS
advertisements with updated BGP local
preference values.

juniper -- junos

The BFD daemon in Juniper Junos OS

2015-07- 9.3 CVE-2015-

Primary
Vendor -- Product

Description

Published

12.1X44 before 12.1X44-D50, 12.1X46

before 12.1X46-D35, 12.1X47 before
12.1X47-D25, 12.3 before 12.3R10,
12.3X48 before 12.3X48-D15, 13.2
before 13.2R8, 13.3 before 13.3R6, 14.1
before 14.1R5, 14.1X50 before 14.1X50D85, 14.1X55 before 14.1X55-D20, 14.2
before 14.2R3, 15.1 before 15.1R1, and
15.1X49 before 15.1X49-D10 allows
remote attackers to cause a denial of
service (bfdd crash and restart) or
execute arbitrary code via a crafted BFD
packet.

14

CVSS Source &

Score Patch Info

5362
SECTRACK
CONFIRM

linuxfoundation -- cups-filters

CVE-2015Heap-based buffer overflow in the

3258
WriteProlog function in filter/texttopdf.c in
CONFIRM
texttopdf in cups-filters before 1.0.70
2015-07BID
allows remote attackers to cause a denial
7.5
14
MLIST
of service (crash) or possibly execute
DEBIAN
arbitrary code via a small line size in a
UBUNTU
print job.
CONFIRM

linuxfoundation -- cups-filters

CVE-2015Integer overflow in filter/texttopdf.c in

3279
texttopdf in cups-filters before 1.0.71
CONFIRM
allows remote attackers to cause a denial
BID
2015-07of service (crash) or possibly execute
7.5 MLIST
14
arbitrary code via a crafted line size in a
MLIST
print job, which triggers a heap-based
DEBIAN
buffer overflow.
UBUNTU
CONFIRM

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info
CONFIRM
CONFIRM

microsoft -- internet_explorer

Microsoft Internet Explorer 10 and 11

allows remote attackers to execute
arbitrary code or cause a denial of
CVE-2015service (memory corruption) via a crafted 2015-079.3 1733
web site, aka "Internet Explorer Memory
14
MS
CorruptionVulnerability," a
different vulnerability than CVE-20152389 and CVE-2015-2411.

microsoft -- internet_explorer

Microsoft Internet Explorer 8 and 9

allows remote attackers to execute
arbitrary code or cause a denial of
CVE-2015service (memory corruption) via a crafted 2015-079.3 1738
web site, aka "Internet Explorer Memory
14
MS
CorruptionVulnerability," a
different vulnerability than CVE-20152388.

microsoft -- sql_server

Microsoft SQL Server 2008 SP3 and

SP4, 2008 R2 SP2 and SP3, 2012 SP1
and SP2, and 2014, when transactional
replication is configured, does not
prevent use of uninitialized memory in
CVE-2015unspecified function calls, which allows 2015-077.1 1762
remote authenticated users to execute
14
MS
arbitrary code by leveraging certain
permissions and making a crafted query,
as demonstrated by the VIEW SERVER
STATE permission, aka "SQL Server
Remote Code ExecutionVulnerability."

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

microsoft -- sql_server

Microsoft SQL Server 2008 SP3 and

SP4, 2008 R2 SP2 and SP3, 2012 SP1
and SP2, and 2014 does not prevent use
of uninitialized memory in certain
CVE-20152015-07attempts to execute virtual functions,
8.5 1763
14
which allows remote authenticated users
MS
to execute arbitrary code via a crafted
query, aka "SQL Server Remote Code
Execution Vulnerability."

microsoft -- internet_explorer

Microsoft Internet Explorer 9 through 11

allows remote attackers to execute
arbitrary code or cause a denial of
CVE-2015service (memory corruption) via a crafted 2015-079.3 1767
web site, aka "Internet Explorer Memory
14
MS
CorruptionVulnerability," a
different vulnerability than CVE-20152401 and CVE-2015-2408.

microsoft -- windows_8.1

Hyper-V in Microsoft Windows 8.1 and

Windows Server 2012 R2 does not
properly initialize guest OS system data
structures, which allows guest OS users
CVE-20152015-07to execute arbitrary code on the host OS
7.2 2361
14
or cause a denial of service (buffer
MS
overflow) by leveraging guest OS
privileges, aka "Hyper-V Buffer
OverflowVulnerability."

microsoft -- windows_8

Hyper-V in Microsoft Windows Server

CVE-20152008 SP2 and R2 SP1, Windows 8,
2015-077.2 2362
Windows 8.1, and Windows Server 2012
14
MS
Gold and R2 does not properly initialize

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

guest OS system data structures, which

allows guest OS users to execute
arbitrary code on the host OS by
leveraging guest OS privileges, aka
"Hyper-V System Data
Structure Vulnerability."

microsoft -- windows_2003_server

win32k.sys in the kernel-mode drivers in

Microsoft Windows Server 2003 SP2 and
R2 SP2, Windows Vista SP2, Windows
Server 2008 SP2 and R2 SP1, Windows
CVE-20152015-077 SP1, Windows 8, Windows 8.1,
7.2 2363
14
Windows Server 2012, and Windows RT
MS
allows local users to gain privileges via a
crafted application, aka "Win32k
Elevation of Privilege Vulnerability."

microsoft -- windows_2003_server

The graphics component in Microsoft

Windows Server 2003 SP2 and R2 SP2,
Windows Vista SP2, Windows Server
2008 SP2 and R2 SP1, Windows 7 SP1,
Windows 8, Windows 8.1, Windows
CVE-20152015-07Server 2012 Gold and R2, and Windows
7.2 2364
14
RT Gold and 8.1 allows local users to
MS
gain privileges via a crafted application
that leverages an incorrect bitmap
conversion, aka "Graphics Component
EOP Vulnerability."

microsoft -- windows_2003_server

win32k.sys in the kernel-mode drivers in

CVE-2015Microsoft Windows Server 2003 SP2 and 2015-077.2 2365
R2 SP2, Windows Vista SP2, Windows
14
MS
Server 2008 SP2 and R2 SP1, Windows

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

7 SP1, Windows 8, Windows 8.1,

Windows Server 2012 Gold and R2, and
Windows RT Gold and 8.1 allows local
users to gain privileges via a crafted
application, aka "Win32k Elevation of
PrivilegeVulnerability."

microsoft -- windows_7

win32k.sys in the kernel-mode drivers in

Microsoft Windows 7 SP1, Windows
Server 2008 R2 SP1, Windows 8,
CVE-2015Windows 8.1, Windows Server 2012
2015-077.2 2366
Gold and R2, and Windows RT Gold and
14
MS
8.1 allows local users to gain privileges
via a crafted application, aka "Win32k
Elevation of Privilege Vulnerability."

microsoft -- windows_2003_server

The authentication implementation in the

RPC subsystem in Microsoft Windows
Server 2003 SP2 and R2 SP2, Windows
Vista SP2, Windows Server 2008 SP2
and R2 SP1, Windows 7 SP1, Windows
CVE-20158, Windows 8.1, Windows Server 2012 2015-077.2 2370
Gold and R2, and Windows RT Gold and
14
MS
8.1 does not prevent DCE/RPC
connection reflection, which allows local
users to gain privileges via a crafted
application, aka "Windows RPC
Elevation of Privilege Vulnerability."

microsoft -- vbscript

vbscript.dll in Microsoft VBScript 5.6

through 5.8, as used with Internet
Explorer 6 through 11 and other
products, allows remote attackers to

CVE-20152015-072372
9.3
14
MS
MS

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

execute arbitrary code or cause a denial

of service (memory corruption) via a
crafted web site, aka "VBScript Memory
Corruption Vulnerability."

microsoft -- windows_7

The Remote Desktop Protocol (RDP)

server service in Microsoft Windows 7
SP1, Windows 8, and Windows Server
CVE-20152012 allows remote attackers to execute 2015-0710.0 2373
arbitrary code via a series of crafted
14
MS
packets, aka "Remote Desktop Protocol
(RDP) Remote Code
Execution Vulnerability."

microsoft -- excel

Microsoft Excel 2007 SP3, Excel 2010

SP2, Excel 2013 SP1, Excel 2013 RT
SP1, Office for Mac 2011, Excel Viewer
2007 SP3, Office Compatibility Pack
SP3, Excel Services on SharePoint
Server 2007 SP3, Excel Services on
CVE-20152015-07SharePoint Server 2010 SP2, and Excel
9.3 2376
14
Services on SharePoint Server 2013 SP1
MS
allow remote attackers to execute
arbitrary code or cause a denial of
service (memory corruption) via a crafted
Office document, aka "Microsoft Office
Memory Corruption Vulnerability."

microsoft -- excel

Microsoft Excel 2007 SP3, Excel 2010

SP2, Excel 2013 SP1, Excel 2013 RT
CVE-20152015-07SP1, and Office Compatibility Pack SP3
9.3 2377
14
allow remote attackers to execute
MS
arbitrary code or cause a denial of

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

service (memory corruption) via a crafted

Office document, aka "Microsoft Office
Memory CorruptionVulnerability."

microsoft -- office

Microsoft Word 2007 SP3, Office 2010

SP2, Word 2010 SP2, Word 2013 SP1,
Word 2013 RT SP1, Office for Mac 2011,
CVE-2015and Word Viewer allow remote attackers 2015-079.3 2379
to execute arbitrary code or cause a
14
MS
denial of service (memory corruption) via
a crafted Office document, aka "Microsoft
Office Memory CorruptionVulnerability."

microsoft -- office

Microsoft Word 2007 SP3, Office 2010

SP2, Word 2010 SP2, Word 2013 SP1,
and Word 2013 RT SP1 allow remote
CVE-2015attackers to execute arbitrary code or
2015-079.3 2380
cause a denial of service (memory
14
MS
corruption) via a crafted Office document,
aka "Microsoft Office Memory
Corruption Vulnerability."

microsoft -- internet_explorer

Microsoft Internet Explorer 11 allows

remote attackers to execute arbitrary
code or cause a denial of service
(memory corruption) via a crafted web
site, aka "Internet Explorer Memory
Corruption Vulnerability," a
different vulnerability than CVE-20152384 and CVE-2015-2425.

CVE-20152015-079.3 2383
14
MS

Microsoft Internet Explorer 11 allows

remote attackers to execute arbitrary

2015-07- 9.3 CVE-201514

2384

microsoft -- internet_explorer

Primary
Vendor -- Product

Description
code or cause a denial of service
(memory corruption) via a crafted web
site, aka "Internet Explorer Memory
Corruption Vulnerability," a
different vulnerability than CVE-20152383 and CVE-2015-2425.

Published

CVSS Source &

Score Patch Info

MS

microsoft -- internet_explorer

Microsoft Internet Explorer 6 through 11

allows remote attackers to execute
arbitrary code or cause a denial of
service (memory corruption) via a crafted
CVE-20152015-07web site, aka "Internet Explorer Memory
9.3 2385
14
CorruptionVulnerability," a
MS
different vulnerability than CVE-20152390, CVE-2015-2397, CVE-2015-2404,
CVE-2015-2406, and CVE-2015-2422.

microsoft -- windows_2003_server

ATMFD.DLL in the Adobe Type Manager

Font Driver in Microsoft Windows Server
2003 SP2, Windows Vista SP2, Windows
Server 2008 SP2 and R2 SP1, Windows
CVE-20157 SP1, Windows 8, Windows 8.1,
2015-077.2 2387
Windows Server 2012 Gold and R2, and
14
MS
Windows RT Gold and 8.1 allows local
users to gain privileges via a crafted
application, aka "ATMFD.DLL Memory
CorruptionVulnerability."

microsoft -- internet_explorer

Microsoft Internet Explorer 8 and 9

allows remote attackers to execute
CVE-20152015-07arbitrary code or cause a denial of
9.3 2388
14
service (memory corruption) via a crafted
MS
web site, aka "Internet Explorer Memory

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

CorruptionVulnerability," a
different vulnerability than CVE-20151738.

microsoft -- internet_explorer

Microsoft Internet Explorer 10 and 11

allows remote attackers to execute
arbitrary code or cause a denial of
CVE-2015service (memory corruption) via a crafted 2015-079.3 2389
web site, aka "Internet Explorer Memory
14
MS
CorruptionVulnerability," a
different vulnerability than CVE-20151733 and CVE-2015-2411.

microsoft -- internet_explorer

Microsoft Internet Explorer 6 through 11

allows remote attackers to execute
arbitrary code or cause a denial of
service (memory corruption) via a crafted
CVE-20152015-07web site, aka "Internet Explorer Memory
9.3 2390
14
CorruptionVulnerability," a
MS
different vulnerability than CVE-20152385, CVE-2015-2397, CVE-2015-2404,
CVE-2015-2406, and CVE-2015-2422.

microsoft -- internet_explorer

Microsoft Internet Explorer 9 allows

remote attackers to execute arbitrary
code or cause a denial of service
(memory corruption) via a crafted web
site, aka "Internet Explorer Memory
Corruption Vulnerability."

CVE-20152015-079.3 2391
14
MS

microsoft -- internet_explorer

Microsoft Internet Explorer 6 through 11

allows remote attackers to execute
arbitrary code or cause a denial of

CVE-20152015-079.3 2397
14
MS

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

service (memory corruption) via a crafted

web site, aka "Internet Explorer Memory
CorruptionVulnerability," a
different vulnerability than CVE-20152385, CVE-2015-2390, CVE-2015-2404,
CVE-2015-2406, and CVE-2015-2422.

microsoft -- internet_explorer

Microsoft Internet Explorer 9 through 11

allows remote attackers to execute
arbitrary code or cause a denial of
CVE-2015service (memory corruption) via a crafted 2015-079.3 2401
web site, aka "Internet Explorer Memory
14
MS
CorruptionVulnerability," a
different vulnerability than CVE-20151767 and CVE-2015-2408.

microsoft -- internet_explorer

Microsoft Internet Explorer 8 allows

remote attackers to execute arbitrary
code or cause a denial of service
(memory corruption) via a crafted web
site, aka "Internet Explorer Memory
Corruption Vulnerability."

microsoft -- internet_explorer

Microsoft Internet Explorer 6 through 11

allows remote attackers to execute
arbitrary code or cause a denial of
service (memory corruption) via a crafted
CVE-20152015-07web site, aka "Internet Explorer Memory
9.3 2404
14
CorruptionVulnerability," a
MS
different vulnerability than CVE-20152385, CVE-2015-2390, CVE-2015-2397,
CVE-2015-2406, and CVE-2015-2422.

CVE-20152015-079.3 2403
14
MS

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

microsoft -- internet_explorer

Microsoft Internet Explorer 6 through 11

allows remote attackers to execute
arbitrary code or cause a denial of
service (memory corruption) via a crafted
CVE-20152015-07web site, aka "Internet Explorer Memory
9.3 2406
14
CorruptionVulnerability," a
MS
different vulnerability than CVE-20152385, CVE-2015-2390, CVE-2015-2397,
CVE-2015-2404, and CVE-2015-2422.

microsoft -- internet_explorer

Microsoft Internet Explorer 9 through 11

allows remote attackers to execute
arbitrary code or cause a denial of
CVE-2015service (memory corruption) via a crafted 2015-079.3 2408
web site, aka "Internet Explorer Memory
14
MS
CorruptionVulnerability," a
different vulnerability than CVE-20151767 and CVE-2015-2401.

microsoft -- internet_explorer

Microsoft Internet Explorer 10 and 11

allows remote attackers to execute
arbitrary code or cause a denial of
CVE-2015service (memory corruption) via a crafted 2015-079.3 2411
web site, aka "Internet Explorer Memory
14
MS
CorruptionVulnerability," a
different vulnerability than CVE-20151733 and CVE-2015-2389.

microsoft -- excel

Microsoft Excel 2007 SP3, Excel 2010

SP2, Excel 2013 SP1, Excel 2013 RT
CVE-20152015-07SP1, and Office Compatibility Pack SP3
9.3 2415
14
allow remote attackers to execute
MS
arbitrary code or cause a denial of

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

service (memory corruption) via a crafted

Office document, aka "Microsoft Office
Memory CorruptionVulnerability."

microsoft -- internet_explorer

JScript 9 in Microsoft Internet Explorer 10

and 11 allows remote attackers to
CVE-2015execute arbitrary code or cause a denial 2015-079.3 2419
of service (memory corruption) via a
14
MS
crafted web site, aka "JScript9 Memory
CorruptionVulnerability."

microsoft -- internet_explorer

Microsoft Internet Explorer 6 through 11

allows remote attackers to execute
arbitrary code or cause a denial of
service (memory corruption) via a crafted
CVE-20152015-07web site, aka "Internet Explorer Memory
9.3 2422
14
CorruptionVulnerability," a
MS
different vulnerability than CVE-20152385, CVE-2015-2390, CVE-2015-2397,
CVE-2015-2404, and CVE-2015-2406.

microsoft -- powerpoint

Microsoft PowerPoint 2007 SP3, Word

2007 SP3, PowerPoint 2010 SP2, Word
2010 SP2, PowerPoint 2013 SP1, Word
2013 SP1, and PowerPoint 2013 RT SP1
CVE-20152015-07allow remote attackers to execute
9.3 2424
14
arbitrary code or cause a denial of
MS
service (memory corruption) via a crafted
Office document, aka "Microsoft Office
Memory Corruption Vulnerability."

microsoft -- internet_explorer

Microsoft Internet Explorer 11 allows

remote attackers to execute arbitrary

2015-07- 9.3 CVE-201514

2425

Primary
Vendor -- Product

Description
code or cause a denial of service
(memory corruption) via a crafted web
site, aka "Internet Explorer Memory
Corruption Vulnerability," a
different vulnerability than CVE-20152383 and CVE-2015-2384.

Published

CVSS Source &

Score Patch Info

MS

oracle -- jdk

Unspecified vulnerability in Oracle Java

SE 6u95, 7u80, and 8u45, and Java SE
Embedded 7u75 and 8u33 allows remote
CVE-2015attackers to affect confidentiality,
2015-0710.0 2590
integrity, and availability via unknown
16
CONFIRM
vectors related to Libraries, a
different vulnerability than CVE-20154732.

oracle -- fusion_middleware

Unspecified vulnerability in the Oracle

Access Manager component in Oracle
CVE-2015Fusion Middleware 11.1.2.2 allows
2015-077.1 2593
remote authenticated users to affect
16
CONFIRM
confidentiality and integrity via unknown
vectors related to Configuration Service.

oracle -- jdk

Unspecified vulnerability in Oracle Java

SE 7u80 and 8u45 allows local users to
affect confidentiality, integrity, and
availability via unknown vectors related
to Install.

oracle -- fusion_middleware

Unspecified vulnerability in the Oracle

CVE-2015Endeca Information Discovery Studio
2015-077.5 2602
component in Oracle Fusion Middleware
16
CONFIRM
2.2.2, 2.3, 2.4, 3.0, and 3.1 allows

CVE-20152015-077.2 2597
16
CONFIRM

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

remote attackers to affect confidentiality,

integrity, and availability via unknown
vectors related to Integrator , a
different vulnerability than CVE-20152603, CVE-2015-2604, CVE-2015-2605,
CVE-2015-2606, and CVE-2015-4745.

oracle -- fusion_middleware

Unspecified vulnerability in the Oracle

Endeca Information Discovery Studio
component in Oracle Fusion Middleware
2.2.2, 2.3, 2.4, 3.0, and 3.1 allows
CVE-2015remote attackers to affect confidentiality, 2015-077.5 2603
integrity, and availability via unknown
16
CONFIRM
vectors related to Integrator, a
different vulnerability than CVE-20152602, CVE-2015-2604, CVE-2015-2605,
CVE-2015-2606, and CVE-2015-4745.

oracle -- fusion_middleware

Unspecified vulnerability in the Oracle

Endeca Information Discovery Studio
component in Oracle Fusion Middleware
2.2.2, 2.3, 2.4, 3.0, and 3.1 allows
CVE-2015remote attackers to affect confidentiality, 2015-077.5 2604
integrity, and availability via unknown
16
CONFIRM
vectors related to Integrator, a
different vulnerability than CVE-20152602, CVE-2015-2603, CVE-2015-2605,
CVE-2015-2606, and CVE-2015-4745.

oracle -- fusion_middleware

Unspecified vulnerability in the Oracle

Endeca Information Discovery Studio
2015-07component in Oracle Fusion Middleware
16
2.2.2, 2.3, 2.4, 3.0, and 3.1 allows

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

remote attackers to affect confidentiality,

integrity, and availability via unknown
vectors related to Integrator, a
different vulnerability than CVE-20152602, CVE-2015-2603, CVE-2015-2604,
CVE-2015-2606, and CVE-2015-4745.
...
[Message clipped] View entire message

National CERT

to cirttl.lict

<nationalcertbd@gmail.com>

Jul 28

SB15-201: Vulnerability Summary for the Week of July 13, 2015

High Vulnerabilities
Primary
Vendor -- Product

adobe -- acrobat

adobe -- acrobat

Description

Published

CVSS Source &

Score Patch Info

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to execute arbitrary code
10.0 3095
15
or cause a denial of service (memory
CONFIRM
corruption) via unspecified vectors, a
different vulnerability than CVE-20155087, CVE-2015-5094, CVE-2015-5100,
CVE-2015-5102, CVE-2015-5103, CVE2015-5104, and CVE-2015-5115.
Adobe Reader and Acrobat 10.x before 2015-07- 10.0 CVE-201510.1.15 and 11.x before 11.0.12, Acrobat
15
4435
and Acrobat Reader DC Classic before
CONFIRM
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allow attackers to bypass JavaScript API
execution restrictions via unspecified
vectors, a differentvulnerability than
CVE-2015-4438, CVE-2015-4441, CVE2015-4445, CVE-2015-4447, CVE-20154451, CVE-2015-4452, CVE-2015-5085,

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

and CVE-2015-5086.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to bypass JavaScript API
10.0 4438
15
execution restrictions via unspecified
CONFIRM
vectors, a differentvulnerability than
CVE-2015-4435, CVE-2015-4441, CVE2015-4445, CVE-2015-4447, CVE-20154451, CVE-2015-4452, CVE-2015-5085,
and CVE-2015-5086.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to bypass JavaScript API
10.0 4441
15
execution restrictions via unspecified
CONFIRM
vectors, a differentvulnerability than
CVE-2015-4435, CVE-2015-4438, CVE2015-4445, CVE-2015-4447, CVE-20154451, CVE-2015-4452, CVE-2015-5085,
and CVE-2015-5086.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before 2015-07- 10.0 CVE-201510.1.15 and 11.x before 11.0.12, Acrobat
15
4445
and Acrobat Reader DC Classic before
CONFIRM

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

2015.006.30060, and Acrobat and

Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allow attackers to bypass JavaScript API
execution restrictions via unspecified
vectors, a differentvulnerability than
CVE-2015-4435, CVE-2015-4438, CVE2015-4441, CVE-2015-4447, CVE-20154451, CVE-2015-4452, CVE-2015-5085,
and CVE-2015-5086.

adobe -- acrobat

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
CVE-20152015.008.20082 on Windows and OS X 2015-077.5 4446
allow attackers to bypass intended
15
CONFIRM
access restrictions and perform a
transition from Low Integrity to Medium
Integrity via unspecified vectors, a
differentvulnerability than CVE-20155090 and CVE-2015-5106.
Adobe Reader and Acrobat 10.x before 2015-07- 10.0 CVE-201510.1.15 and 11.x before 11.0.12, Acrobat
15
4447
and Acrobat Reader DC Classic before
CONFIRM
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allow attackers to bypass JavaScript API
execution restrictions via unspecified

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

vectors, a differentvulnerability than

CVE-2015-4435, CVE-2015-4438, CVE2015-4441, CVE-2015-4445, CVE-20154451, CVE-2015-4452, CVE-2015-5085,
and CVE-2015-5086.

adobe -- acrobat

adobe -- acrobat

Use-after-free vulnerability in Adobe

Reader and Acrobat 10.x before 10.1.15
and 11.x before 11.0.12, Acrobat and
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
CVE-20152015-072015.008.20082 on Windows and OS X
10.0 4448
15
allows attackers to execute arbitrary
CONFIRM
code via unspecified vectors, a
different vulnerability than CVE-20155095, CVE-2015-5099, CVE-2015-5101,
CVE-2015-5111, CVE-2015-5113, and
CVE-2015-5114.
Adobe Reader and Acrobat 10.x before 2015-07- 10.0 CVE-201510.1.15 and 11.x before 11.0.12, Acrobat
15
4451
and Acrobat Reader DC Classic before
CONFIRM
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allow attackers to bypass JavaScript API
execution restrictions via unspecified
vectors, a differentvulnerability than
CVE-2015-4435, CVE-2015-4438, CVE2015-4441, CVE-2015-4445, CVE-20154447, CVE-2015-4452, CVE-2015-5085,

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

and CVE-2015-5086.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to bypass JavaScript API
10.0 4452
15
execution restrictions via unspecified
CONFIRM
vectors, a differentvulnerability than
CVE-2015-4435, CVE-2015-4438, CVE2015-4441, CVE-2015-4445, CVE-20154447, CVE-2015-4451, CVE-2015-5085,
and CVE-2015-5086.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to bypass JavaScript API
10.0 5085
15
execution restrictions via unspecified
CONFIRM
vectors, a differentvulnerability than
CVE-2015-4435, CVE-2015-4438, CVE2015-4441, CVE-2015-4445, CVE-20154447, CVE-2015-4451, CVE-2015-4452,
and CVE-2015-5086.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before 2015-07- 10.0 CVE-201510.1.15 and 11.x before 11.0.12, Acrobat
15
5086
and Acrobat Reader DC Classic before
CONFIRM

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

2015.006.30060, and Acrobat and

Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allow attackers to bypass JavaScript API
execution restrictions via unspecified
vectors, a differentvulnerability than
CVE-2015-4435, CVE-2015-4438, CVE2015-4441, CVE-2015-4445, CVE-20154447, CVE-2015-4451, CVE-2015-4452,
and CVE-2015-5085.

adobe -- acrobat

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to execute arbitrary code
10.0 5087
15
or cause a denial of service (memory
CONFIRM
corruption) via unspecified vectors, a
different vulnerability than CVE-20153095, CVE-2015-5094, CVE-2015-5100,
CVE-2015-5102, CVE-2015-5103, CVE2015-5104, and CVE-2015-5115.
Adobe Reader and Acrobat 10.x before 2015-07- 7.5 CVE-201510.1.15 and 11.x before 11.0.12, Acrobat
15
5090
and Acrobat Reader DC Classic before
CONFIRM
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allow attackers to bypass intended

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

access restrictions and perform a

transition from Low Integrity to Medium
Integrity via unspecified vectors, a
differentvulnerability than CVE-20154446 and CVE-2015-5106.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
CVE-20152015.006.30060, and Acrobat and
2015-077.8 5091
Acrobat Reader DC Continuous before
15
CONFIRM
2015.008.20082 on Windows and OS X
allow attackers to cause a denial of
service via invalid data.

adobe -- acrobat

Buffer overflow in Adobe Reader and

Acrobat 10.x before 10.1.15 and 11.x
before 11.0.12, Acrobat and Acrobat
Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allows attackers to execute arbitrary
code via unspecified vectors.

adobe -- acrobat

CVE-20152015-0710.0 5093
15
CONFIRM

Adobe Reader and Acrobat 10.x before 2015-07- 10.0 CVE-201510.1.15 and 11.x before 11.0.12, Acrobat
15
5094
and Acrobat Reader DC Classic before
CONFIRM
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allow attackers to execute arbitrary code
or cause a denial of service (memory

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

corruption) via unspecified vectors, a

different vulnerability than CVE-20153095, CVE-2015-5087, CVE-2015-5100,
CVE-2015-5102, CVE-2015-5103, CVE2015-5104, and CVE-2015-5115.

adobe -- acrobat

Use-after-free vulnerability in Adobe

Reader and Acrobat 10.x before 10.1.15
and 11.x before 11.0.12, Acrobat and
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
CVE-20152015-072015.008.20082 on Windows and OS X
10.0 5095
15
allows attackers to execute arbitrary
CONFIRM
code via unspecified vectors, a
different vulnerability than CVE-20154448, CVE-2015-5099, CVE-2015-5101,
CVE-2015-5111, CVE-2015-5113, and
CVE-2015-5114.

adobe -- acrobat

Heap-based buffer overflow in Adobe

Reader and Acrobat 10.x before 10.1.15
and 11.x before 11.0.12, Acrobat and
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
CVE-20152015-07Acrobat Reader DC Continuous before
10.0 5096
15
2015.008.20082 on Windows and OS X
CONFIRM
allows attackers to execute arbitrary
code via unspecified vectors, a
different vulnerability than CVE-20155098 and CVE-2015-5105.

adobe -- acrobat

Integer overflow in Adobe Reader and

2015-07- 10.0 CVE-2015-

Primary
Vendor -- Product

Description
Acrobat 10.x before 10.1.15 and 11.x
before 11.0.12, Acrobat and Acrobat
Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allows attackers to execute arbitrary
code via unspecified vectors, a
different vulnerability than CVE-20155108 and CVE-2015-5109.

adobe -- acrobat

adobe -- acrobat

Published

15

CVSS Source &

Score Patch Info

5097
CONFIRM

Heap-based buffer overflow in Adobe

Reader and Acrobat 10.x before 10.1.15
and 11.x before 11.0.12, Acrobat and
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
CVE-20152015-07Acrobat Reader DC Continuous before
10.0 5098
15
2015.008.20082 on Windows and OS X
CONFIRM
allows attackers to execute arbitrary
code via unspecified vectors, a
different vulnerability than CVE-20155096 and CVE-2015-5105.
Use-after-free vulnerability in Adobe
2015-07- 10.0 CVE-2015Reader and Acrobat 10.x before 10.1.15
15
5099
and 11.x before 11.0.12, Acrobat and
CONFIRM
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allows attackers to execute arbitrary
code via unspecified vectors, a

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

different vulnerability than CVE-20154448, CVE-2015-5095, CVE-2015-5101,

CVE-2015-5111, CVE-2015-5113, and
CVE-2015-5114.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to execute arbitrary code
10.0 5100
15
or cause a denial of service (memory
CONFIRM
corruption) via unspecified vectors, a
different vulnerability than CVE-20153095, CVE-2015-5087, CVE-2015-5094,
CVE-2015-5102, CVE-2015-5103, CVE2015-5104, and CVE-2015-5115.

adobe -- acrobat

Use-after-free vulnerability in Adobe

Reader and Acrobat 10.x before 10.1.15
and 11.x before 11.0.12, Acrobat and
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
CVE-20152015-072015.008.20082 on Windows and OS X
10.0 5101
15
allows attackers to execute arbitrary
CONFIRM
code via unspecified vectors, a
different vulnerability than CVE-20154448, CVE-2015-5095, CVE-2015-5099,
CVE-2015-5111, CVE-2015-5113, and
CVE-2015-5114.

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to execute arbitrary code
10.0 5102
15
or cause a denial of service (memory
CONFIRM
corruption) via unspecified vectors, a
different vulnerability than CVE-20153095, CVE-2015-5087, CVE-2015-5094,
CVE-2015-5100, CVE-2015-5103, CVE2015-5104, and CVE-2015-5115.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to execute arbitrary code
10.0 5103
15
or cause a denial of service (memory
CONFIRM
corruption) via unspecified vectors, a
different vulnerability than CVE-20153095, CVE-2015-5087, CVE-2015-5094,
CVE-2015-5100, CVE-2015-5102, CVE2015-5104, and CVE-2015-5115.

adobe -- acrobat

Adobe Reader and Acrobat 10.x before 2015-07- 10.0 CVE-201510.1.15 and 11.x before 11.0.12, Acrobat
15
5104
and Acrobat Reader DC Classic before
CONFIRM
2015.006.30060, and Acrobat and

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

Acrobat Reader DC Continuous before

2015.008.20082 on Windows and OS X
allow attackers to execute arbitrary code
or cause a denial of service (memory
corruption) via unspecified vectors, a
different vulnerability than CVE-20153095, CVE-2015-5087, CVE-2015-5094,
CVE-2015-5100, CVE-2015-5102, CVE2015-5103, and CVE-2015-5115.

adobe -- acrobat

adobe -- acrobat

Heap-based buffer overflow in Adobe

Reader and Acrobat 10.x before 10.1.15
and 11.x before 11.0.12, Acrobat and
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
CVE-20152015-07Acrobat Reader DC Continuous before
10.0 5105
15
2015.008.20082 on Windows and OS X
CONFIRM
allows attackers to execute arbitrary
code via unspecified vectors, a
different vulnerability than CVE-20155096 and CVE-2015-5098.
Adobe Reader and Acrobat 10.x before 2015-07- 7.5 CVE-201510.1.15 and 11.x before 11.0.12, Acrobat
15
5106
and Acrobat Reader DC Classic before
CONFIRM
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allow attackers to bypass intended
access restrictions and perform a
transition from Low Integrity to Medium
Integrity via unspecified vectors, a

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

differentvulnerability than CVE-20154446 and CVE-2015-5090.

adobe -- acrobat

Integer overflow in Adobe Reader and

Acrobat 10.x before 10.1.15 and 11.x
before 11.0.12, Acrobat and Acrobat
Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allows attackers to execute arbitrary
code via unspecified vectors, a
different vulnerability than CVE-20155097 and CVE-2015-5109.

CVE-20152015-0710.0 5108
15
CONFIRM

adobe -- acrobat

Integer overflow in Adobe Reader and

Acrobat 10.x before 10.1.15 and 11.x
before 11.0.12, Acrobat and Acrobat
Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allows attackers to execute arbitrary
code via unspecified vectors, a
different vulnerability than CVE-20155097 and CVE-2015-5108.

CVE-20152015-0710.0 5109
15
CONFIRM

adobe -- acrobat

Stack-based buffer overflow in Adobe

2015-07- 10.0 CVE-2015Reader and Acrobat 10.x before 10.1.15
15
5110
and 11.x before 11.0.12, Acrobat and
CONFIRM
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

2015.008.20082 on Windows and OS X

allows attackers to execute arbitrary
code via unspecified vectors.

adobe -- acrobat

Use-after-free vulnerability in Adobe

Reader and Acrobat 10.x before 10.1.15
and 11.x before 11.0.12, Acrobat and
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
CVE-20152015-072015.008.20082 on Windows and OS X
10.0 5111
15
allows attackers to execute arbitrary
CONFIRM
code via unspecified vectors, a
different vulnerability than CVE-20154448, CVE-2015-5095, CVE-2015-5099,
CVE-2015-5101, CVE-2015-5113, and
CVE-2015-5114.

adobe -- acrobat

Use-after-free vulnerability in Adobe

Reader and Acrobat 10.x before 10.1.15
and 11.x before 11.0.12, Acrobat and
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
CVE-20152015-072015.008.20082 on Windows and OS X
10.0 5113
15
allows attackers to execute arbitrary
CONFIRM
code via unspecified vectors, a
different vulnerability than CVE-20154448, CVE-2015-5095, CVE-2015-5099,
CVE-2015-5101, CVE-2015-5111, and
CVE-2015-5114.

adobe -- acrobat

Use-after-free vulnerability in Adobe

2015-07- 10.0 CVE-2015-

Primary
Vendor -- Product

adobe -- acrobat

adobe -- shockwave_player

Description

Published

Reader and Acrobat 10.x before 10.1.15

and 11.x before 11.0.12, Acrobat and
Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
allows attackers to execute arbitrary
code via unspecified vectors, a
different vulnerability than CVE-20154448, CVE-2015-5095, CVE-2015-5099,
CVE-2015-5101, CVE-2015-5111, and
CVE-2015-5113.

15

CVSS Source &

Score Patch Info

5114
CONFIRM

Adobe Reader and Acrobat 10.x before

10.1.15 and 11.x before 11.0.12, Acrobat
and Acrobat Reader DC Classic before
2015.006.30060, and Acrobat and
Acrobat Reader DC Continuous before
2015.008.20082 on Windows and OS X
CVE-20152015-07allow attackers to execute arbitrary code
10.0 5115
15
or cause a denial of service (memory
CONFIRM
corruption) via unspecified vectors, a
different vulnerability than CVE-20153095, CVE-2015-5087, CVE-2015-5094,
CVE-2015-5100, CVE-2015-5102, CVE2015-5103, and CVE-2015-5104.
Adobe Shockwave Player before
12.1.9.159 allows attackers to execute
arbitrary code or cause a denial of
service (memory corruption) via
unspecified vectors, a

2015-07- 10.0 CVE-201514

5120
CONFIRM

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

different vulnerability than CVE-20155121.

adobe -- shockwave_player

Adobe Shockwave Player before

12.1.9.159 allows attackers to execute
arbitrary code or cause a denial of
service (memory corruption) via
unspecified vectors, a
different vulnerability than CVE-20155120.

adobe -- flash_player

Use-after-free vulnerability in the

DisplayObject class in the ActionScript 3
(AS3) implementation in Adobe Flash
Player 13.x through 13.0.0.302 on
Windows and OS X, 14.x through
18.0.0.203 on Windows and OS X, 11.x
CVE-2015through 11.2.202.481 on Linux, and 12.x
5122
2015-07through 18.0.0.204 on Linux Chrome
10.0 CERT-VN
14
installations allows remote attackers to
MISC
execute arbitrary code or cause a denial
CONFIRM
of service (memory corruption) via
crafted Flash content that leverages
improper handling of the
opaqueBackground property, as
exploited in the wild in July 2015.

adobe -- flash_player

Use-after-free vulnerability in the

BitmapData class in the ActionScript 3
(AS3) implementation in Adobe Flash
Player 13.x through 13.0.0.302 on
Windows and OS X, 14.x through
18.0.0.203 on Windows and OS X, 11.x

CVE-20152015-0710.0 5121
14
CONFIRM

2015-07- 10.0 CVE-201514

5123
CERT-VN
CONFIRM
MISC

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

through 11.2.202.481 on Linux, and 12.x

through 18.0.0.204 on Linux Chrome
installations allows remote attackers to
execute arbitrary code or cause a denial
of service (memory corruption) via
crafted Flash content that overrides a
ValueOf function, as exploited in the wild
in July 2015.

centreon -- centreon

SQL injection vulnerability in the

isUserAdmin function in
include/common/common-Func.php in
CVE-2015Centreon (formerly Merethis Centreon)
1560
2015-072.5.4 and earlier allows remote attackers
7.5 CONFIRM
14
to execute arbitrary SQL commands via
BUGTRAQ
the sid parameter to
MISC
include/common/XmlTree/GetXmlTree.ph
p.

Cisco Videoscape Distribution Suite

Service Broker (aka VDS-SB), when a
VDSM configuration on UCS is used, and
Videoscape Distribution Suite for Internet
cisco -CVE-2015Streaming (aka VDS-IS or CDS-IS)
2015-07videoscape_distribution_suite_for_internet_streami
7.8 0725
before 3.3.1 R7 and 4.x before 4.0.0 R4
16
ng
CISCO
allow remote attackers to cause a denial
of service (device reload) via a crafted
HTTP request, aka Bug IDs
CSCus79834 and CSCuu63409.
djangoproject -- django

The session backends in Django before

1.4.21, 1.5.x through 1.6.x, 1.7.x before
1.7.9, and 1.8.x before 1.8.3 allows

2015-07- 7.8 CVE-201514

5143
CONFIRM

Primary
Vendor -- Product

Description
remote attackers to cause a denial of
service (session store consumption) via
multiple requests with unique session
keys.

Published

CVSS Source &

Score Patch Info
UBUNTU
DEBIAN

djangoproject -- django

validators.URLValidator in Django 1.8.x

before 1.8.3 allows remote attackers to
cause a denial of service (CPU
consumption) via unspecified vectors.

CVE-20152015-077.8 5145
14
CONFIRM

emc -- recoverpoint_for_virtual_machines

EMC RecoverPoint for Virtual Machines

(VMs) 4.2 allows local users to obtain
root-shell access by bypassing the
Installation Manager Boxmgmt CLI
interface.

CVE-20152015-077.2 4526
10
BUGTRAQ

ibm -- business_process_manager

The REST API in IBM Business Process

Manager (BPM) 7.5.x through 7.5.1.2,
8.0.x through 8.0.1.3, 8.5.0 through
CVE-20158.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6
2015-071961
through 8.5.6.0 allows remote
9.0
13
CONFIRM
authenticated users to bypass intended
AIXAPAR
access restrictions and execute arbitrary
JavaScript code on the server via an
unspecified API call.

juniper -- junos

The Juniper SRX Series services

2015-07- 7.2 CVE-2015gateways with Junos OS 12.1X46 before
14
3007
12.1X46-D35, 12.1X47 before 12.1X47SECTRACK
D25, and 12.3X48 before 12.3X48-D15
CONFIRM
do not properly implement the "set
system ports console insecure" feature,
which allows physically proximate

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

attackers to gain administrative privileges

by leveraging access to the console port.

juniper -- junos

juniper -- junos

Juniper Junos OS 12.1X44 before

12.1X44-D50, 12.1X46 before 12.1X46D35, 12.1X47 before 12.1X47-D25, 12.3
before 12.3R9, 12.3X48 before 12.3X48D15, 13.2 before 13.2R7, 13.2X51 before
13.2X51-D35, 13.2X52 before 13.2X52D25, 13.3 before 13.3R6, 14.1R3 before
14.1R3-S2, 14.1 before 14.1R4, 14.1X53
CVE-2015before 14.1X53-D12, 14.1X53 before
2015-075358
7.1
14.1X53-D16, 14.1X55 before 14.1X5514
SECTRACK
D25, 14.2 before 14.2R2, and 15.1
CONFIRM
before 15.1R1 allows remote attackers to
cause a denial of service (mbuf and
connection consumption and restart) via
a large number of requests that trigger a
TCP connection to move to the
LAST_ACK state when there is more
data to send.
Juniper Junos OS 12.1X44 before
2015-07- 7.1 CVE-201512.1X44-D50, 12.1X46 before 12.1X4614
5359
D35, 12.1X47 before 12.1X47-D25, 12.3
SECTRACK
before 12.3R9, 12.3X48 before 12.3X48CONFIRM
D10, 13.2 before 13.2R7, 13.3 before
13.3R5, 14.1R3 before 14.1R3-S2, 14.1
before 14.1R4, 14.2 before 14.2R2, and
15.1 before 15.1R1 allows remote
attackers to cause a denial of service
(NULL pointer dereference and RDP

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

crash) via a large number of BGP-VPLS

advertisements with updated BGP local
preference values.

juniper -- junos

The BFD daemon in Juniper Junos OS

12.1X44 before 12.1X44-D50, 12.1X46
before 12.1X46-D35, 12.1X47 before
12.1X47-D25, 12.3 before 12.3R10,
12.3X48 before 12.3X48-D15, 13.2
before 13.2R8, 13.3 before 13.3R6, 14.1
CVE-2015before 14.1R5, 14.1X50 before 14.1X50- 2015-075362
9.3
D85, 14.1X55 before 14.1X55-D20, 14.2
14
SECTRACK
before 14.2R3, 15.1 before 15.1R1, and
CONFIRM
15.1X49 before 15.1X49-D10 allows
remote attackers to cause a denial of
service (bfdd crash and restart) or
execute arbitrary code via a crafted BFD
packet.

linuxfoundation -- cups-filters

CVE-2015Heap-based buffer overflow in the

3258
WriteProlog function in filter/texttopdf.c in
CONFIRM
texttopdf in cups-filters before 1.0.70
2015-07BID
allows remote attackers to cause a denial
7.5
14
MLIST
of service (crash) or possibly execute
DEBIAN
arbitrary code via a small line size in a
UBUNTU
print job.
CONFIRM

linuxfoundation -- cups-filters

Integer overflow in filter/texttopdf.c in

2015-07- 7.5 CVE-2015texttopdf in cups-filters before 1.0.71
14
3279
allows remote attackers to cause a denial
CONFIRM
of service (crash) or possibly execute
BID
arbitrary code via a crafted line size in a
MLIST

Primary
Vendor -- Product

Description

print job, which triggers a heap-based

buffer overflow.

Published

CVSS Source &

Score Patch Info
MLIST
DEBIAN
UBUNTU
CONFIRM
CONFIRM
CONFIRM

microsoft -- internet_explorer

Microsoft Internet Explorer 10 and 11

allows remote attackers to execute
arbitrary code or cause a denial of
CVE-2015service (memory corruption) via a crafted 2015-079.3 1733
web site, aka "Internet Explorer Memory
14
MS
CorruptionVulnerability," a
different vulnerability than CVE-20152389 and CVE-2015-2411.

microsoft -- internet_explorer

Microsoft Internet Explorer 8 and 9

allows remote attackers to execute
arbitrary code or cause a denial of
CVE-2015service (memory corruption) via a crafted 2015-079.3 1738
web site, aka "Internet Explorer Memory
14
MS
CorruptionVulnerability," a
different vulnerability than CVE-20152388.

microsoft -- sql_server

Microsoft SQL Server 2008 SP3 and

SP4, 2008 R2 SP2 and SP3, 2012 SP1
and SP2, and 2014, when transactional
replication is configured, does not
prevent use of uninitialized memory in
unspecified function calls, which allows
remote authenticated users to execute
arbitrary code by leveraging certain

2015-07- 7.1 CVE-201514

1762
MS

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

permissions and making a crafted query,

as demonstrated by the VIEW SERVER
STATE permission, aka "SQL Server
Remote Code ExecutionVulnerability."

microsoft -- sql_server

Microsoft SQL Server 2008 SP3 and

SP4, 2008 R2 SP2 and SP3, 2012 SP1
and SP2, and 2014 does not prevent use
of uninitialized memory in certain
CVE-20152015-07attempts to execute virtual functions,
8.5 1763
14
which allows remote authenticated users
MS
to execute arbitrary code via a crafted
query, aka "SQL Server Remote Code
Execution Vulnerability."

microsoft -- internet_explorer

Microsoft Internet Explorer 9 through 11

allows remote attackers to execute
arbitrary code or cause a denial of
CVE-2015service (memory corruption) via a crafted 2015-079.3 1767
web site, aka "Internet Explorer Memory
14
MS
CorruptionVulnerability," a
different vulnerability than CVE-20152401 and CVE-2015-2408.

microsoft -- windows_8.1

Hyper-V in Microsoft Windows 8.1 and

Windows Server 2012 R2 does not
properly initialize guest OS system data
structures, which allows guest OS users
CVE-20152015-07to execute arbitrary code on the host OS
7.2 2361
14
or cause a denial of service (buffer
MS
overflow) by leveraging guest OS
privileges, aka "Hyper-V Buffer
OverflowVulnerability."

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

microsoft -- windows_8

Hyper-V in Microsoft Windows Server

2008 SP2 and R2 SP1, Windows 8,
Windows 8.1, and Windows Server 2012
Gold and R2 does not properly initialize
CVE-2015guest OS system data structures, which 2015-077.2 2362
allows guest OS users to execute
14
MS
arbitrary code on the host OS by
leveraging guest OS privileges, aka
"Hyper-V System Data
Structure Vulnerability."

microsoft -- windows_2003_server

win32k.sys in the kernel-mode drivers in

Microsoft Windows Server 2003 SP2 and
R2 SP2, Windows Vista SP2, Windows
Server 2008 SP2 and R2 SP1, Windows
CVE-20152015-077 SP1, Windows 8, Windows 8.1,
7.2 2363
14
Windows Server 2012, and Windows RT
MS
allows local users to gain privileges via a
crafted application, aka "Win32k
Elevation of Privilege Vulnerability."

microsoft -- windows_2003_server

The graphics component in Microsoft

Windows Server 2003 SP2 and R2 SP2,
Windows Vista SP2, Windows Server
2008 SP2 and R2 SP1, Windows 7 SP1,
Windows 8, Windows 8.1, Windows
CVE-20152015-07Server 2012 Gold and R2, and Windows
7.2 2364
14
RT Gold and 8.1 allows local users to
MS
gain privileges via a crafted application
that leverages an incorrect bitmap
conversion, aka "Graphics Component
EOP Vulnerability."

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

microsoft -- windows_2003_server

win32k.sys in the kernel-mode drivers in

Microsoft Windows Server 2003 SP2 and
R2 SP2, Windows Vista SP2, Windows
Server 2008 SP2 and R2 SP1, Windows
CVE-20157 SP1, Windows 8, Windows 8.1,
2015-077.2 2365
Windows Server 2012 Gold and R2, and
14
MS
Windows RT Gold and 8.1 allows local
users to gain privileges via a crafted
application, aka "Win32k Elevation of
PrivilegeVulnerability."

microsoft -- windows_7

win32k.sys in the kernel-mode drivers in

Microsoft Windows 7 SP1, Windows
Server 2008 R2 SP1, Windows 8,
CVE-2015Windows 8.1, Windows Server 2012
2015-077.2 2366
Gold and R2, and Windows RT Gold and
14
MS
8.1 allows local users to gain privileges
via a crafted application, aka "Win32k
Elevation of Privilege Vulnerability."

microsoft -- windows_2003_server

The authentication implementation in the

RPC subsystem in Microsoft Windows
Server 2003 SP2 and R2 SP2, Windows
Vista SP2, Windows Server 2008 SP2
and R2 SP1, Windows 7 SP1, Windows
CVE-20158, Windows 8.1, Windows Server 2012 2015-077.2 2370
Gold and R2, and Windows RT Gold and
14
MS
8.1 does not prevent DCE/RPC
connection reflection, which allows local
users to gain privileges via a crafted
application, aka "Windows RPC
Elevation of Privilege Vulnerability."

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

microsoft -- vbscript

vbscript.dll in Microsoft VBScript 5.6

through 5.8, as used with Internet
Explorer 6 through 11 and other
CVE-2015products, allows remote attackers to
2015-072372
9.3
execute arbitrary code or cause a denial
14
MS
of service (memory corruption) via a
MS
crafted web site, aka "VBScript Memory
Corruption Vulnerability."

microsoft -- windows_7

The Remote Desktop Protocol (RDP)

server service in Microsoft Windows 7
SP1, Windows 8, and Windows Server
CVE-20152012 allows remote attackers to execute 2015-0710.0 2373
arbitrary code via a series of crafted
14
MS
packets, aka "Remote Desktop Protocol
(RDP) Remote Code
Execution Vulnerability."

microsoft -- excel

Microsoft Excel 2007 SP3, Excel 2010

SP2, Excel 2013 SP1, Excel 2013 RT
SP1, Office for Mac 2011, Excel Viewer
2007 SP3, Office Compatibility Pack
SP3, Excel Services on SharePoint
Server 2007 SP3, Excel Services on
CVE-20152015-07SharePoint Server 2010 SP2, and Excel
9.3 2376
14
Services on SharePoint Server 2013 SP1
MS
allow remote attackers to execute
arbitrary code or cause a denial of
service (memory corruption) via a crafted
Office document, aka "Microsoft Office
Memory Corruption Vulnerability."

microsoft -- excel

Microsoft Excel 2007 SP3, Excel 2010

2015-07- 9.3 CVE-2015-

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

SP2, Excel 2013 SP1, Excel 2013 RT

SP1, and Office Compatibility Pack SP3
allow remote attackers to execute
arbitrary code or cause a denial of
service (memory corruption) via a crafted
Office document, aka "Microsoft Office
Memory CorruptionVulnerability."

14

2377
MS

microsoft -- office

Microsoft Word 2007 SP3, Office 2010

SP2, Word 2010 SP2, Word 2013 SP1,
Word 2013 RT SP1, Office for Mac 2011,
CVE-2015and Word Viewer allow remote attackers 2015-079.3 2379
to execute arbitrary code or cause a
14
MS
denial of service (memory corruption) via
a crafted Office document, aka "Microsoft
Office Memory CorruptionVulnerability."

microsoft -- office

Microsoft Word 2007 SP3, Office 2010

SP2, Word 2010 SP2, Word 2013 SP1,
and Word 2013 RT SP1 allow remote
CVE-2015attackers to execute arbitrary code or
2015-079.3 2380
cause a denial of service (memory
14
MS
corruption) via a crafted Office document,
aka "Microsoft Office Memory
Corruption Vulnerability."

microsoft -- internet_explorer

Microsoft Internet Explorer 11 allows

remote attackers to execute arbitrary
code or cause a denial of service
(memory corruption) via a crafted web
site, aka "Internet Explorer Memory
Corruption Vulnerability," a
different vulnerability than CVE-2015-

2015-07- 9.3 CVE-201514

2383
MS

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

2384 and CVE-2015-2425.

microsoft -- internet_explorer

Microsoft Internet Explorer 11 allows

remote attackers to execute arbitrary
code or cause a denial of service
(memory corruption) via a crafted web
site, aka "Internet Explorer Memory
Corruption Vulnerability," a
different vulnerability than CVE-20152383 and CVE-2015-2425.

microsoft -- internet_explorer

Microsoft Internet Explorer 6 through 11

allows remote attackers to execute
arbitrary code or cause a denial of
service (memory corruption) via a crafted
CVE-20152015-07web site, aka "Internet Explorer Memory
9.3 2385
14
CorruptionVulnerability," a
MS
different vulnerability than CVE-20152390, CVE-2015-2397, CVE-2015-2404,
CVE-2015-2406, and CVE-2015-2422.

microsoft -- windows_2003_server

ATMFD.DLL in the Adobe Type Manager

Font Driver in Microsoft Windows Server
2003 SP2, Windows Vista SP2, Windows
Server 2008 SP2 and R2 SP1, Windows
CVE-20157 SP1, Windows 8, Windows 8.1,
2015-077.2 2387
Windows Server 2012 Gold and R2, and
14
MS
Windows RT Gold and 8.1 allows local
users to gain privileges via a crafted
application, aka "ATMFD.DLL Memory
CorruptionVulnerability."

microsoft -- internet_explorer

Microsoft Internet Explorer 8 and 9

CVE-20152015-079.3 2384
14
MS

2015-07- 9.3 CVE-2015-

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

allows remote attackers to execute

arbitrary code or cause a denial of
service (memory corruption) via a crafted
web site, aka "Internet Explorer Memory
CorruptionVulnerability," a
different vulnerability than CVE-20151738.

14

2388
MS

microsoft -- internet_explorer

Microsoft Internet Explorer 10 and 11

allows remote attackers to execute
arbitrary code or cause a denial of
CVE-2015service (memory corruption) via a crafted 2015-079.3 2389
web site, aka "Internet Explorer Memory
14
MS
CorruptionVulnerability," a
different vulnerability than CVE-20151733 and CVE-2015-2411.

microsoft -- internet_explorer

Microsoft Internet Explorer 6 through 11

allows remote attackers to execute
arbitrary code or cause a denial of
service (memory corruption) via a crafted
CVE-20152015-07web site, aka "Internet Explorer Memory
9.3 2390
14
CorruptionVulnerability," a
MS
different vulnerability than CVE-20152385, CVE-2015-2397, CVE-2015-2404,
CVE-2015-2406, and CVE-2015-2422.

microsoft -- internet_explorer

Microsoft Internet Explorer 9 allows

remote attackers to execute arbitrary
code or cause a denial of service
(memory corruption) via a crafted web
site, aka "Internet Explorer Memory
Corruption Vulnerability."

CVE-20152015-079.3 2391
14
MS

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

microsoft -- internet_explorer

Microsoft Internet Explorer 6 through 11

allows remote attackers to execute
arbitrary code or cause a denial of
service (memory corruption) via a crafted
CVE-20152015-07web site, aka "Internet Explorer Memory
9.3 2397
14
CorruptionVulnerability," a
MS
different vulnerability than CVE-20152385, CVE-2015-2390, CVE-2015-2404,
CVE-2015-2406, and CVE-2015-2422.

microsoft -- internet_explorer

Microsoft Internet Explorer 9 through 11

allows remote attackers to execute
arbitrary code or cause a denial of
CVE-2015service (memory corruption) via a crafted 2015-079.3 2401
web site, aka "Internet Explorer Memory
14
MS
CorruptionVulnerability," a
different vulnerability than CVE-20151767 and CVE-2015-2408.

microsoft -- internet_explorer

Microsoft Internet Explorer 8 allows

remote attackers to execute arbitrary
code or cause a denial of service
(memory corruption) via a crafted web
site, aka "Internet Explorer Memory
Corruption Vulnerability."

microsoft -- internet_explorer

CVE-20152015-079.3 2403
14
MS

Microsoft Internet Explorer 6 through 11 2015-07- 9.3 CVE-2015allows remote attackers to execute
14
2404
arbitrary code or cause a denial of
MS
service (memory corruption) via a crafted
web site, aka "Internet Explorer Memory
CorruptionVulnerability," a
different vulnerability than CVE-2015-

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

2385, CVE-2015-2390, CVE-2015-2397,

CVE-2015-2406, and CVE-2015-2422.

microsoft -- internet_explorer

Microsoft Internet Explorer 6 through 11

allows remote attackers to execute
arbitrary code or cause a denial of
service (memory corruption) via a crafted
CVE-20152015-07web site, aka "Internet Explorer Memory
9.3 2406
14
CorruptionVulnerability," a
MS
different vulnerability than CVE-20152385, CVE-2015-2390, CVE-2015-2397,
CVE-2015-2404, and CVE-2015-2422.

microsoft -- internet_explorer

Microsoft Internet Explorer 9 through 11

allows remote attackers to execute
arbitrary code or cause a denial of
CVE-2015service (memory corruption) via a crafted 2015-079.3 2408
web site, aka "Internet Explorer Memory
14
MS
CorruptionVulnerability," a
different vulnerability than CVE-20151767 and CVE-2015-2401.

microsoft -- internet_explorer

Microsoft Internet Explorer 10 and 11

allows remote attackers to execute
arbitrary code or cause a denial of
CVE-2015service (memory corruption) via a crafted 2015-079.3 2411
web site, aka "Internet Explorer Memory
14
MS
CorruptionVulnerability," a
different vulnerability than CVE-20151733 and CVE-2015-2389.

microsoft -- excel

Microsoft Excel 2007 SP3, Excel 2010

SP2, Excel 2013 SP1, Excel 2013 RT

2015-07- 9.3 CVE-201514

2415

Primary
Vendor -- Product

Description
SP1, and Office Compatibility Pack SP3
allow remote attackers to execute
arbitrary code or cause a denial of
service (memory corruption) via a crafted
Office document, aka "Microsoft Office
Memory CorruptionVulnerability."

Published

CVSS Source &

Score Patch Info

MS

microsoft -- internet_explorer

JScript 9 in Microsoft Internet Explorer 10

and 11 allows remote attackers to
CVE-2015execute arbitrary code or cause a denial 2015-079.3 2419
of service (memory corruption) via a
14
MS
crafted web site, aka "JScript9 Memory
CorruptionVulnerability."

microsoft -- internet_explorer

Microsoft Internet Explorer 6 through 11

allows remote attackers to execute
arbitrary code or cause a denial of
service (memory corruption) via a crafted
CVE-20152015-07web site, aka "Internet Explorer Memory
9.3 2422
14
CorruptionVulnerability," a
MS
different vulnerability than CVE-20152385, CVE-2015-2390, CVE-2015-2397,
CVE-2015-2404, and CVE-2015-2406.

microsoft -- powerpoint

Microsoft PowerPoint 2007 SP3, Word

2007 SP3, PowerPoint 2010 SP2, Word
2010 SP2, PowerPoint 2013 SP1, Word
2013 SP1, and PowerPoint 2013 RT SP1
CVE-20152015-07allow remote attackers to execute
9.3 2424
14
arbitrary code or cause a denial of
MS
service (memory corruption) via a crafted
Office document, aka "Microsoft Office
Memory Corruption Vulnerability."

Primary
Vendor -- Product

Description

Published

CVSS Source &

Score Patch Info

microsoft -- internet_explorer

Microsoft Internet Explorer 11 allows

remote attackers to execute arbitrary
code or cause a denial of service
(memory corruption) via a crafted web
site, aka "Internet Explorer Memory
Corruption Vulnerability," a
different vulnerability than CVE-20152383 and CVE-2015-2384.

oracle -- jdk

Unspecified vulnerability in Oracle Java

SE 6u95, 7u80, and 8u45, and Java SE
Embedded 7u75 and 8u33 allows remote
CVE-2015attackers to affect confidentiality,
2015-0710.0 2590
integrity, and availability via unknown
16
CONFIRM
vectors related to Libraries, a
different vulnerability than CVE-20154732.

oracle -- fusion_middleware

Unspecified vulnerability in the Oracle

Access Manager component in Oracle
CVE-2015Fusion Middleware 11.1.2.2 allows
2015-077.1 2593
remote authenticated users to affect
16
CONFIRM
confidentiality and integrity via unknown
vectors related to Configuration Service.

oracle -- jdk

Unspecified vulnerability in Oracle Java

SE 7u80 and 8u45 allows local users to
affect confidentiality, integrity, and
availability via unknown vectors related
to Install.

CVE-20152015-077.2 2597
16
CONFIRM

Unspecified vulnerability in the Oracle

Endeca Information Discovery Studio

2015-07- 7.5 CVE-201516

2602

oracle -- fusion_middleware

CVE-20152015-079.3 2425
14
MS

Primary
Vendor -- Product

Description
component in Oracle Fusion Middleware
2.2.2, 2.3, 2.4, 3.0, and 3.1 allows
remote attackers to affect confidentiality,
integrity, and availability via unknown
vectors related to Integrator , a
different vulnerability than CVE-20152603, CVE-2015-2604, CVE-2015-2605,
CVE-2015-2606, and CVE-2015-4745.

Published

CVSS Source &

Score Patch Info

CONFIRM

oracle -- fusion_middleware

Unspecified vulnerability in the Oracle

Endeca Information Discovery Studio
component in Oracle Fusion Middleware
2.2.2, 2.3, 2.4, 3.0, and 3.1 allows
CVE-2015remote attackers to affect confidentiality, 2015-077.5 2603
integrity, and availability via unknown
16
CONFIRM
vectors related to Integrator, a
different vulnerability than CVE-20152602, CVE-2015-2604, CVE-2015-2605,
CVE-2015-2606, and CVE-2015-4745.

oracle -- fusion_middleware

Unspecified vulnerability in the Oracle

Endeca Information Discovery Studio
component in Oracle Fusion Middleware
2.2.2, 2.3, 2.4, 3.0, and 3.1 allows
CVE-2015remote attackers to affect confidentiality, 2015-077.5 2604
integrity, and availability via unknown
16
CONFIRM
vectors related to Integrator, a
different vulnerability than CVE-20152602, CVE-2015-2603, CVE-2015-2605,
CVE-2015-2606, and CVE-2015-4745.

oracle -- fusion_middleware

Unspecified vulnerability in the Oracle

Endeca Information Discovery Studio

2015-07- 7.5 CVE-201516

2605

Primary
Vendor -- Product

Description
component in Oracle Fusion Middleware
2.2.2, 2.3, 2.4, 3.0, and 3.1 allows
remote attackers to affect confidentiality,
integrity, and availability via unknown
vectors related to Integrator, a
different vulnerability than CVE-20152602, CVE-2015-2603, CVE-2015-2604,
CVE-2015-2606, and CVE-2015-4745.

Published

CVSS Source &

Score Patch Info

CONFIRM

oracle -- fusion_middleware

Unspecified vulnerability in the Oracle

Endeca Information Discovery Studio
component in Oracle Fusion Middleware
2.2.2, 2.3, 2.4, 3.0, and 3.1 allows
CVE-2015remote attackers to affect confidentiality, 2015-077.5 2606
integrity, and availability via unknown
16
CONFIRM
vectors related to Integrator, a
different vulnerability than CVE-20152602, CVE-2015-2603, CVE-2015-2604,
CVE-2015-2605, and CVE-2015-4745.

oracle -- jdk

Unspecified vulnerability in Oracle Java

SE 6u95, 7u80, and 8u45, and Java SE
Embedded 7u75 and 8u33 allows remote
attackers to affect confidentiality, integ