CVE-2015-2508
published 2015-09-09CVE-2015-2508: The Adobe Type Manager Library in Microsoft Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege…
PriorityP337high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
3.93%
89.1th percentile
The Adobe Type Manager Library in Microsoft Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability."
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode()
bugzilla·2016-01-25·CVSS 6.5
CVE-2015-8784 [MEDIUM] CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode()
CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode()
A flaw was discovered in a way libtiff decodes special data. A potential out-of-bounds write could occur for specifically crafted images.
External bug report:
http://bugzilla.maptools.org/show_bug.cgi?id=2508
CVE assignment:
http://seclists.org/oss-sec/2016/q1/191
Upstream fix:
https://github.com/vadz/libtiff/commit/b18012dae552f85dcc5c57d3bf4e997a15b1cc1c
Discussion:
Created libtiff tracking bugs for this issue:
Affects: fedora-all [bug 1301653]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Via RHSA-2016:1547 https://rhn.redhat.com/errata/RHSA-2016-1547.html
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2016:1546 https://r
Bugzilla
CVE-2015-5006 IBM JDK: local disclosure of kerberos credentials cache
bugzilla·2015-11-16·CVSS 2.1
CVE-2015-5006 [LOW] CVE-2015-5006 IBM JDK: local disclosure of kerberos credentials cache
CVE-2015-5006 IBM JDK: local disclosure of kerberos credentials cache
An information leak flaw was found in the IBM JDK Java Security Components. Upstream security bulletin describes the issue as:
IBM Java Security Components could allow an attacker with physical access to the system to obtain sensitive information from the Kerberos Credential Cache.
References:
http://www-01.ibm.com/support/docview.wss?uid=swg21969225
http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2015
Discussion:
This issue has been addressed in the following products:
Supplementary for Red Hat Enterprise Linux 6
Supplementary for Red Hat Enterprise Linux 5
Via RHSA-2015:2508 https://rhn.redhat.com/errata/RHSA-2015-2508.html
---
This issue has been addressed in the following pro
http://www.securityfocus.com/bid/76592http://www.securitytracker.com/id/1033485https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-097https://www.exploit-db.com/exploits/38198/http://www.securityfocus.com/bid/76592http://www.securitytracker.com/id/1033485https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-097https://www.exploit-db.com/exploits/38198/
2015-09-09
Published