Category Archives: US-CERT

US-CERT Alerts – Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

Microsoft Releases June 2016 Security Bulletin

Original release date: June 14, 2016

Microsoft has released 16 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the following Microsoft Security Bulletins MS16-063 through MS16-082 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Adobe Releases Security Updates

Original release date: June 14, 2016

Adobe has released security updates to address vulnerabilities in DNG Software Development Kit (SDK), Brackets, Creative Cloud Desktop Application and Cold Fusion. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review Adobe Security Bulletins APSB16-19, APSB16-20, APSB16-21 and APSB16-22 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

SB16-165: Vulnerability Summary for the Week of June 6, 2016

Original release date: June 13, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ansibleworks — ansible The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory. 2016-06-03 7.2 CVE-2016-3096
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM
CONFIRM
FEDORA
FEDORA
FEDORA
FEDORA
FEDORA
apache — james_server Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors. 2016-06-07 9.3 CVE-2015-7611
CONFIRM
BUGTRAQ
MLIST
MLIST
MISC
apache — struts Apache Struts 2.3.20.x before 2.3.20.3, 2.3.24.x before 2.3.24.3, and 2.3.28.x before 2.3.28.1, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin. 2016-06-07 7.5 CVE-2016-3087
SECTRACK
CONFIRM
chef — chef_manage The Chef Manage (formerly opscode-manage) add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie. 2016-06-09 7.5 CVE-2016-4326
CERT-VN
cisco — prime_network_analysis_module_software Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow local users to obtain root access via crafted CLI input, aka Bug ID CSCuy21892. 2016-06-03 7.2 CVE-2016-1390
CISCO
cisco — ip_phone_8800_series_firmware CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005. 2016-06-04 7.2 CVE-2016-1403
CISCO
cisco — aironet_access_point_software_ Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, 1850i, 2800, and 3800 access points allows local users to obtain Linux root access via crafted CLI command parameters, aka Bug ID CSCuy64037. 2016-06-08 7.2 CVE-2016-1418
CISCO
cisco — application_infrastructure_controller The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347. 2016-06-09 7.2 CVE-2016-1420
CISCO
criu — criu The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path. 2016-06-07 7.2 CVE-2015-5228
MLIST
CONFIRM
MLIST
SUSE
doctrine-project — annotations Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code. 2016-06-07 7.2 CVE-2015-5723
CONFIRM
DEBIAN
CONFIRM
emc — networker EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance. 2016-06-09 10.0 CVE-2016-0916
BUGTRAQ
freetype — freetype The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font. 2016-06-07 7.5 CVE-2014-9746
MISC
MLIST
MLIST
DEBIAN
CONFIRM
ge — multilink_firmware General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface. 2016-06-09 10.0 CVE-2016-2310
MISC
gnu — glibc Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets. 2016-06-10 7.5 CVE-2016-4429
CONFIRM
CONFIRM
SUSE
hp — systems_insight_manager HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030. 2016-06-08 7.7 CVE-2016-2019
CONFIRM
hp — systems_insight_manager HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030. 2016-06-08 8.5 CVE-2016-2020
CONFIRM
hp — systems_insight_manager HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2022, and CVE-2016-2030. 2016-06-08 7.7 CVE-2016-2021
CONFIRM
hp — insight_contol HPE Insight Control before 7.5.1 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors. 2016-06-08 7.5 CVE-2016-2024
CONFIRM
hp — matrix_operating_environment HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2028. 2016-06-08 7.5 CVE-2016-4357
CONFIRM
hp — loadrunner HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors, aka ZDI-CAN-3516. 2016-06-08 7.5 CVE-2016-4359
CONFIRM
hp — insight_control_server_deployment HPE Insight Control server deployment allows local users to gain privileges via unspecified vectors. 2016-06-08 7.2 CVE-2016-4364
CONFIRM
hp — systems_insight_manager HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors. 2016-06-08 7.5 CVE-2016-4366
CONFIRM
hp — universal_cmbd_configuration_manager HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21, and Universal Discovery 10.0 through 10.21 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. 2016-06-08 7.5 CVE-2016-4368
CONFIRM
imagemagick — imagemagick The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. 2016-06-04 7.5 CVE-2016-4564
CONFIRM
CONFIRM
lenovo — accelerator_application UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com. 2016-06-03 9.3 CVE-2016-3944
CONFIRM
MISC
medhost — perioperative_information_management_system MEDHOST Perioperative Information Management System (aka PIMS or VPIMS) before 2015R1 has hardcoded credentials, which makes it easier for remote attackers to obtain sensitive information via direct requests to the application database server. 2016-06-09 10.0 CVE-2016-4328
CERT-VN
redhat — openshift Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image. 2016-06-08 9.0 CVE-2016-2160
CONFIRM
CONFIRM
REDHAT
spice_project — spice Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter. 2016-06-07 7.2 CVE-2015-5260
CONFIRM
UBUNTU
DEBIAN
REDHAT
REDHAT
MLIST
spice_project — spice The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow. 2016-06-09 10.0 CVE-2016-0749
REDHAT
REDHAT
DEBIAN
symantec — critical_system_protection Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary code via unspecified vectors. 2016-06-08 7.7 CVE-2015-8798
CONFIRM
BID
symantec — critical_system_protection Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to write update-package data to arbitrary agent locations via unspecified vectors. 2016-06-08 7.1 CVE-2015-8799
CONFIRM
BID
videolan — vlc_media_player Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file. 2016-06-08 7.5 CVE-2016-5108
CONFIRM
SECTRACK
DEBIAN
xmlsoft — libxml2 Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. 2016-06-09 10.0 CVE-2016-4448
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
zend — zend_framework The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query. 2016-06-07 7.5 CVE-2015-7695
MLIST
MLIST
MLIST
DEBIAN
CONFIRM

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
7-zip — 7zip The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file. 2016-06-07 6.8 CVE-2016-2335
MISC
SUSE
apache — struts Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors. 2016-06-07 5.0 CVE-2016-3093
SECTRACK
CONFIRM
apache — shiro Apache Shiro before 1.2.5, when a cipher key has not been configured for the “remember me” feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter. 2016-06-07 6.8 CVE-2016-4437
BUGTRAQ
MISC
cisco — prime_network_analysis_module_software Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) allow remote authenticated users to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21889. 2016-06-03 6.5 CVE-2016-1391
CISCO
cisco — email_security_appliance libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug ID CSCuv78533. 2016-06-08 5.0 CVE-2016-1405
MISC
CISCO
cisco — aironet_access_point_software Cisco Access Point devices with software 8.2(102.43) allow remote attackers to cause a denial of service (device reload) via crafted ARP packets, aka Bug ID CSCuy55803. 2016-06-09 6.8 CVE-2016-1419
CISCO
cisco — ip_phone_8800_series_firmware The web application on Cisco IP 8800 devices allows remote attackers to cause a denial of service (out-of-bounds memory access and web-server outage) via a crafted request, aka Bug ID CSCuz03034. 2016-06-09 5.0 CVE-2016-1421
CISCO
emc — isilon_onefs EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges. 2016-06-03 6.8 CVE-2016-0908
BUGTRAQ
emc — data_domain_os EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors. 2016-06-09 4.3 CVE-2016-0910
BUGTRAQ
epoch — web_mailing_list Cross-site scripting (XSS) vulnerability in Epoch Web Mailing List 0.31 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-06-04 4.3 CVE-2016-1211
CONFIRM
JVNDB
JVN
f5 — big-ip_access_policy_manager Virtual servers in F5 BIG-IP 11.5.4, when SSL profiles are enabled, allow remote attackers to cause a denial of service (resource consumption and Traffic Management Microkernel restart) via an SSL alert during the handshake. 2016-06-07 5.0 CVE-2016-4545
CONFIRM
SECTRACK
freetype — freetype The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font. 2016-06-07 5.0 CVE-2014-9747
MISC
MLIST
MLIST
DEBIAN
CONFIRM
futomi — mp_form_mail_cgi Directory traversal vulnerability in futomi MP Form Mail CGI Professional Edition 3.2.3 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors. 2016-06-04 4.0 CVE-2016-1212
CONFIRM
JVNDB
JVN
gnu — glibc Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458. 2016-06-10 5.0 CVE-2016-3706
CONFIRM
CONFIRM
SUSE
google — chrome The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vectors. 2016-06-05 6.8 CVE-2016-1672
CONFIRM
CONFIRM
CONFIRM
google — chrome Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. 2016-06-05 6.8 CVE-2016-1673
CONFIRM
CONFIRM
google — chrome The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors. 2016-06-05 6.8 CVE-2016-1674
CONFIRM
CONFIRM
google — chrome Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp. 2016-06-05 6.8 CVE-2016-1675
CONFIRM
CONFIRM
CONFIRM
google — chrome extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. 2016-06-05 6.8 CVE-2016-1676
CONFIRM
CONFIRM
CONFIRM
google — chrome uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging “type confusion.” 2016-06-05 4.3 CVE-2016-1677
CONFIRM
CONFIRM
CONFIRM
google — chrome objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JavaScript code. 2016-06-05 6.8 CVE-2016-1678
CONFIRM
CONFIRM
CONFIRM
google — chrome The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code. 2016-06-05 6.8 CVE-2016-1679
CONFIRM
CONFIRM
CONFIRM
google — chrome Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via unknown vectors. 2016-06-05 6.8 CVE-2016-1680
CONFIRM
CONFIRM
CONFIRM
google — chrome Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. 2016-06-05 6.8 CVE-2016-1681
CONFIRM
CONFIRM
CONFIRM
google — chrome The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a ServiceWorker registration. 2016-06-05 4.3 CVE-2016-1682
CONFIRM
CONFIRM
CONFIRM
google — chrome numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document. 2016-06-05 5.1 CVE-2016-1683
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google — chrome numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document. 2016-06-05 5.1 CVE-2016-1684
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google — chrome core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document. 2016-06-05 4.3 CVE-2016-1685
CONFIRM
CONFIRM
CONFIRM
google — chrome The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document. 2016-06-05 4.3 CVE-2016-1686
CONFIRM
CONFIRM
CONFIRM
google — chrome The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors related to extensions. 2016-06-05 4.3 CVE-2016-1687
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google — chrome The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code. 2016-06-05 4.3 CVE-2016-1688
CONFIRM
CONFIRM
CONFIRM
google — chrome Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site. 2016-06-05 4.3 CVE-2016-1689
CONFIRM
CONFIRM
CONFIRM
google — chrome The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1701. 2016-06-05 5.1 CVE-2016-1690
CONFIRM
CONFIRM
CONFIRM
google — chrome Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincidence runs, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted curves, related to SkOpCoincidence.cpp and SkPathOpsCommon.cpp. 2016-06-05 5.1 CVE-2016-1691
CONFIRM
CONFIRM
CONFIRM
google — chrome WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. 2016-06-05 4.3 CVE-2016-1692
CONFIRM
CONFIRM
CONFIRM
google — chrome browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority. 2016-06-05 4.3 CVE-2016-1694
CONFIRM
CONFIRM
CONFIRM
google — chrome Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2016-06-05 6.8 CVE-2016-1695
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google — chrome The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. 2016-06-05 6.8 CVE-2016-1696
CONFIRM
CONFIRM
CONFIRM
google — chrome The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. 2016-06-05 6.8 CVE-2016-1697
CONFIRM
CONFIRM
CONFIRM
google — chrome The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition. 2016-06-05 4.3 CVE-2016-1698
CONFIRM
CONFIRM
CONFIRM
google — chrome WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL. 2016-06-05 4.3 CVE-2016-1699
CONFIRM
CONFIRM
CONFIRM
google — chrome extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to extensions. 2016-06-05 5.1 CVE-2016-1700
CONFIRM
CONFIRM
CONFIRM
google — chrome The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1690. 2016-06-05 6.8 CVE-2016-1701
CONFIRM
CONFIRM
CONFIRM
google — chrome The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data. 2016-06-05 4.3 CVE-2016-1702
CONFIRM
CONFIRM
CONFIRM
google — chrome Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2016-06-05 6.8 CVE-2016-1703
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
hp — systems_insight_manager HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030. 2016-06-08 5.5 CVE-2016-2017
CONFIRM
hp — systems_insight_manager HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors. 2016-06-08 6.4 CVE-2016-2018
CONFIRM
hp — systems_insight_manager HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2030. 2016-06-08 4.7 CVE-2016-2022
CONFIRM
hp — matrix_operating_environment HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2027. 2016-06-08 5.0 CVE-2016-2026
CONFIRM
hp — matrix_operating_environment HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2026. 2016-06-08 5.0 CVE-2016-2027
CONFIRM
hp — matrix_operating_environment HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4357. 2016-06-08 5.5 CVE-2016-2028
CONFIRM
hp — matrix_operating_environment HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4358. 2016-06-08 6.4 CVE-2016-2029
CONFIRM
hp — systems_insight_manager HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2022. 2016-06-08 5.5 CVE-2016-2030
CONFIRM
hp — matrix_operating_environment HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2029. 2016-06-08 4.8 CVE-2016-4358
CONFIRM
hp — loadrunner HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow remote attackers to modify data or cause a denial of service via unspecified vectors, aka ZDI-CAN-3555. 2016-06-08 6.4 CVE-2016-4360
CONFIRM
hp — loadrunner HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow remote attackers to cause a denial of service via unspecified vectors. 2016-06-08 5.0 CVE-2016-4361
CONFIRM
hp — insight_control_server_deployment HPE Insight Control server deployment allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. 2016-06-08 5.5 CVE-2016-4362
CONFIRM
hp — insight_control_server_deployment HPE Insight Control server deployment allows remote attackers to modify data via unspecified vectors. 2016-06-08 4.3 CVE-2016-4363
CONFIRM
hp — insight_control_server_deployment HPE Insight Control server deployment allows remote attackers to obtain sensitive information via unspecified vectors. 2016-06-08 5.0 CVE-2016-4365
CONFIRM
hp — universal_cmbd_foundation The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 allows remote attackers to obtain sensitive information via unspecified vectors. 2016-06-08 5.0 CVE-2016-4367
CONFIRM
hp — discovery_and_dependency_mapping_inventory HPE Discovery and Dependency Mapping Inventory (DDMi) 9.30, 9.31, 9.32, 9.32 update 1, 9.32 update 2, and 9.32 update 3 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. 2016-06-08 6.5 CVE-2016-4369
CONFIRM
hp — project_and_portfolio_management_center HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before 9.32.0002 allows remote authenticated users to execute arbitrary commands or obtain sensitive information via unspecified vectors. 2016-06-09 6.5 CVE-2016-4370
CONFIRM
ibm — java_sdk The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods. 2016-06-06 6.4 CVE-2015-5041
CONFIRM
AIXAPAR
SUSE
SUSE
SUSE
SUSE
ibm — java_sdk The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009. 2016-06-03 6.8 CVE-2016-0363
MISC
CONFIRM
AIXAPAR
FULLDISC
FULLDISC
REDHAT
REDHAT
SUSE
SUSE
SUSE
SUSE
SUSE
ibm — java_sdk The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456. 2016-06-03 5.1 CVE-2016-0376
BUGTRAQ
MISC
CONFIRM
AIXAPAR
FULLDISC
REDHAT
REDHAT
SUSE
SUSE
SUSE
SUSE
SUSE
idera — uptime_infrastructure_monitor The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors. 2016-06-09 5.0 CVE-2015-8268
CERT-VN
CONFIRM
CONFIRM
imagemagick — imagemagick The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. 2016-06-04 6.8 CVE-2016-4562
CONFIRM
CONFIRM
imagemagick — imagemagick The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. 2016-06-04 6.8 CVE-2016-4563
CONFIRM
CONFIRM
katello — katello Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter. 2016-06-07 6.5 CVE-2016-3072
CONFIRM
CONFIRM
REDHAT
kmc_controls — bac-5051e_firmware Cross-site request forgery (CSRF) vulnerability on KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allows remote attackers to hijack the authentication of unspecified victims for requests that disclose the contents of a configuration file. 2016-06-09 6.8 CVE-2016-4494
MISC
kobe-beauty — php-contact-form Cross-site scripting (XSS) vulnerability in Kobe Beauty php-contact-form before 2016-05-18 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. 2016-06-04 4.3 CVE-2016-1222
CONFIRM
CONFIRM
JVNDB
JVN
markdown_on_saved_improved_project — markdown_on_saved_improved Cross-site scripting (XSS) vulnerability in the Markdown on Save Improved plugin before 2.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-06-04 4.3 CVE-2016-4812
CONFIRM
JVNDB
JVN
nginx — nginx os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. 2016-06-07 5.0 CVE-2016-4450
UBUNTU
SECTRACK
DEBIAN
MLIST
ntt — webarena_service_formmail Cross-site scripting (XSS) vulnerability in NTT PC Communications WebARENA Service formmail before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-06-04 4.3 CVE-2016-1230
CONFIRM
CONFIRM
CONFIRM
JVNDB
JVN
python — python The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. 2016-06-07 4.3 CVE-2013-7440
CONFIRM
CONFIRM
CONFIRM
REDHAT
MLIST
MLIST
redhat — gluster_storage_management_console The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined. 2016-06-07 4.0 CVE-2014-8177
CONFIRM
MLIST
REDHAT
REDHAT
redhat — openshift Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace. 2016-06-08 4.0 CVE-2016-2149
REDHAT
redhat — openshift Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary. 2016-06-08 5.5 CVE-2016-3708
REDHAT
redhat — openshift Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod. 2016-06-08 6.5 CVE-2016-3738
REDHAT
symantec — critical_system_protection SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2016-06-08 6.5 CVE-2015-8157
CONFIRM
BID
symantec — critical_system_protection Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access. 2016-06-08 4.9 CVE-2015-8800
CONFIRM
BID
trihedral — vtscada The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors. 2016-06-09 6.4 CVE-2016-4510
MISC
trihedral — vtscada The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors. 2016-06-09 5.0 CVE-2016-4523
MISC
trihedral — vtscada Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname. 2016-06-09 6.4 CVE-2016-4532
MISC
vmware — vcenter_server Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Windows allows remote attackers to inject arbitrary web script or HTML via a Flash parameter. 2016-06-08 4.3 CVE-2016-2078
CONFIRM
xen — xen The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore. 2016-06-07 6.8 CVE-2016-4962
CONFIRM
SECTRACK
xen — xen The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS crash) by creating concurrent domains and holding references to them, related to VMID exhaustion. 2016-06-07 4.9 CVE-2016-5242
CONFIRM
SECTRACK
xmlsoft — libxml2 The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. 2016-06-09 5.0 CVE-2016-4447
DEBIAN
CONFIRM
CONFIRM
UBUNTU
MLIST
xmlsoft — libxml2 XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. 2016-06-09 5.8 CVE-2016-4449
DEBIAN
CONFIRM
CONFIRM
UBUNTU
MLIST

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
canonical — lxd LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors. 2016-06-09 2.1 CVE-2016-1581
CONFIRM
UBUNTU
canonical — lxd LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors. 2016-06-09 2.1 CVE-2016-1582
CONFIRM
UBUNTU
criu — criu The service daemon in CRIU does not properly restrict access to non-dumpable processes, which allows local users to obtain sensitive information via (1) process dumps or (2) ptrace access. 2016-06-07 2.1 CVE-2015-5231
MLIST
CONFIRM
MLIST
SUSE
google — chrome browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chrome_cleanup_tool.exe (aka CCT) file via a man-in-the-middle attack on an HTTP session. 2016-06-05 2.6 CVE-2016-1693
CONFIRM
CONFIRM
CONFIRM
humhub — humhub Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2016-06-04 3.5 CVE-2016-1229
CONFIRM
JVNDB
JVN
redhat — openshift Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file. 2016-06-08 2.1 CVE-2016-2142
REDHAT
redhat — openshift Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter. 2016-06-08 3.5 CVE-2016-3703
REDHAT
REDHAT
redhat — openshift HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the “OPENSHIFT_[namespace]_SERVERID” cookie. 2016-06-08 2.1 CVE-2016-3711
CONFIRM
REDHAT
spice_project — spice Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation. 2016-06-07 3.6 CVE-2015-5261
CONFIRM
UBUNTU
MLIST
DEBIAN
REDHAT
REDHAT
MLIST
spice_project — spice SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261. 2016-06-09 3.6 CVE-2016-2150
CONFIRM
REDHAT
REDHAT
DEBIAN
xen — xen The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore. 2016-06-07 1.9 CVE-2016-4963
CONFIRM
SECTRACK

Back to top

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abb — pcm600 ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords in unspecified temporary circumstances, which allows local users to obtain sensitive information via unknown vectors. 2016-06-09 not yet calculated CVE-2016-4524
MISC
abb — pcm600 ABB PCM600 before 2.7 improperly stores PCM600 authentication credentials, which allows local users to obtain sensitive information via unspecified vectors. 2016-06-09 not yet calculated CVE-2016-4527
MISC
abb — pcm600 ABB PCM600 before 2.7 improperly stores the main application password after a password change, which allows local users to obtain sensitive information via unspecified vectors. 2016-06-09 not yet calculated CVE-2016-4516
MISC
abb — pcm600 ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to the ACTConfig configuration file. 2016-06-09 not yet calculated CVE-2016-4511
MISC
apache — cloudstack Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin. 2016-06-10 not yet calculated CVE-2016-3085
BUGTRAQ
MISC
huawei — mate_8_smartphone Huawei Mate 8 smartphones with software NXT-AL10 before NXT-AL10C00B182, NXT-CL00 before NXT-CL00C92B182, NXT-DL00 before NXT-DL00C17B182, and NXT-TL00 before NXT-TL00C01B182 allow remote base stations to obtain sensitive subscriber signal strength information via vectors involving improper security status verification, aka HWPSIRT-2015-12007. 2016-06-10 not yet calculated CVE-2016-5233
CONFIRM
imagemagick — graphicsmagick The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. 2016-06-10 not yet calculated CVE-2016-5118
SECTRACK
SECTRACK
MLIST
MLIST
DEBIAN
SUSE
SUSE
SUSE
CONFIRM
CONFIRM
CONFIRM
kmc_controls — bac-551e KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow remote attackers to bypass intended access restrictions and read a configuration file via unspecified vectors. 2016-06-09 not yet calculated CVE-2016-4495
MISC
puppet — puppet_agent The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate. 2016-06-10 not yet calculated CVE-2016-2786
GENTOO
CONFIRM
puppet — ruby_puppetmaster Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding. 2016-06-10 not yet calculated CVE-2016-2785
GENTOO
CONFIRM
CONFIRM
xmlsoft — xmlmapper XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors. 2016-06-10 not yet calculated CVE-2016-3720
FEDORA

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

VMware Releases Security Updates

Original release date: June 10, 2016

VMware has released security updates to address vulnerabilities in NSX, vCNS and vRealize Log Insight. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review VMware Security Advisories VMSA-2016-0007 and VMSA-2016-0008 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Increased Risks from Macro-Based Malware

Original release date: June 09, 2016

Microsoft Office applications use macros to automate routine tasks. However, macros can contain malicious code that can be used to exploit vulnerable systems. Recently, there has been a resurgence of malware that is spread via macros. Individuals and organizations should proactively secure systems against macro-based malware.

Users and administrators are encouraged to review CERT’s article on the resurgence of macro exploitation and apply recommendations outlined in CERT Australia’s report on macro security.


This product is provided subject to this Notification and this Privacy & Use policy.

Symantec Releases Security Updates

Original release date: June 07, 2016

Symantec has released security updates to address vulnerabilities in multiple products. Exploitation of some of these vulnerabilities may allow an attacker to take control of an affected system.

US-CERT encourages users and administrators to review Symantec Security Advisory SYM16-009 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Mozilla Releases Security Updates

Original release date: June 07, 2016

The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Network Security Services (NSS). Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

Available updates include:

  • Firefox 47
  • Firefox ESR 45.2
  • NSS 3.23

Users and administrators are encouraged to review the Security Advisories for Firefox, Firefox ESR, and NSS 2016-62 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

SB16-158: Vulnerability Summary for the Week of May 30, 2016

Original release date: June 06, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — connect Untrusted search path vulnerability in the add-in installer in Adobe Connect before 9.5.3 on Windows allows local users to gain privileges via unspecified vectors. 2016-05-29 7.2 CVE-2016-4118
CONFIRM
apache — pdfbox Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF. 2016-06-01 7.5 CVE-2016-2175
BUGTRAQ
CONFIRM
CONFIRM
MLIST
apache — activemq The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. 2016-06-01 7.5 CVE-2016-3088
MISC
MISC
SECTRACK
CONFIRM
cisco — network_analysis_module Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21882. 2016-06-02 7.5 CVE-2016-1388
CISCO
hp — release_control The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. 2016-05-29 10.0 CVE-2016-1999
HP
irz — ruh2 iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. 2016-05-29 7.5 CVE-2016-2309
MISC
moxa — edr_g903_firmware Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function. 2016-05-30 7.8 CVE-2016-0877
MISC
moxa — edr_g903_firmware Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to cause a denial of service (cold start) by sending two crafted ping requests. 2016-05-30 7.8 CVE-2016-0878
MISC
moxa — edr_g903_firmware Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL. 2016-05-30 7.8 CVE-2016-0879
MISC
resource_data_management — intuitive_650_tdb_controller Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allow remote authenticated users to modify arbitrary passwords via unspecified vectors. 2016-05-30 9.0 CVE-2016-4505
MISC
sixnet — bt-5_series_cellular_router_firmware Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors. 2016-05-30 10.0 CVE-2016-4521
MISC

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — qpid_java PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught exception. 2016-06-01 4.3 CVE-2016-3094
CONFIRM
CONFIRM
BUGTRAQ
CONFIRM
MLIST
apache — qpid_java The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging. 2016-06-01 5.0 CVE-2016-4432
CONFIRM
CONFIRM
CONFIRM
BUGTRAQ
MLIST
blackbox — alertwerks_servsensor_contact_firmware Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks ServSensor Contact with firmware before SP473 allow remote authenticated users to discover administrator and user passwords via unspecified vectors. 2016-05-29 4.0 CVE-2016-2311
MISC
cisco — network_analysis_module_software Cisco Prime Network Analysis Module (NAM) before 6.2(1-b) miscalculates IPv6 payload lengths, which allows remote attackers to cause a denial of service (mond process crash and monitoring outage) via crafted IPv6 packets, aka Bug ID CSCuy37324. 2016-06-02 5.0 CVE-2016-1370
CISCO
cisco — adaptive_security_appliance_software Cisco Adaptive Security Appliance (ASA) Software 9.0 through 9.5.1 mishandles IPsec error processing, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted (1) LAN-to-LAN or (2) Remote Access VPN tunnel packets, aka Bug ID CSCuv70576. 2016-05-27 6.8 CVE-2016-1379
CISCO
cisco — ucs_invicta_c3124sa_appliance Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers’ installations, which allows remote attackers to defeat cryptographic protection mechanisms by sniffing network traffic to an Autosupport server and leveraging knowledge of this key from another installation, aka Bug ID CSCur85504. 2016-05-29 5.0 CVE-2016-1404
CISCO
cisco — webex_meeting_center Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312. 2016-05-27 5.0 CVE-2016-1410
CISCO
cisco — firepower_management_center The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517. 2016-05-27 4.0 CVE-2016-1413
CISCO
cisco — esc_8832_data_controller Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors. 2016-05-30 6.4 CVE-2016-4501
MISC
cisco — esc_8832_data_controller Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter. 2016-05-30 5.0 CVE-2016-4502
MISC
citrix — xenapp Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors. 2016-06-01 5.0 CVE-2016-4810
CONFIRM
citrix — netscaler_gateway_11.0_firmware Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSC_TMAC cookie. 2016-06-01 4.3 CVE-2016-4945
BUGTRAQ
CONFIRM
MISC
MISC
emc — isilon_onefs EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream, a similar issue to CVE-2016-2115. 2016-05-29 4.3 CVE-2016-0907
BUGTRAQ
gnome — gdk-pixbuf Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow. 2016-06-01 6.8 CVE-2015-8875
CONFIRM
MLIST
MLIST
MLIST
DEBIAN
gnu — glibc Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name. 2016-06-01 5.0 CVE-2016-1234
CONFIRM
CONFIRM
MLIST
FEDORA
gnu — glibc Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name. 2016-06-01 5.0 CVE-2016-3075
CONFIRM
CONFIRM
UBUNTU
FEDORA
hp — service_manager HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components. 2016-05-29 5.0 CVE-2016-2025
HP
ibm — security_appscan IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before 9.0.3.2 and Security AppScan Enterprise allow remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2016-06-01 4.0 CVE-2016-0288
CONFIRM
moxa — edr_g903_firmware Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL. 2016-05-30 5.0 CVE-2016-0875
MISC
moxa — edr_g903_firmware Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file. 2016-05-30 5.0 CVE-2016-0876
MISC
moxa — miineport_e1_4641_firmware Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allows remote attackers to hijack the authentication of arbitrary users. 2016-05-30 6.8 CVE-2016-2285
MISC
moxa — miineport_e1_4641_firmware Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 have a blank default password, which allows remote attackers to obtain access via unspecified vectors. 2016-05-30 5.0 CVE-2016-2286
MISC
moxa — miineport_e1_4641_firmware Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allow remote attackers to obtain sensitive cleartext information by reading a configuration file. 2016-05-30 5.0 CVE-2016-2295
MISC
moxa — uc-7408_lx-plus Moxa UC-7408 LX-Plus devices allow remote authenticated users to write to the firmware, and consequently render a device unusable, by leveraging root access. 2016-06-01 4.9 CVE-2016-4500
MISC
qemu — qemu The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local OS guest administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command. 2016-06-01 4.6 CVE-2016-4453
MLIST
CONFIRM
MLIST
qemu — qemu Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local OS guest users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call. 2016-06-01 4.6 CVE-2016-5126
MLIST
CONFIRM
MLIST
MLIST
CONFIRM
resource_data_management — intuitive_650_tdb_controller Cross-site request forgery (CSRF) vulnerability on Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allows remote authenticated users to hijack the authentication of arbitrary users. 2016-05-30 6.0 CVE-2016-4506
MISC
sensiolabs — symfony The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors. 2016-06-01 5.0 CVE-2016-1902
CONFIRM
MISC
DEBIAN
CONFIRM
sensiolabs — symfony The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames. 2016-06-01 5.0 CVE-2016-4423
CONFIRM
CONFIRM
DEBIAN
siemens — siprotec_firmware The integrated web server in the EN100 Ethernet module before 4.27 on Siemens SIPROTEC 4 and SIPROTEC Compact devices, and the Ethernet Service Interface on SIPROTEC Compact devices, allows remote attackers to obtain sensitive information via an HTTP request. 2016-05-30 5.0 CVE-2016-4784
MISC
CONFIRM
siemens — siprotec_firmware The integrated web server in the EN100 Ethernet module before 4.27 on Siemens SIPROTEC 4 and SIPROTEC Compact devices allows remote attackers to obtain sensitive information from device memory via an HTTP request. 2016-05-30 5.0 CVE-2016-4785
MISC
CONFIRM

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
docker — docker libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. 2016-06-01 2.1 CVE-2016-3697
CONFIRM
CONFIRM
CONFIRM
CONFIRM
REDHAT
SUSE
dosfstools_project — dosfstools The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an “off-by-two error.” 2016-06-03 2.1 CVE-2015-8872
CONFIRM
CONFIRM
CONFIRM
MISC
UBUNTU
SUSE
dosfstools_project — dosfstools The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function. 2016-06-03 2.1 CVE-2016-4804
CONFIRM
CONFIRM
MISC
CONFIRM
UBUNTU
SUSE
hp — restful_interface_tool HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive information via unspecified vectors. 2016-05-29 2.1 CVE-2016-2023
HP
qemu — qemu The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local OS guest administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read. 2016-06-01 3.2 CVE-2016-4454
MLIST
CONFIRM
MLIST

Back to top

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ansible — lxc_container The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory. 2016-06-03 Not Yet Calculated CVE-2016-3096
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
FEDORA
FEDORA
FEDORA
FEDORA
FEDORA
cisco — network_analysis_module CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005. 2016-06-04 Not Yet Calculated CVE-2016-1403
CISCO
cisco — network_analysis_module Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow local users to obtain root access via crafted CLI input, aka Bug ID CSCuy21892. 2016-06-03 Not Yet Calculated CVE-2016-1390
CISCO
cisco — network_analysis_module Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) allow remote authenticated users to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21889. 2016-06-03 Not Yet Calculated CVE-2016-1391
CISCO
cisco — network_analysis_module The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in May 2016. 2016-05-29 Not Yet Calculated CVE-2016-1409
CISCO
emc_isilon — onefs_7.1 EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges. 2016-06-03 Not Yet Calculated CVE-2016-0908
BUGTRAQ
epoch — web_mailing_list_0.321 Cross-site scripting (XSS) vulnerability in Epoch Web Mailing List 0.31 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-06-04 Not Yet Calculated CVE-2016-1211
CONFIRM
JVNDB
JVN
futomi — mp_form_mail_cgi_3.2.3 Directory traversal vulnerability in futomi MP Form Mail CGI Professional Edition 3.2.3 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors. 2016-06-04 Not Yet Calculated CVE-2016-1212
CONFIRM
JVNDB
JVN
humhub — 0.20.0_beta1 Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2016-06-04 Not Yet Calculated CVE-2016-1229
CONFIRM
JVNDB
JVN
imagemagick — magickcore/draw.c The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. 2016-06-04 Not Yet Calculated CVE-2016-4562
CONFIRM
CONFIRM
imagemagick — magickcore/draw.c The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. 2016-06-04 Not Yet Calculated CVE-2016-4564
CONFIRM
CONFIRM
imagemagick — magickcore/draw.c The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. 2016-06-04 Not Yet Calculated CVE-2016-4563
CONFIRM
CONFIRM
java — ibm_sdk The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009. 2016-06-03 Not Yet Calculated CVE-2016-0363
MISC
CONFIRM
AIXAPAR
FULLDISC
FULLDISC
REDHAT
REDHAT
SUSE
SUSE
SUSE
SUSE
SUSE
java — ibm_sdk The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456. 2016-06-03 Not Yet Calculated CVE-2016-0376
BUGTRAQ
MISC
CONFIRM
AIXAPAR
FULLDISC
REDHAT
REDHAT
SUSE
SUSE
SUSE
SUSE
SUSE
kobe_beauty — php-contact_form Cross-site scripting (XSS) vulnerability in Kobe Beauty php-contact-form before 2016-05-18 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. 2016-06-04 Not Yet Calculated CVE-2016-1222
CONFIRM
CONFIRM
JVNDB
JVN
lenovo — updateagent UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com. 2016-06-03 Not Yet Calculated CVE-2016-3944
CONFIRM
MISC
ntt_pc — webarena_formail Cross-site scripting (XSS) vulnerability in NTT PC Communications WebARENA Service formmail before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-06-04 Not Yet Calculated CVE-2016-1230
CONFIRM
CONFIRM
CONFIRM
JVNDB
JVN
wordpress — save_improved_plugin Cross-site scripting (XSS) vulnerability in the Markdown on Save Improved plugin before 2.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-06-04 Not Yet Calculated CVE-2016-4812
CONFIRM
JVNDB
JVN

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

WP Mobile Detector Vulnerability

Original release date: June 03, 2016

WP Mobile Detector, a WordPress plugin, contains a vulnerability in versions prior to 3.6. Exploitation of this vulnerability could allow an attacker to take control of an affected website.

US-CERT encourages users and administrators to review the WP Mobile Detector Changelog for more information and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)

Original release date: June 03, 2016

The Network Time Foundation’s NTP Project has released version ntp-4.2.8p8 to address multiple vulnerabilities in ntpd. Exploitation of one of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.

Users and administrators are encouraged to review Vulnerability Note VU#321640 and the NTP Security Notice Page for vulnerability and mitigation details.


This product is provided subject to this Notification and this Privacy & Use policy.