US-CERT Alerts – Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.
Original release date: April 12, 2016
Microsoft has released 13 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review the following Microsoft Security Bulletins MS16-037 through MS16-050 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: April 11, 2016
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe — flash_player | Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016. | 2016-04-07 | 10.0 | CVE-2016-1019 CONFIRM CONFIRM |
| cisco — telepresence_server_software | Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE) 8710, Multiparty Media 310 and 320, and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (device reload) via malformed STUN packets, aka Bug ID CSCuv01348. | 2016-04-06 | 7.8 | CVE-2015-6312 CISCO |
| cisco — telepresence_server_software | Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565. | 2016-04-06 | 7.8 | CVE-2015-6313 CISCO |
| cisco — evolved_programmable_network_manager | Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192. | 2016-04-06 | 9.3 | CVE-2016-1291 CISCO |
| cisco — ucs_invicta_c3124sa_appliance | Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to obtain root access via unspecified vectors, aka Bug ID CSCun71294. | 2016-04-06 | 10.0 | CVE-2016-1313 CISCO |
| cisco — telepresence_server_software | The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673. | 2016-04-06 | 7.1 | CVE-2016-1346 CISCO |
| emc — documentum_d2 | EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors. | 2016-04-07 | 9.0 | CVE-2016-0888 BUGTRAQ |
| hp — asset_manager | HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | 2016-04-05 | 7.5 | CVE-2016-2000 HP |
| ibm — tivoli_storage_manager_fastback | Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8520, CVE-2015-8521, and CVE-2015-8522. | 2016-04-05 | 7.5 | CVE-2015-8519 CONFIRM |
| ibm — tivoli_storage_manager_fastback | Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8521, and CVE-2015-8522. | 2016-04-05 | 7.5 | CVE-2015-8520 CONFIRM |
| ibm — tivoli_storage_manager_fastback | Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8522. | 2016-04-05 | 7.5 | CVE-2015-8521 CONFIRM |
| ibm — tivoli_storage_manager_fastback | Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8521. | 2016-04-05 | 7.5 | CVE-2015-8522 CONFIRM |
| patterson_dental — eaglesoft | Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote attackers to obtain sensitive Dental.DB patient information via SQL statements. | 2016-04-01 | 10.0 | CVE-2016-2343 CERT-VN MISC |
| proftpd — proftpd | The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors. | 2016-04-05 | 10.0 | CVE-2016-3125 MLIST MLIST CONFIRM CONFIRM FEDORA FEDORA CONFIRM |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple — ibooks_author | Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2016-04-05 | 4.3 | CVE-2016-1789 CONFIRM |
| ca — api_gateway | CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified impact via unknown vectors. | 2016-04-05 | 6.4 | CVE-2016-3118 CONFIRM |
| cisco — evolved_programmable_network_manager | The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227. | 2016-04-06 | 5.5 | CVE-2016-1290 CISCO |
| eaton_lighting_systems — eg2_web_control | Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to read the configuration file, and consequently discover credentials, via a direct request. | 2016-04-06 | 5.0 | CVE-2016-0871 MISC |
| eaton_lighting_systems — eg2_web_control | Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to have an unspecified impact via a modified cookie. | 2016-04-06 | 5.0 | CVE-2016-2272 MISC |
| falcon_system_consulting — wisepoint | The management screen in Falcon WisePoint 4.3.1 and earlier and WisePoint Authenticator 4.1.19.22 and earlier allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 2016-04-05 | 4.3 | CVE-2016-1177 CONFIRM JVNDB JVN |
| hiniarata — casebook_plugin | Cross-site scripting (XSS) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2016-04-06 | 4.3 | CVE-2016-1169 CONFIRM JVNDB JVN |
| hiniarata — casebook_plugin | Cross-site request forgery (CSRF) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to hijack the authentication of administrators. | 2016-04-06 | 6.8 | CVE-2016-1170 CONFIRM JVNDB JVN |
| hiniarata — casebook_plugin | Cross-site scripting (XSS) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2016-04-06 | 4.3 | CVE-2016-1171 CONFIRM JVNDB JVN |
| hiniarata — casebook_plugin | Cross-site request forgery (CSRF) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to hijack the authentication of administrators. | 2016-04-06 | 6.8 | CVE-2016-1172 CONFIRM JVNDB JVN |
| hiniarata — casebook_plugin | Cross-site scripting (XSS) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2016-04-06 | 4.3 | CVE-2016-1173 CONFIRM JVNDB JVN |
| hiniarata — casebook_plugin | Cross-site request forgery (CSRF) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to hijack the authentication of administrators. | 2016-04-06 | 6.8 | CVE-2016-1174 CONFIRM JVNDB JVN |
| ibm — tivoli_storage_manager_fastback | The server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to cause a denial of service (service crash) via crafted packets to a TCP port. | 2016-04-05 | 5.0 | CVE-2015-8523 CONFIRM |
| ibm — maximo_asset_management | shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10 and 7.6 before 7.6.0.4 allows remote authenticated users to bypass intended item-selection restrictions via unspecified vectors. | 2016-04-05 | 4.0 | CVE-2016-0289 CONFIRM |
| iconics — webhmi | Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors. | 2016-04-01 | 5.0 | CVE-2016-2289 MISC |
| mcafee — email_gateway | Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) 7.6.x before 7.6.404, when File Filtering is enabled with the action set to ESERVICES:REPLACE, allows remote attackers to inject arbitrary web script or HTML via an attachment in a blocked email. | 2016-04-06 | 4.3 | CVE-2016-3969 CONFIRM |
| netapp — clustered_data_ontap | NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2016-04-07 | 5.8 | CVE-2016-1563 CONFIRM |
| pro-face — gp-pro_ex_ex-ed | The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials. | 2016-04-06 | 6.4 | CVE-2015-7921 MISC |
| pro-face — gp-pro_ex_ex-ed | Heap-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors. | 2016-04-06 | 6.8 | CVE-2016-2290 MISC |
| pro-face — gp-pro_ex_ex-ed | Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allow remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | 2016-04-06 | 4.3 | CVE-2016-2291 MISC |
| pro-face — gp-pro_ex_ex-ed | Stack-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors. | 2016-04-06 | 4.3 | CVE-2016-2292 MISC |
| redhat — jboss_wildfly_application_server | Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contains (a) lowercase or (b) “meaningless” characters. | 2016-04-01 | 5.0 | CVE-2016-0793 EXPLOIT-DB CONFIRM MISC |
| rockwellautomation — integrated_architecture_builder | IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) before 9.6.0.8 and 9.7.x before 9.7.0.2 allows remote attackers to execute arbitrary code via a crafted project file. | 2016-04-06 | 6.9 | CVE-2016-2277 MISC |
| sharp — aquos_hn-pp150_firmware | Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player HN-PP150 1.02.00.04 through 1.03.01.04 allows remote attackers to hijack the authentication of arbitrary users. | 2016-04-05 | 5.8 | CVE-2016-1175 CONFIRM JVNDB JVN |
| sharp — eva_animater | Buffer overflow in the ActiveX control in Sharp EVA Animeter allows remote attackers to execute arbitrary code via a crafted web page. | 2016-04-05 | 6.8 | CVE-2016-1176 JVNDB JVN |
| sophos — cyberoam_cr100ing_utm_firmware | Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and CR35iNG UTM appliance with firmware 10.6.2 Build 378 allow remote attackers to inject arbitrary web script or HTML via the (1) ipFamily parameter to corporate/webpages/trafficdiscovery/LiveConnections.jsp; the (2) ipFamily, (3) applicationname, or (4) username parameter to corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp; or the (5) X-Forwarded-For HTTP header. | 2016-04-06 | 4.3 | CVE-2016-3968 MISC MISC |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe — flash_player | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to bypass intended access restrictions via unspecified vectors. | 2016-04-08 | not yet calculated | CVE-2016-1030 CONFIRM |
| adobe — flash_player | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code by overriding NetConnection object properties to leverage an unspecified “type confusion,” a different vulnerability than CVE-2016-1019. | 2016-04-08 | not yet calculated | CVE-2016-1015 CONFIRM MISC |
| adobe — flash_player | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, and CVE-2016-1032. | 2016-04-08 | not yet calculated | CVE-2016-1033 CONFIRM |
| adobe — flash_player | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, and CVE-2016-1033. | 2016-04-08 | not yet calculated | CVE-2016-1032 CONFIRM |
| adobe — flash_player | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1032, and CVE-2016-1033. | 2016-04-08 | not yet calculated | CVE-2016-1029 CONFIRM |
| adobe — flash_player | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. | 2016-04-08 | not yet calculated | CVE-2016-1028 CONFIRM |
| adobe — flash_player | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. | 2016-04-08 | not yet calculated | CVE-2016-1026 CONFIRM |
| adobe — flash_player | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. | 2016-04-08 | not yet calculated | CVE-2016-1025 CONFIRM |
| adobe — flash_player | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. | 2016-04-08 | not yet calculated | CVE-2016-1024 CONFIRM |
| adobe — flash_player | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. | 2016-04-08 | not yet calculated | CVE-2016-1023 CONFIRM |
| adobe — flash_player | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. | 2016-04-08 | not yet calculated | CVE-2016-1022 CONFIRM |
| adobe — flash_player | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. | 2016-04-08 | not yet calculated | CVE-2016-1021 CONFIRM |
| adobe — flash_player | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. | 2016-04-08 | not yet calculated | CVE-2016-1020 CONFIRM |
| adobe — flash_player | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. | 2016-04-08 | not yet calculated | CVE-2016-1012 CONFIRM |
| adobe — flash_player | Stack-based buffer overflow in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via crafted JPEG-XR data. | 2016-04-08 | not yet calculated | CVE-2016-1018 CONFIRM MISC |
| adobe — flash_player | Untrusted search path vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows local users to gain privileges via a Trojan horse resource in an unspecified directory. | 2016-04-08 | not yet calculated | CVE-2016-1014 CONFIRM |
| adobe — flash_player | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1017. | 2016-04-08 | not yet calculated | CVE-2016-1031 CONFIRM |
| adobe — flash_player | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1016, CVE-2016-1017, and CVE-2016-1031. | 2016-04-08 | not yet calculated | CVE-2016-1013 CONFIRM |
| adobe — flash_player | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1013, CVE-2016-1016, CVE-2016-1017, and CVE-2016-1031. | 2016-04-08 | not yet calculated | CVE-2016-1011 CONFIRM |
| adobe — flash_player | Use-after-free vulnerability in the LoadVars.decode function in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1031. | 2016-04-08 | not yet calculated | CVE-2016-1017 CONFIRM MISC |
| adobe — flash_player | Use-after-free vulnerability in the Transform object implementation in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via a flash.geom.Matrix callback, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1017, and CVE-2016-1031. | 2016-04-08 | not yet calculated | CVE-2016-1016 CONFIRM MISC |
| adobe– flash_player | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to bypass the ASLR protection mechanism via JIT data. | 2016-04-08 | not yet calculated | CVE-2016-1006 CONFIRM |
| adobe– flash_player | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. | 2016-04-08 | not yet calculated | CVE-2016-1027 CONFIRM |
| apache — activemq_5.x | The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element. | 2016-04-07 | not yet calculated | CVE-2016-0734 MLIST CONFIRM |
| apache — nxerces_c | Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document. | 2016-04-07 | not yet calculated | CVE-2016-0729 CONFIRM CONFIRM BUGTRAQ DEBIAN CONFIRM MISC |
| bshell — xthis.handler | BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler. | 2016-04-07 | not yet calculated | CVE-2016-2510 MISC MISC CONFIRM CONFIRM CONFIRM DEBIAN |
| cisco — ip_interoperability_&_collaboration_system | Cross-site scripting (XSS) vulnerability in Cisco IP Interoperability and Collaboration System 4.10(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy12339. | 2016-04-08 | not yet calculated | CVE-2016-1375 CISCO |
| citrix — xenmobile_server | Cross-site scripting (XSS) vulnerability in the Web User Interface in Citrix XenMobile Server 10.0, 10.1 before Rolling Patch 4, and 10.3 before Rolling Patch 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2016-04-07 | not yet calculated | CVE-2016-2789 CONFIRM |
| cloudbees — jenkins | CloudBees Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach. | 2016-04-07 | not yet calculated | CVE-2016-0791 CONFIRM |
| cloudbees — jenkins_&_lts | CloudBees Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach. | 2016-04-07 | not yet calculated | CVE-2016-0790 CONFIRM |
| cloudbees — jenkins_&_lts | CRLF injection vulnerability in the CLI command documentation in CloudBees Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 2016-04-07 | not yet calculated | CVE-2016-0789 CONFIRM |
| cloudbees — jenkins_&_lts | Multiple unspecified API endpoints in CloudBees Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando. | 2016-04-07 | not yet calculated | CVE-2016-0792 MISC CONFIRM |
| cloudbees — jenkins_&_lts | The remoting module in CloudBees Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener. | 2016-04-07 | not yet calculated | CVE-2016-0788 CONFIRM |
| cyber_will — ec_cube | Cross-site scripting (XSS) vulnerability in the Social-button Premium plugin 1.0 for Cyber-Will EC-CUBE 2.13.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2016-04-08 | not yet calculated | CVE-2016-1180 CONFIRM CONFIRM JVNDB JVN |
| django — password_hasher | The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests. | 2016-04-08 | not yet calculated | CVE-2016-2513 CONFIRM CONFIRM |
| django — util.is_safe_url_function | The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://[email protected]. | 2016-04-08 | not yet calculated | CVE-2016-2512 CONFIRM CONFIRM |
| drupal — prepopulate_module | The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the REQUEST superglobal array, and consequently have unspecified impact, via a base64-encoded pp parameter. | 2016-04-08 | not yet calculated | CVE-2016-3187 MISC CONFIRM CONFIRM |
| drupal — prepopulate_request_walk_function | The _prepopulate_request_walk function in the Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the (1) actions, (2) container, (3) token, (4) password, (5) password_confirm, (6) text_format, or (7) markup field type, and consequently have unspecified impact, via unspecified vectors. | 2016-04-08 | not yet calculated | CVE-2016-3188 MISC CONFIRM CONFIRM |
| erlang — otp | Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). | 2016-04-07 | not yet calculated | CVE-2015-2774 MISC CONFIRM MLIST MLIST SUSE |
| exim — prior_to_4.86.2 | Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument. | 2016-04-07 | not yet calculated | CVE-2016-1531 EXPLOIT-DB CONFIRM MISC |
| forti — os | The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the “redirect” parameter to “login.” | 2016-04-08 | not yet calculated | CVE-2016-3978 SECTRACK CONFIRM FULLDISC |
| git — version<2.7.4 | Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. | 2016-04-08 | not yet calculated | CVE-2016-2324 CONFIRM CONFIRM MLIST MISC SUSE SUSE SUSE SUSE |
| git — versions<2.7.4 | revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow. | 2016-04-08 | not yet calculated | CVE-2016-2315 CONFIRM CONFIRM CONFIRM SECTRACK MLIST MISC SUSE SUSE SUSE SUSE |
| huawei — sophia_l10_smartphones | Huawei Sophia-L10 smartphones with software before P7-L10C900B852 allow attackers to cause a denial of service (system panic) via a crafted application with the system or camera privilege. | 2016-04-07 | not yet calculated | CVE-2015-8305 CONFIRM |
| libotr — proto.c | Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow. | 2016-04-07 | not yet calculated | CVE-2016-2851 MISC MLIST BUGTRAQ DEBIAN FULLDISC SUSE |
| mcafee — atd | McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process. | 2016-04-08 | not yet calculated | CVE-2016-3983 CONFIRM |
| mcafee — mar | McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allow local administrators to bypass intended self-protection rules and modify registry keys and files via unspecified vectors. | 2016-04-08 | not yet calculated | CVE-2016-3984 CONFIRM SECTRACK |
| node — js | Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. | 2016-04-07 | not yet calculated | CVE-2016-2086 CONFIRM BID FEDORA FEDORA |
| node — js | The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a. | 2016-04-07 | not yet calculated | CVE-2016-2216 CONFIRM BID MISC FEDORA FEDORA MISC MISC |
| p8_&_mate_s_smartphones | Heap-based buffer overflow in the HIFI driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2015-8318. | 2016-04-07 | not yet calculated | CVE-2015-8319 CONFIRM |
| p8_&_mate_s_smartphones | Heap-based buffer overflow in the HIFI driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2015-8319. | 2016-04-07 | not yet calculated | CVE-2015-8318 CONFIRM |
| p8_&_mate_s_smartphones | The (1) ION and (2) Maxim_smartpa_dev drivers in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allow attackers to cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access. | 2016-04-07 | not yet calculated | CVE-2015-8679 CONFIRM |
| p8_&_mate_s_smartphones | The Graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application with the graphics permission, aka an “interface access control vulnerability,” a different vulnerability than CVE-2015-8307. | 2016-04-07 | not yet calculated | CVE-2015-8680 CONFIRM |
| p8_&_mate_s_smartphones | The Graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application with the graphics permission, aka an “interface access control vulnerability,” a different vulnerability than CVE-2015-8680. | 2016-04-07 | not yet calculated | CVE-2015-8307 CONFIRM |
| p8_&_mate_s_smartphones | The ovisp driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application with the camera permission, aka an “interface access control vulnerability.” | 2016-04-07 | not yet calculated | CVE-2015-8681 CONFIRM |
| perl — taint_protection_mechanism | Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. | 2016-04-08 | not yet calculated | CVE-2016-2381 MLIST DEBIAN CONFIRM |
| putty — scp | Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request. | 2016-04-07 | not yet calculated | CVE-2016-2563 MISC CONFIRM FULLDISC |
| qemu — firmware_configuation_devices | The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or potentially execute arbitrary code via an invalid current entry value in a firmware configuration. | 2016-04-07 | not yet calculated | CVE-2016-1714 MLIST SECTRACK BID MLIST MLIST MLIST |
| qemu — pring | QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption. | 2016-04-07 | not yet calculated | CVE-2016-2858 CONFIRM MLIST MLIST CONFIRM |
| redhat — glibc | The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors. | 2016-04-08 | not yet calculated | CVE-2015-5229 CONFIRM CONFIRM CONFIRM REDHAT |
| ruby_on_rails — action_pack | Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application’s unrestricted use of the render method. | 2016-04-07 | not yet calculated | CVE-2016-2098 MLIST SECTRACK DEBIAN CONFIRM |
| ruby_on_rails — action_view | Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application’s unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752. | 2016-04-07 | not yet calculated | CVE-2016-2097 MLIST SECTRACK DEBIAN CONFIRM |
| sap — java_as | Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.4 allows remote attackers to cause a denial of service via a crafted HTTP request, aka SAP Security Note 2256185. | 2016-04-08 | not yet calculated | CVE-2016-3979 MISC |
| sap — java_as | The Java Startup Framework (aka jstart) in SAP JAVA AS 7.4 allows remote attackers to cause a denial of service via a crafted HTTP request, aka SAP Security Note 2259547. | 2016-04-08 | not yet calculated | CVE-2016-3980 MISC |
| sap — netweaver | The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via requests to (1) webcontent/cas/cas_enter.jsp, (2) webcontent/cas/cas_validate.jsp, or (3) webcontent/aas/aas_store.jsp, aka SAP Security Note 1945215. | 2016-04-07 | not yet calculated | CVE-2015-8840 MISC MISC |
| sap — netweaver_java | Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to NavigationURLTester, aka SAP Security Note 2238375. | 2016-04-07 | not yet calculated | CVE-2016-3975 MISC MISC |
| sap — netweaver_java | Directory traversal vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to CrashFileDownloadServlet, aka SAP Security Note 2234971. | 2016-04-07 | not yet calculated | CVE-2016-3976 MISC MISC |
| sap — netweaver_java | The chat feature in the Real-Time Collaboration (RTC) services in SAP NetWeaver Java AS 7.4 allows remote attackers to obtain sensitive user information via unspecified vectors related to WD_CHAT, aka SAP Security Note 2255990. | 2016-04-07 | not yet calculated | CVE-2016-3973 MISC MISC |
| sap — netweaver_java | XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.4 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request, related to the ctcprotocol servlet, aka SAP Security Note 2235994. | 2016-04-07 | not yet calculated | CVE-2016-3974 MISC MISC |
| semens — scalance_s613 | Siemens SCALANCE S613 allows remote attackers to cause a denial of service (web-server outage) via traffic to TCP port 443. | 2016-04-08 | not yet calculated | CVE-2016-3963 CONFIRM |
| spip — encoder_contexte_ajax | The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object. | 2016-04-08 | not yet calculated | CVE-2016-3154 CONFIRM CONFIRM DEBIAN |
| spip — filtrer_entites_function | SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function. | 2016-04-08 | not yet calculated | CVE-2016-3153 CONFIRM CONFIRM DEBIAN |
| squid — icmp6 | Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet. | 2016-04-07 | not yet calculated | CVE-2016-3947 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM SECTRACK |
| squid — unknown | Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers. | 2016-04-07 | not yet calculated | CVE-2016-3948 CONFIRM CONFIRM SECTRACK |
| suse — mysql_systemd_helper | The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments. | 2016-04-08 | not yet calculated | CVE-2015-5969 SUSE CONFIRM SUSE SUSE SUSE |
| websvn — versions_<=2.3.3 | Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php. | 2016-04-07 | not yet calculated | CVE-2016-2511 DEBIAN FULLDISC MISC |
| zimba — mail_interface | Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest. | 2016-04-08 | not yet calculated | CVE-2015-6541 EXPLOIT-DB CONFIRM FULLDISC |
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: April 08, 2016
Adobe has released security updates to address multiple vulnerabilities in Flash Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review Adobe Security Bulletin APSB16-10 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: April 07, 2016
Juniper has released ScreenOS version 6.3.0r22 to address issues with encryption methods used in prior versions.
US-CERT recommends that users and administrators review articles Juniper Networks Completes ScreenOS Update and Advancing the Security of Juniper Products for more information and update all affected ScreenOS versions.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: April 06, 2016
The Internal Revenue Service (IRS) has issued a press release to address a phishing scam targeting taxpayers. Email scammers have been observed citing tax fraud to trick victims into clicking on a malicious link. Taxpayers should be suspicious of unsolicited emails.
Users and administrators are encouraged to review the IRS news release for details and refer to US-CERT Security Tip ST15-001 for information on tax-themed phishing attacks.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: April 06, 2016
The Federal Trade Commission (FTC) has released an alert on tech-support themed telephone scams. In these schemes, fraudulent callers claim to be from legitimate technical support organizations and offer to fix computer problems that don’t exist. Users should not give control of their computers to anyone who calls offering to “fix” a problem.
US-CERT encourages users and administrators to refer to the FTC Scam Alert and the US-CERT Security Tip on Avoiding Social Engineering and Phishing Attacks for more information.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: April 06, 2016
Cisco has released security updates to address vulnerabilities in multiple products. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: April 04, 2016
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| autodesk — autodesk_backburner | Stack-based buffer overflow in manager.exe in Backburner Manager in Autodesk Backburner 2016 2016.0.0.2150 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted command. NOTE: this is only a vulnerability in environments in which the administrator has not followed documentation that outlines the security risks of operating Backburner on untrusted networks. | 2016-03-28 | 7.8 | CVE-2016-2344 CERT-VN |
| cisco — ios | The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417. | 2016-03-25 | 7.1 | CVE-2016-1344 CISCO |
| cisco — ios | Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821. | 2016-03-25 | 7.8 | CVE-2016-1348 CISCO |
| cisco — ios | The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410. | 2016-03-25 | 7.8 | CVE-2016-1349 CISCO |
| cisco — ios | Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293. | 2016-03-25 | 7.8 | CVE-2016-1350 CISCO |
| cisco — ios | The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.1 and 15.2 and NX-OS 4.1 through 6.2 allows remote attackers to cause a denial of service (device reload) via a crafted header in a packet, aka Bug ID CSCuu64279. | 2016-03-25 | 7.8 | CVE-2016-1351 CISCO |
| cogent_datahub — cogent_datahub | Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file. | 2016-03-29 | 7.2 | CVE-2016-2288 MISC |
| google — chrome | The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code. | 2016-03-29 | 9.3 | CVE-2016-1646 CONFIRM CONFIRM CONFIRM |
| google — chrome | Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2016-03-29 | 9.3 | CVE-2016-1647 CONFIRM CONFIRM CONFIRM CONFIRM |
| google — chrome | Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code. | 2016-03-29 | 9.3 | CVE-2016-1648 CONFIRM CONFIRM CONFIRM |
| google — chrome | The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted shader stages. | 2016-03-29 | 9.3 | CVE-2016-1649 CONFIRM CONFIRM CONFIRM |
| google — chrome | The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/page_capture_api.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document. | 2016-03-29 | 9.3 | CVE-2016-1650 CONFIRM CONFIRM CONFIRM CONFIRM |
| google — chrome | Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 2016-03-29 | 9.3 | CVE-2016-3679 CONFIRM |
| pcre — pcre | pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. | 2016-03-28 | 7.5 | CVE-2014-9769 CONFIRM CONFIRM MLIST CONFIRM |
| php — php | Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element. | 2016-03-31 | 10.0 | CVE-2016-3141 CONFIRM CONFIRM CONFIRM |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| _wp_favorite_posts_project — _wp_favorite_posts | Cross-site scripting (XSS) vulnerability in the WP Favorite Posts plugin before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2016-03-25 | 4.3 | CVE-2016-1160 CONFIRM JVNDB JVN |
| aterm — wg300hp_firmware | Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP devices allows remote attackers to hijack the authentication of arbitrary users. | 2016-04-01 | 6.8 | CVE-2016-1167 JVNDB JVN CONFIRM |
| aterm — wf800hp_firmware | Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users. | 2016-04-01 | 6.8 | CVE-2016-1168 JVNDB JVN CONFIRM |
| cisco — asa_with_firepower_services | Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726. | 2016-03-31 | 5.0 | CVE-2016-1345 CISCO |
| fuseiso_project — fuseiso | Integer overflow in the isofs_real_read_zf function in isofs.c in FuseISO 20070708 might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ZF block size in an ISO file, leading to a heap-based buffer overflow. | 2016-03-30 | 5.0 | CVE-2015-8836 CONFIRM CONFIRM MLIST MLIST |
| fuseiso_project — fuseiso | Stack-based buffer overflow in the isofs_real_readdir function in isofs.c in FuseISO 20070708 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long pathname in an ISO file. | 2016-03-30 | 5.0 | CVE-2015-8837 CONFIRM CONFIRM MLIST MLIST |
| graniteds — granite_data_services | The AMF framework in Granite Data Services 3.1.1-SNAPSHOT allows remote authenticated users to read arbitrary files, send TCP requests to intranet servers, or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2016-03-25 | 5.5 | CVE-2016-2340 CERT-VN |
| ibm — informix_dynamic_server | The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file. | 2016-03-28 | 6.9 | CVE-2016-0226 CONFIRM MISC MISC MISC |
| php — php | The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PKx05x06 signature at an invalid location. | 2016-03-31 | 6.4 | CVE-2016-3142 CONFIRM CONFIRM CONFIRM |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple — iphone_os | The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app’s events via a crafted app. | 2016-03-29 | 2.1 | CVE-2016-1760 CONFIRM APPLE |
| cisco — unified_communications_domain_manager | Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (CDM) 8.1(1) allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux80760. | 2016-03-28 | 3.5 | CVE-2016-1314 CISCO |
| mit — kerberos | The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. | 2016-03-25 | 3.5 | CVE-2016-3119 CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: April 01, 2016
Apple has released a security update to address a vulnerability in its iBooks Author software. Exploitation of this vulnerability may allow an attacker to obtain sensitive information from an affected system.
US-CERT encourages users and administrators to review the Apple security website and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: March 31, 2016
Networked Systems
In early 2016, destructive ransomware variants such as Locky and Samas were observed infecting computers belonging to individuals and businesses, which included healthcare facilities and hospitals worldwide. Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it.
The United States Department of Homeland Security (DHS), in collaboration with Canadian Cyber Incident Response Centre (CCIRC), is releasing this Alert to provide further information on ransomware, specifically its main characteristics, its prevalence, variants that may be proliferating, and how users can prevent and mitigate against ransomware.
Ransomware is a type of malware that infects computer systems, restricting users’ access to the infected systems. Ransomware variants have been observed for several years and often attempt to extort money from victims by displaying an on-screen alert. Typically, these alerts state that the user’s systems have been locked or that the user’s files have been encrypted. Users are told that unless a ransom is paid, access will not be restored. The ransom demanded from individuals varies greatly but is frequently $200–$400 dollars and must be paid in virtual currency, such as Bitcoin.
Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge.
Crypto ransomware, a malware variant that encrypts files, is spread through similar methods and has also been spread through social media, such as Web-based instant messaging applications. Additionally, newer methods of ransomware infection have been observed. For example, vulnerable Web servers have been exploited as an entry point to gain access into an organization’s network.
The authors of ransomware instill fear and panic into their victims, causing them to click on a link or pay a ransom, and users systems can become infected with additional malware. Ransomware displays intimidating messages similar to those below:
In 2012, Symantec, using data from a command and control (C2) server of 5,700 computers compromised in one day, estimated that approximately 2.9 percent of those compromised users paid the ransom. With an average ransom of $200, this meant malicious actors profited $33,600 per day, or $394,400 per month, from a single C2 server. These rough estimates demonstrate how profitable ransomware can be for malicious actors.
This financial success has likely led to a proliferation of ransomware variants. In 2013, more destructive and lucrative ransomware variants were introduced, including Xorist, CryptorBit, and CryptoLocker. Some variants encrypt not just the files on the infected device, but also the contents of shared or networked drives. These variants are considered destructive because they encrypt users’ and organizations’ files, and render them useless until criminals receive a ransom.
In early 2016, a destructive ransomware variant, Locky, was observed infecting computers belonging to healthcare facilities and hospitals in the United States, New Zealand, and Germany. It propagates through spam emails that include malicious Microsoft Office documents or compressed attachments (e.g., .rar, .zip). The malicious attachments contain macros or JavaScript files to download Ransomware-Locky files.
Samas, another variant of destructive ransomware, was used to compromise the networks of healthcare facilities in 2016. Unlike Locky, Samas propagates through vulnerable Web servers. After the Web server was compromised, uploaded Ransomware-Samas files were used to infect the organization’s networks.
Systems infected with ransomware are also often infected with other malware. In the case of CryptoLocker, a user typically becomes infected by opening a malicious attachment from an email. This malicious attachment contains Upatre, a downloader, which infects the user with GameOver Zeus. GameOver Zeus is a variant of the Zeus Trojan that steals banking information and is also used to steal other types of data. Once a system is infected with GameOver Zeus, Upatre will also download CryptoLocker. Finally, CryptoLocker encrypts files on the infected system, and requests that a ransom be paid.
The close ties between ransomware and other types of malware were demonstrated through the recent botnet disruption operation against GameOver Zeus, which also proved effective against CryptoLocker. In June 2014, an international law enforcement operation successfully weakened the infrastructure of both GameOver Zeus and CryptoLocker.
Ransomware not only targets home users; businesses can also become infected with ransomware, leading to negative consequences, including
Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed.
Infections can be devastating to an individual or organization, and recovery can be a difficult process that may require the services of a reputable data recovery specialist.
US-CERT recommends that users and administrators take the following preventive measures to protect their computer networks from ransomware infection:
Individuals or organizations are discouraged from paying the ransom, as this does not guarantee files will be released. Report instances of fraud to the FBI at the Internet Crime Complaint Center.
This product is provided subject to this Notification and this Privacy & Use policy.