Category Archives: US-CERT

US-CERT Alerts – Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

US-CERT

Cisco Releases Security Updates

Leave a comment

Original release date: October 12, 2016

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

 

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Microsoft Releases Security Updates

Leave a comment

Original release date: October 11, 2016

Microsoft has released 10 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review Microsoft Security Bulletins MS16-118 through MS16-127 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Adobe Releases Security Updates

Leave a comment

Original release date: October 11, 2016

Adobe has released security updates to address vulnerabilities in Flash Player and the Creative Cloud Desktop Application. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletins APSB16-32 and APSB16-34 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Week Two of National Cyber Security Awareness Month

Leave a comment

Original release date: October 11, 2016

October is National Cyber Security Awareness Month, an annual campaign to raise awareness about cybersecurity. In partnership with DHS, the National Cyber Security Alliance has released information on “Cyber from the Break Room to the Board Room” describing how users can protect their businesses and other organizations from cyber threats. Recommendations include avoiding phishing emails, making passwords more complex, and reporting all suspicious activity.

Users and administrators are encouraged to review the Federal Trade Commission publication Start With Security: A Guide for Business and the US-CERT Tip Avoiding Social Engineering and Phishing Attacks for additional information.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Potential Hurricane Matthew Phishing Scams

Leave a comment

Original release date: October 11, 2016

US-CERT warns users to remain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Matthew. Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Matthew, even if it appears to originate from a trusted source. Fraudulent emails will often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from deceptive charitable organizations commonly appear after major natural disasters.

US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:

  • Do not follow unsolicited web links in email messages.
  • Use caution when opening email attachments. Refer to the Security Tip Using Caution with Email Attachments for more information on safely handling email attachments.
  • Keep antivirus and other computer software up-to-date.
  • Refer to the Security Tip Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
  • Review the Federal Trade Commission information on Charity Scams.
  • Verify the legitimacy of any email solicitation by contacting the organization directly through a trusted contact number. You can find trusted contact information for many charities on the BBB National Charity Report Index.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

SB16-284: Vulnerability Summary for the Week of October 3, 2016

Leave a comment

Original release date: October 10, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
adobe — flash_player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248. 2016-10-05 10.0 CVE-2016-7020
CONFIRM
adodb_project — adodb The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. 2016-10-03 7.5 CVE-2016-7405
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
FEDORA
american_auto-matrix — aspect-matrix_building_automation_front-end_solutions_application American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application store passwords in cleartext, which allows remote attackers to obtain sensitive information by reading a file. 2016-10-05 7.5 CVE-2016-2308
MISC
animas — onetouch_ping_firmware Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake. 2016-10-05 7.8 CVE-2016-5085
CERT-VN
MISC
MISC
animas — onetouch_ping_firmware Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks. 2016-10-05 9.3 CVE-2016-5086
CERT-VN
MISC
MISC
animas — onetouch_ping_firmware Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol. 2016-10-05 9.3 CVE-2016-5686
CERT-VN
MISC
MISC
apache — tomcat The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out. 2016-10-03 7.2 CVE-2016-1240
MISC
DEBIAN
DEBIAN
BUGTRAQ
SECTRACK
UBUNTU
apache — struts Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up. 2016-10-03 7.5 CVE-2016-4436
CONFIRM
CONFIRM
BID
CONFIRM
apache — myfaces CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string. 2016-10-03 7.5 CVE-2016-5019
MLIST
MISC
BID
CONFIRM
beckhoff — embedded_pc_images Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. 2016-10-05 9.4 CVE-2014-5414
MISC
beckhoff — embedded_pc_images Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service. 2016-10-05 9.4 CVE-2014-5415
MISC
c-ares_project — c-ares Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot. 2016-10-03 7.5 CVE-2016-5180
DEBIAN
CONFIRM
CONFIRM
CONFIRM
cisco — nx-os Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via malformed IPv4 DHCP packets to the DHCPv4 relay agent, aka Bug IDs CSCuq39250, CSCus21733, CSCus21739, CSCut76171, and CSCux67182. 2016-10-06 7.8 CVE-2015-6393
CISCO
cisco — nx-os Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long parameters in a packet header, aka Bug ID CSCuy95701. 2016-10-06 10.0 CVE-2016-1453
CISCO
cisco — ios_xe Cisco IOS XE 3.1 through 3.17 and 16.1 through 16.2 allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets that require NAT, aka Bug ID CSCuw85853. 2016-10-05 7.8 CVE-2016-6378
CISCO
cisco — ios Cisco IOS 12.2 and IOS XE 3.14 through 3.16 and 16.1 allow remote attackers to cause a denial of service (device reload) via crafted IP Detail Record (IPDR) packets, aka Bug ID CSCuu35089. 2016-10-05 7.8 CVE-2016-6379
CISCO
cisco — ios The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.15 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (data corruption or device reload) via a crafted DNS response, aka Bug ID CSCup90532. 2016-10-05 8.3 CVE-2016-6380
CISCO
cisco — ios Cisco IOS 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.18 and 16.1 allow remote attackers to cause a denial of service (memory consumption or device reload) via fragmented IKEv1 packets, aka Bug ID CSCuy47382. 2016-10-05 7.1 CVE-2016-6381
CISCO
cisco — ios Cisco IOS 15.2 through 15.6 and IOS XE 3.6 through 3.17 and 16.1 allow remote attackers to cause a denial of service (device restart) via a malformed IPv6 Protocol Independent Multicast (PIM) register packet, aka Bug ID CSCuy16399. 2016-10-05 7.8 CVE-2016-6382
CISCO
cisco — ios Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257. 2016-10-05 7.8 CVE-2016-6384
CISCO
cisco — ios Memory leak in the Smart Install client implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.2 through 3.8 allows remote attackers to cause a denial of service (memory consumption) via crafted image-list parameters, aka Bug ID CSCuy82367. 2016-10-05 7.8 CVE-2016-6385
CISCO
cisco — ios_xe Cisco IOS XE 3.1 through 3.17 and 16.1 on 64-bit platforms allows remote attackers to cause a denial of service (data-structure corruption and device reload) via fragmented IPv4 packets, aka Bug ID CSCux66005. 2016-10-05 7.8 CVE-2016-6386
CISCO
cisco — ios Cisco IOS 12.2 and 15.0 through 15.3 allows remote attackers to cause a denial of service (traffic-processing outage) via a crafted series of Common Industrial Protocol (CIP) requests, aka Bug ID CSCur69036. 2016-10-05 7.8 CVE-2016-6391
CISCO
cisco — ios Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.1 through 3.9 allow remote attackers to cause a denial of service (device restart) via a crafted IPv4 Multicast Source Discovery Protocol (MSDP) Source-Active (SA) message, aka Bug ID CSCud36767. 2016-10-05 7.8 CVE-2016-6392
CISCO
cisco — ios The AAA service in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.1 through 3.18 and 16.2 allows remote attackers to cause a denial of service (device reload) via a failed SSH connection attempt that is mishandled during generation of an error-log message, aka Bug ID CSCuy87667. 2016-10-05 7.1 CVE-2016-6393
CISCO
cisco — ios_xr Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands as root by leveraging admin privileges, aka Bug ID CSCva38349. 2016-10-06 7.2 CVE-2016-6428
CISCO
cisco — firepower_management_center The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872. 2016-10-06 9.0 CVE-2016-6433
CISCO
contus-video-comments_project — contus-video-comments Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin 2016-10-06 9.4 CVE-2016-1000112
MISC
dukapress_project — dukapress Blind SQL Injection in wordpress plugin dukapress v2.5.9 2016-10-06 7.5 CVE-2015-1000011
MISC
MISC
emc — networker_module_for_microsoft_applications The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6 allows remote RM servers to execute arbitrary commands by placing a crafted script in an SMB share. 2016-10-04 7.5 CVE-2016-0913
BUGTRAQ
emc — solutions_enabler The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the (1) GeneralCmdRequest, (2) PersistantDataRequest, or (3) GetCommandExecRequest class. 2016-10-04 9.0 CVE-2016-6645
BUGTRAQ
emc — solutions_enabler The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary code via crafted input to the (1) GetSymmCmdRequest or (2) RemoteServiceHandler class. 2016-10-04 10.0 CVE-2016-6646
BUGTRAQ
f5 — big-ip_access_policy_manager Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit Proxy functionality or SOCKS profile, allow remote attackers to modify the system configuration, read system files, and possibly execute arbitrary code via unspecified vectors. 2016-10-03 9.3 CVE-2016-5700
SECTRACK
CONFIRM
f5 — big-ip_local_traffic_manager F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF11, 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2 allow remote attackers to modify or extract system configuration files via vectors involving NAT64. 2016-10-05 10.0 CVE-2016-5745
SECTRACK
CONFIRM
fortinet — fortiwlc The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors. 2016-10-05 10.0 CVE-2016-7560
CONFIRM
huawei — usg2100 Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication. 2016-10-03 9.3 CVE-2016-8276
CONFIRM
BID
huawei — usg9520 Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote attackers to cause a denial of service (device restart) via an unspecified URL. 2016-10-03 7.8 CVE-2016-8278
CONFIRM
BID
huge-it — huge-it_image_gallery XSS and SQLi in huge IT gallery v1.1.5 for Joomla 2016-10-06 7.5 CVE-2016-1000113
MISC
MISC
huge-it — video_gallery Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla 2016-10-06 7.5 CVE-2016-1000123
MISC
MISC
huge-it — portfolio_gallery Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6 2016-10-06 7.5 CVE-2016-1000124
MISC
MISC
huge-it — huge-it_catalog Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla 2016-10-06 7.5 CVE-2016-1000125
MISC
MISC
qemu — qemu Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet. 2016-10-05 10.0 CVE-2016-7161
CONFIRM
MLIST
MLIST
BID
MLIST
MLIST
redhat — jboss_enterprise_application_platform Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL. 2016-10-03 7.1 CVE-2016-7046
BID
CONFIRM
sap — netweaver The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL ‘SYSTEM’ statement, aka SAP Security Note 2260344. 2016-10-05 9.0 CVE-2016-7435
FULLDISC
FULLDISC
FULLDISC
MISC
MISC
MISC
MISC
unadf_project — unadf Stack-based buffer overflow in the extractTree function in unADF allows remote attackers to execute arbitrary code via a long pathname. 2016-10-03 7.5 CVE-2016-1243
MISC
DEBIAN
CONFIRM
unadf_project — unadf The extractTree function in unADF allows remote attackers to execute arbitrary code via shell metacharacters in a directory name in an adf file. 2016-10-03 9.3 CVE-2016-1244
MISC
DEBIAN
CONFIRM
zotpress_project — zotpress Zotpress plugin for WordPress SQLi in zp_get_account() 2016-10-06 7.5 CVE-2016-1000217
MISC
MISC

Back to top

Medium Vulnerabilities

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
american_auto-matrix — aspect-matrix_building_automation_front-end_solutions_application American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application allow remote attackers to read arbitrary files via unspecified vectors, as demonstrated by the configuration file. 2016-10-05 5.0 CVE-2016-2307
MISC
animas — onetouch_ping_firmware Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network. 2016-10-05 5.0 CVE-2016-5084
CERT-VN
MISC
MISC
apache — derby XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype. 2016-10-03 6.4 CVE-2015-1832
CONFIRM
BID
CONFIRM
CONFIRM
bb&t — the_u The U by BB&T app 1.5.4 and earlier for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2016-10-04 4.3 CVE-2016-6550
CERT-VN
candidate-application-form_project — candidate-application-form Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin 2016-10-06 5.0 CVE-2015-1000005
MISC
ceph_project — ceph The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL. 2016-10-03 4.3 CVE-2016-7031
CONFIRM
REDHAT
REDHAT
CONFIRM
CONFIRM
cisco — nx-os Cisco NX-OS before 7.0(3)I2(2e) and 7.0(3)I4 before 7.0(3)I4(1) has an incorrect iptables local-interface configuration, which allows remote attackers to obtain sensitive information via TCP or UDP traffic, aka Bug ID CSCuz05365. 2016-10-05 5.0 CVE-2016-1455
CISCO
cisco — content_security_management_appliance The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065. 2016-10-05 4.3 CVE-2016-6416
CISCO
cisco — firesight_system_software Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636. 2016-10-05 6.8 CVE-2016-6417
CISCO
cisco — videoscape_distribution_suite_service_manager Cross-site scripting (XSS) vulnerability in Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.0 through 3.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCva14552. 2016-10-05 4.3 CVE-2016-6418
CISCO
cisco — firepower_management_center SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485. 2016-10-05 6.0 CVE-2016-6419
CISCO
cisco — firesight_system_software Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467. 2016-10-05 6.8 CVE-2016-6420
CISCO
cisco — ios_xr Cisco IOS XR 5.2.2 allows remote attackers to cause a denial of service (process restart) via a crafted OSPF Link State Advertisement (LSA) update, aka Bug ID CSCvb05643. 2016-10-05 5.0 CVE-2016-6421
CISCO
cisco — ios Cisco IOS 12.2(33)SXJ9 on Supervisor Engine 32 and 720 modules for 6500 and 7600 devices mishandles certain operators, flags, and keywords in TCAM share ACLs, which allows remote attackers to bypass intended access restrictions by sending packets that should have been recognized by a filter, aka Bug ID CSCuy64806. 2016-10-06 4.3 CVE-2016-6422
CISCO
cisco — ios The IKEv2 client and initiator implementations in Cisco IOS 15.5(3)M and IOS XE allow remote IKEv2 servers to cause a denial of service (device reload) via crafted IKEv2 packets, aka Bug ID CSCux97540. 2016-10-05 6.3 CVE-2016-6423
CISCO
cisco — adaptive_security_appliance The DHCP Relay implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4.7.29 and 9.1.7.4 allows remote attackers to cause a denial of service (interface wedge) via a crafted rate of DHCP packet transmission, aka Bug ID CSCuy66942. 2016-10-06 6.1 CVE-2016-6424
CISCO
cisco — unified_contact_center_express Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652. 2016-10-06 4.3 CVE-2016-6425
CISCO
cisco — unified_contact_center_express The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653. 2016-10-05 4.3 CVE-2016-6426
CISCO
cisco — unified_contact_center_express Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654. 2016-10-06 6.8 CVE-2016-6427
CISCO
cisco — firepower_management_center Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370. 2016-10-06 4.6 CVE-2016-6434
CISCO
cisco — firepower_management_center The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376. 2016-10-06 4.0 CVE-2016-6435
CISCO
cisco — hostscan_engine Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz14682. 2016-10-06 4.3 CVE-2016-6436
CISCO
clamav — clamav ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable. 2016-10-03 4.3 CVE-2016-1371
CONFIRM
BID
UBUNTU
CONFIRM
MISC
clamav — clamav ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file. 2016-10-03 4.3 CVE-2016-1372
CONFIRM
BID
UBUNTU
CONFIRM
MISC
csv2wpec-coupon_project — csv2wpec-coupon Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1 2016-10-06 5.0 CVE-2015-1000013
MISC
MISC
djangoproject — django The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies. 2016-10-03 5.0 CVE-2016-7401
DEBIAN
BID
SECTRACK
UBUNTU
CONFIRM
drupal — drupal Drupal 8.x before 8.1.10 does not properly check for “Administer comments” permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes. 2016-10-03 4.0 CVE-2016-7570
BID
SECTRACK
CONFIRM
drupal — drupal Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an HTTP exception. 2016-10-03 4.3 CVE-2016-7571
BID
SECTRACK
CONFIRM
drupal — drupal The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for “Export configuration” permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors. 2016-10-03 4.0 CVE-2016-7572
BID
SECTRACK
CONFIRM
fast-image-adder_project — fast-image-adder Remote file upload vulnerability in fast-image-adder v1.1 WordPress plugin 2016-10-06 5.0 CVE-2015-1000001
MISC
Miscellaneous
fortinet — fortiwlc Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file. 2016-10-05 4.0 CVE-2016-7561
CONFIRM
freerdp_project — freerdp FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. 2016-10-03 5.0 CVE-2013-4118
SUSE
SUSE
MLIST
MLIST
BID
CONFIRM
freerdp_project — freerdp FreeRDP before 1.1.0-beta+2013071101 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by disconnecting before authentication has finished. 2016-10-03 5.0 CVE-2013-4119
MLIST
MLIST
BID
CONFIRM
gnome — gdk-pixbuf The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. 2016-10-03 5.0 CVE-2016-6352
SUSE
MLIST
MLIST
UBUNTU
CONFIRM
CONFIRM
CONFIRM
haxx — libcurl curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420. 2016-10-03 5.0 CVE-2016-7141
SUSE
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
hp — keyview The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4388, CVE-2016-4389, and CVE-2016-4390. 2016-10-05 6.8 CVE-2016-4387
CONFIRM
hp — keyview The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4389, and CVE-2016-4390. 2016-10-05 6.8 CVE-2016-4388
CONFIRM
hp — keyview The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4390. 2016-10-05 6.8 CVE-2016-4389
CONFIRM
hp — keyview The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4389. 2016-10-05 6.8 CVE-2016-4390
CONFIRM
huawei — ar_firmware Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 make it easier for remote authenticated administrators to obtain and decrypt passwords by leveraging selection of a reversible encryption algorithm. 2016-10-03 4.0 CVE-2015-8085
CONFIRM
huawei — ar_firmware Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 makes it easier for remote authenticated administrators to obtain encryption keys and ciphertext passwords via vectors related to key storage. 2016-10-03 4.0 CVE-2015-8086
CONFIRM
huawei — usg9520 Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote authenticated users to cause a denial of service (device restart) via an unspecified command parameter. 2016-10-03 6.8 CVE-2016-8277
CONFIRM
BID
huawei — esight Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors. 2016-10-03 4.0 CVE-2016-8280
CONFIRM
BID
huge-it — huge-it_image_gallery XSS in huge IT gallery v1.1.5 for Joomla 2016-10-06 4.3 CVE-2016-1000114
MISC
MISC
ibm — websphere_application_server IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object. 2016-10-05 6.5 CVE-2016-5983
AIXAPAR
CONFIRM
ibm — websphere_application_server IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors. 2016-09-30 5.0 CVE-2016-5986
AIXAPAR
CONFIRM
ibm — db2 Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program. 2016-09-30 6.9 CVE-2016-5995
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
CONFIRM
ibm — sterling_secure_proxy Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL. 2016-10-06 5.0 CVE-2016-6023
CONFIRM
ibm — sterling_secure_proxy The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL. 2016-10-06 4.6 CVE-2016-6025
CONFIRM
ibm — sterling_secure_proxy The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP. 2016-10-06 5.8 CVE-2016-6027
CONFIRM
indasengineering — web_scada Directory traversal vulnerability in INDAS Web SCADA before 3 allows remote attackers to read arbitrary files via unspecified vectors. 2016-10-05 5.0 CVE-2016-8343
MISC
ipswitch — whatsup_gold Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection 2016-10-06 6.5 CVE-2016-1000000
MISC
libgd — libgd The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image. 2016-10-03 4.3 CVE-2016-6905
SUSE
SUSE
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
libtiff — libtiff The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the “-c none” option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. 2016-10-03 4.3 CVE-2016-3619
MISC
MLIST
libtiff — libtiff The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the “-c zip” option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. 2016-10-03 5.0 CVE-2016-3620
MISC
MLIST
libtiff — libtiff The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the “-c lzw” option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. 2016-10-03 6.8 CVE-2016-3621
MISC
MLIST
libtiff — libtiff The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image. 2016-10-03 4.3 CVE-2016-3622
MLIST
libtiff — libtiff The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0. 2016-10-03 5.0 CVE-2016-3623
CONFIRM
SUSE
MLIST
libtiff — libtiff The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the “-v” option to -1. 2016-10-03 5.0 CVE-2016-3624
MISC
MLIST
libtiff_project — libtiff tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image. 2016-10-03 4.3 CVE-2016-3625
MISC
MLIST
libtiff_project — libtiff The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable. 2016-10-03 5.0 CVE-2016-3631
MLIST
libtiff_project — libtiff The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable. 2016-10-03 5.0 CVE-2016-3633
MISC
MLIST
libtiff_project — libtiff The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching. 2016-10-03 5.0 CVE-2016-3634
MISC
MLIST
libtiff_project — libtiff The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable. 2016-10-03 5.0 CVE-2016-3658
MISC
MLIST
mailcwp_project — mailcwp Remote file upload vulnerability in mailcwp v1.99 wordpress plugin 2016-10-06 5.0 CVE-2015-1000000
MISC
MISC
mypixs_project — mypixs Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin 2016-10-06 5.0 CVE-2015-1000012
MISC
MISC
openjpeg — openjpeg convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s. 2016-10-03 5.0 CVE-2016-7445
SUSE
MLIST
MLIST
CONFIRM
CONFIRM
perl — perl Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message. 2016-10-05 5.0 CVE-2016-1246
CONFIRM
DEBIAN
CONFIRM
pivotal_software — spring_data_jpa SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call. 2016-10-05 6.8 CVE-2016-6652
CONFIRM
CONFIRM
CONFIRM
pivotal_software — cloud_foundry_cf_mysql The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) cf-mysql-release 27 and 28 allows remote attackers to obtain sensitive information by reading syslog messages, as demonstrated by cleartext credentials. 2016-10-06 5.0 CVE-2016-6653
CONFIRM
qemu — qemu The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0. 2016-10-05 4.9 CVE-2016-7909
MLIST
MLIST
MLIST
recent-backups_project — recent-backups Remote file download vulnerability in recent-backups v0.7 wordpress plugin 2016-10-06 5.0 CVE-2015-1000006
MISC
sap — netweaver The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621. 2016-10-05 5.0 CVE-2016-4551
FULLDISC
MISC
simple-image-manipulator_project — simple-image-manipulator Remote file download in simple-image-manipulator v1.0 wordpress plugin 2016-10-06 5.0 CVE-2015-1000010
MISC
MISC
wptf-image-gallery_project — wptf-image-gallery Remote file download vulnerability in wptf-image-gallery v1.03 2016-10-06 5.0 CVE-2015-1000007
MISC

Back to top

Low Vulnerabilities

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
ibm — websphere_application_server Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving OpenID Connect clients. 2016-09-30 3.5 CVE-2016-3042
AIXAPAR
CONFIRM
ibm — b2b_advanced_communications Cross-site scripting (XSS) vulnerability in IBM 10x, as used in Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications before 1.0.0.5_2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2016-10-05 3.5 CVE-2016-5892
CONFIRM
ibm — business_process_manager Cross-site scripting (XSS) vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative fix 2016.09 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2016-10-05 3.5 CVE-2016-5901
AIXAPAR
CONFIRM
ibm — sterling_secure_proxy The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST. 2016-10-06 2.9 CVE-2016-6026
CONFIRM
mongodb — mongodb The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files. 2016-10-03 2.1 CVE-2016-6494
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
FEDORA
qemu — qemu The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags. 2016-10-05 2.1 CVE-2016-7907
MLIST
MLIST
MLIST
qemu — qemu The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags. 2016-10-05 2.1 CVE-2016-7908
CONFIRM
MLIST
MLIST
MLIST
redhat — jboss_bpm_suite Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes. 2016-10-03 3.5 CVE-2016-5398
REDHAT
REDHAT
BID
CONFIRM
redhat — enterprise_virtualization The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files. 2016-10-03 2.1 CVE-2016-5432
REDHAT
CONFIRM
CONFIRM
sophos — unified_threat_management_software The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the “value” field of the SMTP user settings in the notifications configuration tab. 2016-10-03 2.1 CVE-2016-7397
BUGTRAQ
MISC.
sophos — unified_threat_management_software The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the “value” field of the proxy user settings in “system settings / scan settings / anti spam” configuration tab. 2016-10-03 2.1 CVE-2016-7442
BUGTRAQ
MISC.

Back to top

Severity Not Yet Assigned

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
cisco — nx-os Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access via crafted parameters in an SSH connection negotiation, aka Bug IDs CSCum35502, CSCuw78669, CSCuw79754, and CSCux88492. 2016-10-06 not yet calculated CVE-2015-0721
CISCO
cisco — nx-os Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted IPv4 DHCP packets to the (1) DHCPv4 relay agent or (2) smart relay agent, aka Bug IDs CSCuq24603, CSCur93159, CSCus21693, and CSCut76171. 2016-10-05 not yet calculated CVE-2015-6392
CISCO
cisco — nx-os Cisco NX-OS 4.0 through 7.3 and 11.0 through 11.2 on 1000v, 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device reload) by leveraging a peer relationship to send a crafted BGP UPDATE message, aka Bug IDs CSCuq77105 and CSCux11417. 2016-10-06 not yet calculated CVE-2016-1454
CISCO
citrix — license_server Citrix License Server for Windows before 11.14.0.1 and License Server VPX before 11.14.0.1 allow remote attackers to cause a denial of service (server crash) via unspecified vectors. 2016-10-07 not yet calculated CVE-2016-6273
CONFIRM
curl — curl_escape Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow. 2016-10-07 not yet calculated CVE-2016-7167
BID
SECTRACK
SLACKWARE
CONFIRM
FEDORA
FEDORA
FEDORA
eclipse — jetty The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak. 2016-10-07 not yet calculated CVE-2015-2080
MLIST
MLIST
FEDORA
MISC
FULLDISC
BUGTRAQ
BID
SECTRACK
MISC
CONFIRM
fedora_project — mirror_manager Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code 2016-10-07 not yet calculated CVE-2016-1000003
MISC
MISC
fedora_project — pagure Pagure 2.2.1 XSS in raw file endpoint 2016-10-07 not yet calculated CVE-2016-1000007
MISC
flask — flask_oxide flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect 2016-10-07 not yet calculated CVE-2016-1000001
MISC
fortinet — fortimanager Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters. 2016-10-07 not yet calculated CVE-2015-7363
CONFIRM
gnu — c_library The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. 2016-10-07 not yet calculated CVE-2016-6323
SUSE
MLIST
FEDORA
FEDORA
FEDORA
CONFIRM
CONFIRM
libav — put_no_rnd_pixels8_xy2_mmx The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file. 2016-10-07 not yet calculated CVE-2016-7424
DEBIAN
MLIST
MLIST
MLIST
BID
MISC
CONFIRM
CONFIRM
openstack — cinder The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image. 2016-10-07 not yet calculated CVE-2015-5162
MLIST
CONFIRM
red_hat — cloudforms_management Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections. 2016-10-07 not yet calculated CVE-2016-7040
REDHAT
red_hat — linux_kernel The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd. 2016-10-07 not yet calculated CVE-2016-3699
MLIST
BID
CONFIRM
MISC
tp_link — tplinklogin_and_tplinkextender TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Please note that these domains are 2016-10-06 not yet calculated CVE-2016-1000009
BUGTRAQ
MISC
MISC
wordpress — google-adsense-and-hotel-booking Open proxy in WordPress plugin google-adsense-and-hotel-booking v1.05 2016-10-06 not yet calculated CVE-2015-1000009
MISC
MISC
wordpress — mp3-jplayer Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2 2016-10-06 not yet calculated CVE-2015-1000008
MISC
MISC
wordpress — open_proxy Open Proxy in filedownload v1.4 wordpress plugin 2016-10-06 not yet calculated CVE-2015-1000003
MISC
MISC
wordpress — open_proxy Open Proxy in filedownload v1.4 wordpress plugin 2016-10-06 not yet calculated CVE-2015-1000002
MISC
MISC
wordpress — open_proxy Open Proxy in filedownload v1.4 wordpress plugin 2016-10-06 not yet calculated CVE-2015-1000004
MISC
MISC
xen — cro_ts Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it. 2016-10-07 not yet calculated CVE-2016-7777
BID
SECTRACK
CONFIRM

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

VMware Releases Security Updates

Leave a comment

Original release date: October 07, 2016

VMware has released security updates to address a vulnerability in Horizon View. Exploitation of this vulnerability could allow a remote attacker to obtain sensitive information.

Users and administrators are encouraged to review VMware Security Advisory VMSA-2016-0015 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Cisco Releases Security Updates

Leave a comment

Original release date: October 05, 2016

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
 
US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

  • Cisco NX-OS Software-Based Products Authentication, Authorization, and Accounting Bypass Vulnerability [cisco-sa-20161005-nxaaa]
  • Cisco Nexus 7000 and 7700 Series Switches Overlay Transport Virtualization Buffer Overflow Vulnerability [cisco-sa-20161005-otv]
  • Cisco NX-OS Border Gateway Protocol Denial of Service Vulnerability [cisco-sa-20161005-bgp]
  • Cisco NX-OS Software Crafted DHCPv4 Packet Denial of Service Vulnerability [cisco-sa-20161005-dhcp1]
  • Cisco NX-OS Software Malformed DHCPv4 Packet Denial of Service Vulnerability [cisco-sa-20161005-dhcp2]

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

National Cyber Security Awareness Month

Leave a comment

Original release date: October 05, 2016

October is National Cyber Security Awareness Month, which is an annual campaign to raise awareness about cybersecurity. In partnership with DHS, the National Cyber Security Alliance (NCSA) has released the first in a series of tips focused on helping people protect their online activities and increasing cybersecurity awareness. This tip describes how users can protect their online accounts using strong authentication techniques, including the use of biometrics or a security key.

Users and administrators are encouraged to review the Stop.Think.Connect. tip Lock Down Your Login and the US-CERT Security Tip Choosing and Protecting Passwords for additional information.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

SB16-277: Vulnerability Summary for the Week of September 26, 2016

Leave a comment

Original release date: October 03, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
adobe — digital_editions Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4263. 2016-09-26 10.0 CVE-2016-6980
BID
CONFIRM
apple — apple_tv libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. 2016-09-25 10.0 CVE-2016-4658
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — mac_os_x The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application’s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an “httpoxy” issue, a related issue to CVE-2016-5387. 2016-09-25 7.5 CVE-2016-4694
APPLE
APPLE
CONFIRM
CONFIRM
apple — mac_os_x AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. 2016-09-25 9.3 CVE-2016-4696
APPLE
CONFIRM
apple — mac_os_x Apple HSSPI Support in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2016-09-25 9.3 CVE-2016-4697
APPLE
CONFIRM
apple — iphone_os AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app. 2016-09-25 9.3 CVE-2016-4698
APPLE
APPLE
CONFIRM
CONFIRM
apple — mac_os_x AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4700. 2016-09-25 9.3 CVE-2016-4699
APPLE
CONFIRM
apple — mac_os_x AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4699. 2016-09-25 9.3 CVE-2016-4700
APPLE
CONFIRM
apple — apple_tv Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. 2016-09-25 10.0 CVE-2016-4702
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — mac_os_x Bluetooth in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2016-09-25 9.3 CVE-2016-4703
APPLE
CONFIRM
apple — mac_os_x WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage “type confusion,” a different vulnerability than CVE-2016-4710. 2016-09-25 7.2 CVE-2016-4709
APPLE
CONFIRM
apple — mac_os_x WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage “type confusion,” a different vulnerability than CVE-2016-4709. 2016-09-25 7.2 CVE-2016-4710
APPLE
CONFIRM
apple — apple_tv CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app. 2016-09-25 9.3 CVE-2016-4712
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — mac_os_x diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors. 2016-09-25 7.2 CVE-2016-4716
APPLE
CONFIRM
apple — mac_os_x Intel Graphics Driver in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2016-09-25 9.3 CVE-2016-4723
APPLE
CONFIRM
apple — iphone_os IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. 2016-09-25 9.3 CVE-2016-4724
APPLE
APPLE
CONFIRM
CONFIRM
apple — apple_tv IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2016-09-25 9.3 CVE-2016-4726
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — mac_os_x IOThunderboltFamily in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2016-09-25 9.3 CVE-2016-4727
APPLE
CONFIRM
apple — safari WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4731. 2016-09-25 9.3 CVE-2016-4729
APPLE
APPLE
CONFIRM
CONFIRM
apple — safari WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735. 2016-09-25 9.3 CVE-2016-4730
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
apple — safari WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4729. 2016-09-25 9.3 CVE-2016-4731
APPLE
APPLE
CONFIRM
CONFIRM
apple — safari WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4734, and CVE-2016-4735. 2016-09-25 9.3 CVE-2016-4733
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
apple — safari WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4735. 2016-09-25 9.3 CVE-2016-4734
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
apple — safari WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4734. 2016-09-25 9.3 CVE-2016-4735
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
apple — mac_os_x libarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted file. 2016-09-25 9.3 CVE-2016-4736
APPLE
CONFIRM
apple — safari WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. 2016-09-25 9.3 CVE-2016-4737
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. 2016-09-25 9.3 CVE-2016-4738
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — iphone_os S2 Camera in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2016-09-25 9.3 CVE-2016-4750
APPLE
APPLE
CONFIRM
CONFIRM
apple — apple_tv Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk images, which allows attackers to execute arbitrary code in a privileged context via a crafted app. 2016-09-25 9.3 CVE-2016-4753
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv The kernel in Apple OS X before 10.12, tvOS before 10, and watchOS before 3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. 2016-09-25 7.2 CVE-2016-4775
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app. 2016-09-25 9.3 CVE-2016-4777
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2016-09-25 9.3 CVE-2016-4778
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
aternity — aternity The web server in Aternity 9 and earlier does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans. 2016-09-29 9.3 CVE-2016-5062
CERT-VN
citrix — linux_virtual_delivery_agent Citrix Linux Virtual Delivery Agent (aka VDA, formerly Linux Virtual Desktop) before 1.4.0 allows local users to gain root privileges via unspecified vectors. 2016-09-26 7.2 CVE-2016-6276
CONFIRM
BID
dexis — imaging_suite DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXIS_DATA SQL Server session. 2016-09-24 10.0 CVE-2016-6532
CERT-VN
hp — network_automation HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. 2016-09-29 7.5 CVE-2016-4385
CONFIRM
huawei — anyoffice_secureapp Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a denial of service (application crash) via a crafted compressed email attachment. 2016-09-26 7.1 CVE-2016-6826
CONFIRM
huawei — honor6_firmware The video driver in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B362, CRR-UL20 before CRR-UL20C00B362, CRR-CL00 before CRR-CL00C92B362, and CRR-CL20 before CRR-CL20C92B362; P8 smartphones with software GRA-TL00 before GRA-TL00C01B366, GRA-UL00 before GRA-UL00C00B366, GRA-UL10 before GRA-UL10C00B366, and GRA-CL00 before GRA-CL00C92B366; and Honor 6 and Honor 6 Plus smartphones with software before 6.9.16 allows attackers to cause a denial of service (device reboot) via a crafted application. 2016-09-26 7.1 CVE-2016-8279
CONFIRM
iperf_project — iperf The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow. 2016-09-26 7.5 CVE-2016-4303
MISC
SUSE
SUSE
CONFIRM
MISC
CONFIRM
CONFIRM
isc — bind buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. 2016-09-28 7.8 CVE-2016-2776
CONFIRM
libgd — libgd Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls. 2016-09-28 7.5 CVE-2016-7568
CONFIRM
CONFIRM
CONFIRM
CONFIRM
moxa — active_opc_server Unquoted Windows search path vulnerability in Moxa Active OPC Server before 2.4.19 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory. 2016-09-24 7.2 CVE-2016-5793
MISC
opendental — opendental ** DISPUTED ** Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the “vulnerability note … is factually false … there is indeed a default blank password, but it can be changed … We recommend that users change it, each customer receives direction.” 2016-09-24 7.5 CVE-2016-6531
CERT-VN
MISC
openssl — openssl Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. 2016-09-26 7.8 CVE-2016-6304
CONFIRM
CONFIRM
openssl — openssl statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages. 2016-09-26 7.1 CVE-2016-6308
CONFIRM
CONFIRM
openssl — openssl statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session. 2016-09-26 10.0 CVE-2016-6309
CONFIRM
CONFIRM
openstack — mitaka-murano OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files, which allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages. 2016-09-26 7.5 CVE-2016-4972
MLIST
CONFIRM
CONFIRM
powerdns — authoritative_server PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response. 2016-09-26 7.1 CVE-2016-6172
SUSE
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
MLIST
redhat — jboss_operations_network The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3737. 2016-09-27 9.0 CVE-2016-6330
BID
CONFIRM
sap — trex An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591. 2016-09-27 10.0 CVE-2016-6137
MISC
MISC
FULLDISC
FULLDISC

Back to top

Medium Vulnerabilities

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
apache — activemq_artemis The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath. 2016-09-27 6.0 CVE-2016-4978
MLIST
BID
MISC
apple — safari WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4730, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735. 2016-09-25 6.8 CVE-2016-4611
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
apple — safari Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka “Universal XSS (UXSS).” 2016-09-25 4.3 CVE-2016-4618
APPLE
APPLE
CONFIRM
CONFIRM
apple — mac_os_x cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors. 2016-09-25 4.9 CVE-2016-4706
APPLE
CONFIRM
apple — apple_tv CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response. 2016-09-25 4.3 CVE-2016-4708
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — iphone_os CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output. 2016-09-25 5.0 CVE-2016-4711
APPLE
APPLE
CONFIRM
CONFIRM
apple — mac_os_x CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users’ screens by leveraging screen-sharing access. 2016-09-25 4.3 CVE-2016-4713
APPLE
CONFIRM
apple — mac_os_x The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user’s location via a crafted app. 2016-09-25 4.3 CVE-2016-4715
APPLE
CONFIRM
apple — mac_os_x The File Bookmark component in Apple OS X before 10.12 mishandles scoped-bookmark file descriptors, which allows attackers to cause a denial of service via a crafted app. 2016-09-25 5.0 CVE-2016-4717
APPLE
CONFIRM
apple — apple_tv Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file. 2016-09-25 4.3 CVE-2016-4718
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — iphone_os The IDS – Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and obtain sensitive information via unspecified vectors. 2016-09-25 4.3 CVE-2016-4722
APPLE
APPLE
CONFIRM
CONFIRM
apple — apple_tv IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted web site. 2016-09-25 5.8 CVE-2016-4725
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — itunes WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site. 2016-09-25 6.8 CVE-2016-4728
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — mac_os_x mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface. 2016-09-25 4.3 CVE-2016-4739
APPLE
CONFIRM
apple — mac_os_x NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app. 2016-09-25 4.3 CVE-2016-4742
APPLE
CONFIRM
apple — mac_os_x The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack. 2016-09-25 5.0 CVE-2016-4745
APPLE
CONFIRM
apple — mac_os_x Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable. 2016-09-25 4.6 CVE-2016-4748
APPLE
CONFIRM
apple — safari The Safari Tabs component in Apple Safari before 10 allows remote attackers to spoof the address bar of a tab via a crafted web site. 2016-09-25 4.3 CVE-2016-4751
APPLE
CONFIRM
apple — mac_os_x The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering key derivation. 2016-09-25 4.3 CVE-2016-4752
APPLE
CONFIRM
apple — os_x_server ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. 2016-09-25 5.0 CVE-2016-4754
APPLE
CONFIRM
apple — itunes WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site. 2016-09-25 4.3 CVE-2016-4758
APPLE
APPLE
APPLE
MISC
CONFIRM
CONFIRM
CONFIRM
apple — itunes WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4765, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768. 2016-09-25 6.8 CVE-2016-4759
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — itunes WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support. 2016-09-25 4.3 CVE-2016-4760
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
apple — icloud WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, iCloud before 6.0 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. 2016-09-25 6.8 CVE-2016-4762
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — itunes WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2016-09-25 4.9 CVE-2016-4763
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
apple — itunes WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768. 2016-09-25 6.8 CVE-2016-4765
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — itunes WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767, and CVE-2016-4768. 2016-09-25 6.8 CVE-2016-4766
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — itunes WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4768. 2016-09-25 6.8 CVE-2016-4767
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — itunes WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4767. 2016-09-25 6.8 CVE-2016-4768
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — itunes WebKit in Apple iTunes before 12.5.1 on Windows and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2016-09-25 6.8 CVE-2016-4769
APPLE
APPLE
CONFIRM
CONFIRM
apple — iphone_os The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname. 2016-09-25 4.3 CVE-2016-4771
APPLE
APPLE
CONFIRM
CONFIRM
apple — apple_tv The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors. 2016-09-25 5.0 CVE-2016-4772
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4774 and CVE-2016-4776. 2016-09-25 5.8 CVE-2016-4773
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4776. 2016-09-25 5.8 CVE-2016-4774
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4774. 2016-09-25 4.3 CVE-2016-4776
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — mac_os_x Apple Type Services (ATS) in Apple OS X before 10.12 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. 2016-09-25 6.8 CVE-2016-4779
APPLE
CONFIRM
aternity — aternity Multiple cross-site scripting (XSS) vulnerabilities in the web server in Aternity 9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) HTTPAgent, (2) MacAgent, (3) getExternalURL, or (4) retrieveTrustedUrl page. 2016-09-29 4.3 CVE-2016-5061
CERT-VN
cisco — prime_home Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCvb17814. 2016-09-23 4.3 CVE-2016-6408
CISCO
cisco — ios The Data in Motion (DMo) component in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service (out-of-bounds access) via crafted traffic, aka Bug ID CSCuy54015. 2016-09-23 4.3 CVE-2016-6409
CISCO
cisco — ios The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuy19856. 2016-09-23 6.8 CVE-2016-6410
CISCO
cisco — firesight_system_software Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585. 2016-09-23 5.0 CVE-2016-6411
CISCO
cisco — ios The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows man-in-the-middle attackers to trigger arbitrary downloads via crafted HTTP headers, aka Bug ID CSCuz84773. 2016-09-23 4.3 CVE-2016-6412
CISCO
cisco — application_policy_infrastructure_controller The installation procedure on Cisco Application Policy Infrastructure Controller (APIC) devices 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCva50496. 2016-09-23 6.8 CVE-2016-6413
CISCO
emc — rsa_identity_management_and_governance EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Popup information via a modified URL. 2016-09-24 4.0 CVE-2016-0918
BUGTRAQ
gnu — wget Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open. 2016-09-26 6.8 CVE-2016-7098
MLIST
MLIST
SUSE
MLIST
gnu — gnutls The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc. 2016-09-27 5.0 CVE-2016-7444
CONFIRM
MLIST
CONFIRM
google — chrome_os Format string vulnerability in Google Chrome OS before 53.0.2785.103 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. 2016-09-25 6.8 CVE-2016-5169
CONFIRM
CONFIRM
google — chrome WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls. 2016-09-25 6.8 CVE-2016-5170
CONFIRM
CONFIRM
CONFIRM
google — chrome WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code. 2016-09-25 6.8 CVE-2016-5171
CONFIRM
CONFIRM
CONFIRM
google — chrome The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code. 2016-09-25 4.3 CVE-2016-5172
CONFIRM
CONFIRM
CONFIRM
google — chrome The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack. 2016-09-25 6.8 CVE-2016-5173
CONFIRM
CONFIRM
MISC
MISC
CONFIRM
google — chrome browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site. 2016-09-25 4.3 CVE-2016-5174
CONFIRM
CONFIRM
CONFIRM
google — chrome Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2016-09-25 6.8 CVE-2016-5175
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google — chrome Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors. 2016-09-29 4.3 CVE-2016-5176
CONFIRM
CONFIRM
google — chrome Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message. 2016-09-25 6.8 CVE-2016-7549
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
hp — network_automation HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors. 2016-09-29 6.9 CVE-2016-4386
CONFIRM
huawei — s12700_firmware Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, and S12700 devices allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of malformed packets. 2016-09-26 5.0 CVE-2016-6518
CONFIRM
BID
huawei — fusioncompute Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors. 2016-09-26 4.0 CVE-2016-6827
CONFIRM
BID
huawei — oceanstor_ism Cross-site scripting (XSS) vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName parameter to cgi-bin/doLogin_CgiEntry and possibly other unspecified vectors. 2016-09-26 4.3 CVE-2016-6840
MISC
CONFIRM
BID
huawei — ar_firmware Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of service via format string specifiers in vectors involving partial commands. 2016-09-26 6.8 CVE-2016-6901
CONFIRM
BID
ibm — security_guardium IBM Security Guardium 9.0 before p700 and 10.0 before p100 allows man-in-the-middle attackers to obtain sensitive query-string information from SSL sessions via unspecified vectors. 2016-09-26 4.3 CVE-2016-0248
CONFIRM
ibm — connections IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to obtain sensitive information via an unspecified brute-force attack. 2016-09-26 4.0 CVE-2016-2999
AIXAPAR
CONFIRM
ibm — connections The help service in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to cause a denial of service (service degradation) via a crafted URL. 2016-09-26 4.0 CVE-2016-3000
AIXAPAR
CONFIRM
ibm — connections Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users. 2016-09-26 6.8 CVE-2016-3007
AIXAPAR
CONFIRM
ibm — security_privileged_identity_manager_virtual_appliance IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2016-09-26 4.9 CVE-2016-3040
CONFIRM
ibm — spectrum_control IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to bypass intended access restrictions, and read task details or edit properties, via unspecified vectors. 2016-09-26 5.5 CVE-2016-5943
AIXAPAR
CONFIRM
ibm — spectrum_control IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to upload non-executable files via a crafted HTTP request. 2016-09-26 4.0 CVE-2016-5945
AIXAPAR
CONFIRM
ibm — spectrum_control Directory traversal vulnerability in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL. 2016-09-26 4.0 CVE-2016-5946
AIXAPAR
CONFIRM
ibm — security_privileged_identity_manager_virtual_appliance IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by leveraging a weak algorithm. 2016-09-26 5.0 CVE-2016-5957
CONFIRM
ibm — security_privileged_identity_manager_virtual_appliance IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 does not properly validate updates, which allows remote authenticated users to execute arbitrary code via unspecified vectors. 2016-09-26 6.5 CVE-2016-5963
CONFIRM
ibm — security_privileged_identity_manager_virtual_appliance Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL. 2016-09-26 4.0 CVE-2016-5970
CONFIRM
ibm — security_privileged_identity_manager_virtual_appliance IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2016-09-26 5.5 CVE-2016-5971
CONFIRM
ibm — security_privileged_identity_manager_virtual_appliance IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. 2016-09-26 4.9 CVE-2016-5972
CONFIRM
ibm — tealeaf_customer_experience Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2016-09-26 4.9 CVE-2016-5977
CONFIRM
ibm — tealeaf_customer_experience The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not enforce password-length restrictions, which makes it easier for remote attackers to obtain access via a brute-force attack. 2016-09-26 5.0 CVE-2016-5996
CONFIRM
ibm — tealeaf_customer_experience The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not apply password-quality rules to password changes, which makes it easier for remote attackers to obtain access via a brute-force attack. 2016-09-26 4.0 CVE-2016-5997
CONFIRM
ibm — aix Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL. 2016-09-26 4.0 CVE-2016-6038
CONFIRM
inspire_ircd — inspircd The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message. 2016-09-26 4.3 CVE-2016-7142
DEBIAN
CONFIRM
MLIST
MLIST
CONFIRM
iodata — hvl-a2.0_firmware Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of arbitrary users for requests that delete content. 2016-09-24 6.8 CVE-2016-4845
JVN
JVNDB
CONFIRM
miscellaneous
irssi — irssi The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code. 2016-09-27 5.0 CVE-2016-7044
DEBIAN
UBUNTU
CONFIRM
irssi — irssi The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string. 2016-09-27 5.0 CVE-2016-7045
DEBIAN
UBUNTU
CONFIRM
microsoft — azure_active_directory_passport The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD) library 1.x before 1.4.6 and 2.x before 2.0.1 for Node.js does not recognize the validateIssuer setting, which allows remote attackers to bypass authentication via a crafted token. 2016-09-28 4.3 CVE-2016-7191
BID
CONFIRM
MSKB
openssl — openssl The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call. 2016-09-26 5.0 CVE-2016-6305
CONFIRM
CONFIRM
CONFIRM
openssl — openssl The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. 2016-09-26 4.3 CVE-2016-6306
CONFIRM
CONFIRM
openssl — openssl The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c. 2016-09-26 4.3 CVE-2016-6307
CONFIRM
CONFIRM
openssl — openssl crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. 2016-09-26 5.0 CVE-2016-7052
BID
CONFIRM
CONFIRM
openstack — compute_(nova) OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. NOTE: this vulnerability exists because of a CVE-2015-3280 regression. 2016-09-27 6.8 CVE-2016-7498
MLIST
MLIST
BID
CONFIRM
oracle — linux Unspecified vulnerability in the kernel-uek component in Oracle Linux 6 allows local users to affect availability via unknown vectors. 2016-09-30 4.6 CVE-2016-0617
CONFIRM
paolo_bacchilega — file_roller The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive. 2016-09-26 5.0 CVE-2016-7162
CONFIRM
CONFIRM
MLIST
BID
UBUNTU
CONFIRM
CONFIRM
pivotal_software — cloud_foundry The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain. 2016-09-29 5.0 CVE-2016-6636
CONFIRM
pivotal_software — cloud_foundry Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page. 2016-09-29 6.8 CVE-2016-6637
CONFIRM
pivotal_software — cloud_foundry The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allows remote authenticated users to gain privileges by leveraging possession of a token. 2016-09-29 6.5 CVE-2016-6651
CONFIRM
redhat — jboss_enterprise_web_server mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element. 2016-09-26 5.0 CVE-2016-3110
REDHAT
REDHAT
REDHAT
BID
CONFIRM
redhat — jboss_enterprise_application_platform CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. 2016-09-26 4.3 CVE-2016-4993
REDHAT
REDHAT
REDHAT
REDHAT
SECTRACK
CONFIRM
redhat — jboss_enterprise_application_platform The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves. 2016-09-26 6.5 CVE-2016-5406
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
sap — hana_db SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128. 2016-09-26 5.0 CVE-2016-3639
MISC
MISC
FULLDISC
BID
sap — hana SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459. 2016-09-26 5.0 CVE-2016-6142
MISC
MISC
FULLDISC
BID
sap — trex The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to obtain sensitive TNS information via an unspecified query, aka SAP Security Note 2234226. 2016-09-27 5.0 CVE-2016-6146
MISC
MISC
MISC
FULLDISC
MISC
siemens — scalance_m-800_firmware The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. 2016-09-29 4.3 CVE-2016-7090
CONFIRM
MISC
sqlite — sqlite os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files. 2016-09-26 4.6 CVE-2016-6153
SUSE
MLIST
MLIST
BID
CONFIRM
FEDORA
MISC
CONFIRM

Back to top

Low Vulnerabilities

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
alienvault — open_source_security_information_and_event_management Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before 5.3 and USM before 5.3 allows remote attackers to inject arbitrary web script or HTML via the back parameter to ossim/conf/reload.php. 2016-09-26 3.5 CVE-2016-6913
FULLDISC
BID
CONFIRM
apache — ranger Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies. 2016-09-26 3.5 CVE-2016-5395
BID
CONFIRM
apple — mac_os_x Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable. 2016-09-25 2.1 CVE-2016-4701
APPLE
CONFIRM
apple — iphone_os CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors. 2016-09-25 2.1 CVE-2016-4707
APPLE
APPLE
CONFIRM
CONFIRM
apple — mac_os_x Terminal in Apple OS X before 10.12 uses weak permissions for the .bash_history and .bash_session files, which allows local users to obtain sensitive information via unspecified vectors. 2016-09-25 2.1 CVE-2016-4755
APPLE
CONFIRM
emc — vipr_srm Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2016-09-29 3.5 CVE-2016-6647
BUGTRAQ
huawei — policy_center Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to “special characters on pages.” 2016-09-27 3.5 CVE-2016-4058
CONFIRM
ibm — websphere_mq IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a denial of service (channel outage) by leveraging queue-manager rights. 2016-09-26 3.5 CVE-2016-0379
CONFIRM
ibm — connections Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3003 and CVE-2016-3006. 2016-09-26 3.5 CVE-2016-3001
AIXAPAR
CONFIRM
ibm — connections Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3001 and CVE-2016-3006. 2016-09-26 3.5 CVE-2016-3003
AIXAPAR
CONFIRM
ibm — connections Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3001 and CVE-2016-3003. 2016-09-26 3.5 CVE-2016-3006
AIXAPAR
CONFIRM
ibm — spectrum_control Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string. 2016-09-26 3.5 CVE-2016-5944
AIXAPAR
CONFIRM
ibm — spectrum_control IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. 2016-09-26 3.5 CVE-2016-5947
AIXAPAR
CONFIRM
ibm — security_privileged_identity_manager_virtual_appliance Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string. 2016-09-26 3.5 CVE-2016-5974
CONFIRM
ibm — tealeaf_customer_experience Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-5978. 2016-09-26 3.5 CVE-2016-5975
CONFIRM
ibm — tealeaf_customer_experience The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to discover component passwords via unspecified vectors. 2016-09-26 2.6 CVE-2016-5976
CONFIRM
ibm — tealeaf_customer_experience Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-5975. 2016-09-26 3.5 CVE-2016-5978
CONFIRM
opensuse — libstorage libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf. 2016-09-26 1.2 CVE-2016-5746
SUSE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM

Back to top

Severity Not Yet Assigned

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
ibm — db2 Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program. 2016-09-30 not yet calculated CVE-2016-5995
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
CONFIRM
ibm — websphere_application_server Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving OpenID Connect clients. 2016-09-30 not yet calculated CVE-2016-3042
AIXAPAR
CONFIRM
ibm — websphere_appliction_server IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors. 2016-09-30 not yet calculated CVE-2016-5986
AIXAPAR
CONFIRM

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.