Original release date: May 09, 2016
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| canonical — ubuntu_core | The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory. | 2016-05-02 | 7.2 | CVE-2016-1575 CONFIRM MLIST MISC CONFIRM MISC |
| canonical — ubuntu_core | The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program. | 2016-05-02 | 7.2 | CVE-2016-1576 MISC MISC CONFIRM MLIST MISC CONFIRM MISC |
| cisco — telepresence_tc_software | The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935. | 2016-05-05 | 9.0 | CVE-2016-1387 CISCO |
| imagemagick — imagemagick | The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka “ImageTragick.” | 2016-05-05 | 10.0 | CVE-2016-3714 CERT-VN CONFIRM CONFIRM CONFIRM MISC CONFIRM CONFIRM SECTRACK MLIST MLIST |
| imagemagick — imagemagick | The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. | 2016-05-05 | 7.1 | CVE-2016-3717 CONFIRM CONFIRM CONFIRM MLIST |
| linux — linux_kernel | The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in the Linux kernel before 2.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending packets to an interface that has a 0.0.0.0 IP address, a related issue to CVE-2015-8787. | 2016-05-02 | 7.8 | CVE-2003-1604 CONFIRM MLIST MLIST |
| linux — linux_kernel | The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages. | 2016-05-02 | 7.2 | CVE-2012-6689 CONFIRM CONFIRM MLIST CONFIRM MLIST MLIST CONFIRM |
| linux — linux_kernel | Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. | 2016-05-02 | 7.2 | CVE-2012-6701 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux — linux_kernel | net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copy_from_iter function in the iov_iter interface, as demonstrated by the Bluetooth subsystem. | 2016-05-02 | 7.2 | CVE-2015-2686 CONFIRM CONFIRM MLIST CONFIRM MISC CONFIRM |
| linux — linux_kernel | The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call. | 2016-05-02 | 7.2 | CVE-2015-8019 CONFIRM MLIST MISC |
| linux — linux_kernel | Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression. | 2016-05-02 | 7.2 | CVE-2015-8830 CONFIRM CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux — linux_kernel | The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c. | 2016-05-02 | 7.1 | CVE-2016-2053 CONFIRM CONFIRM MLIST CONFIRM |
| linux — linux_kernel | The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux kernel before 4.3.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via crafted TCP traffic. | 2016-05-02 | 7.8 | CVE-2016-2070 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| mozilla — firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2016-04-30 | 10.0 | CVE-2016-2804 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| mozilla — firefox_esr | Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2016-04-30 | 10.0 | CVE-2016-2805 CONFIRM CONFIRM |
| mozilla — firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2016-04-30 | 10.0 | CVE-2016-2806 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| mozilla — firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2016-04-30 | 10.0 | CVE-2016-2807 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| openssh — openbsd | The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable. | 2016-04-30 | 7.2 | CVE-2015-8325 CONFIRM CONFIRM CONFIRM CONFIRM |
| openssl — openssl | The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the “negative zero” issue. | 2016-05-04 | 10.0 | CVE-2016-2108 CONFIRM CONFIRM CONFIRM |
| openssl — openssl | The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. | 2016-05-04 | 7.8 | CVE-2016-2109 CONFIRM CONFIRM |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache — subversion | The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. | 2016-05-05 | 4.9 | CVE-2016-2167 SECTRACK DEBIAN CONFIRM MLIST MLIST |
| cisco — information_server | The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059. | 2016-04-30 | 6.4 | CVE-2016-1343 CISCO |
| cisco — prime_collaboration_assurance | Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuu34121. | 2016-05-05 | 5.8 | CVE-2016-1392 CISCO |
| emc — rsa_data_loss_prevention | Cross-site scripting (XSS) vulnerability in EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2016-05-03 | 4.3 | CVE-2016-0892 BUGTRAQ |
| emc — rsa_data_loss_prevention | EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages. | 2016-05-03 | 4.0 | CVE-2016-0893 BUGTRAQ |
| emc — rsa_data_loss_prevention | EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to bypass intended object access restrictions via a modified parameter. | 2016-05-03 | 6.5 | CVE-2016-0894 BUGTRAQ |
| emc — rsa_data_loss_prevention | EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity. | 2016-05-03 | 4.3 | CVE-2016-0895 BUGTRAQ |
| imagemagick — imagemagick | The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. | 2016-05-05 | 5.8 | CVE-2016-3715 CONFIRM CONFIRM CONFIRM MLIST |
| linux — linux_kernel | The tty_open function in drivers/tty/tty_io.c in the Linux kernel before 3.1.1 mishandles a driver-lookup failure, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted access to a device file under the /dev/pts directory. | 2016-05-02 | 4.9 | CVE-2011-5321 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux — linux_kernel | The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability. | 2016-05-02 | 4.9 | CVE-2015-1573 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux — linux_kernel | The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection against instruction faulting, which allows local users to cause a denial of service (panic) by triggering a fault, as demonstrated by an unaligned memory operand or a non-canonical address memory operand. | 2016-05-02 | 4.9 | CVE-2015-2672 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux — linux_kernel | The collect_mounts function in fs/namespace.c in the Linux kernel before 4.0.5 does not properly consider that it may execute after a path has been unmounted, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call. | 2016-05-02 | 4.9 | CVE-2015-4177 CONFIRM CONFIRM MLIST CONFIRM MLIST MLIST CONFIRM |
| linux — linux_kernel | The fs_pin implementation in the Linux kernel before 4.0.5 does not ensure the internal consistency of a certain list data structure, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call, related to fs/fs_pin.c and include/linux/fs_pin.h. | 2016-05-02 | 4.9 | CVE-2015-4178 CONFIRM MLIST CONFIRM MLIST CONFIRM MLIST CONFIRM |
| linux — linux_kernel | The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of service (NULL pointer dereference and panic) via a crafted USB device, related to the ext4_fill_super function. | 2016-05-02 | 4.9 | CVE-2015-8324 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux — linux_kernel | fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) via crafted network traffic. | 2016-05-02 | 5.0 | CVE-2015-8746 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux — linux_kernel | The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data. | 2016-05-02 | 5.0 | CVE-2016-2117 CONFIRM CONFIRM MLIST CONFIRM |
| linux — linux_kernel | The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. | 2016-05-02 | 4.9 | CVE-2016-2185 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM BUGTRAQ BUGTRAQ CONFIRM |
| linux — linux_kernel | The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. | 2016-05-02 | 4.9 | CVE-2016-2186 CONFIRM CONFIRM CONFIRM BUGTRAQ BUGTRAQ CONFIRM |
| linux — linux_kernel | The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. | 2016-05-02 | 4.9 | CVE-2016-2187 CONFIRM CONFIRM CONFIRM |
| linux — linux_kernel | The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. | 2016-05-02 | 4.9 | CVE-2016-2188 CONFIRM CONFIRM CONFIRM BUGTRAQ BUGTRAQ CONFIRM |
| linux — linux_kernel | The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program. | 2016-05-02 | 4.4 | CVE-2016-2853 MLIST MLIST MISC |
| linux — linux_kernel | The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory. | 2016-05-02 | 4.6 | CVE-2016-2854 MLIST MLIST MISC |
| linux — linux_kernel | The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors. | 2016-05-02 | 4.9 | CVE-2016-3136 CONFIRM CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux — linux_kernel | drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions. | 2016-05-02 | 4.9 | CVE-2016-3137 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux — linux_kernel | The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor. | 2016-05-02 | 4.9 | CVE-2016-3138 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux — linux_kernel | The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. | 2016-05-02 | 4.9 | CVE-2016-3140 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux — linux_kernel | The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface. | 2016-05-02 | 4.9 | CVE-2016-3689 CONFIRM CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux — linux_kernel | Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor. | 2016-05-02 | 4.9 | CVE-2016-3951 MLIST CONFIRM CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| lockon — ec_cube | The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200. | 2016-04-30 | 5.0 | CVE-2016-1199 CONFIRM CONFIRM JVNDB JVN |
| lockon — ec_cube | The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199. | 2016-04-30 | 6.5 | CVE-2016-1200 CONFIRM CONFIRM JVNDB JVN |
| lockon — ec_cube | Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators. | 2016-04-30 | 6.8 | CVE-2016-1201 CONFIRM CONFIRM JVNDB JVN |
| mozilla — firefox | The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site. | 2016-04-30 | 5.1 | CVE-2016-2808 CONFIRM CONFIRM |
| mozilla — firefox | The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution. | 2016-04-30 | 5.8 | CVE-2016-2809 CONFIRM CONFIRM |
| mozilla — firefox | Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password. | 2016-04-30 | 4.3 | CVE-2016-2810 CONFIRM CONFIRM |
| mozilla — firefox | Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the BeginReading method. | 2016-04-30 | 6.8 | CVE-2016-2811 CONFIRM CONFIRM |
| mozilla — firefox | Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site. | 2016-04-30 | 5.1 | CVE-2016-2812 CONFIRM CONFIRM |
| mozilla — firefox | Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device’s physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780. | 2016-04-30 | 4.3 | CVE-2016-2813 CONFIRM CONFIRM MISC |
| mozilla — firefox | Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table. | 2016-04-30 | 6.8 | CVE-2016-2814 CONFIRM CONFIRM |
| mozilla — firefox | Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type. | 2016-04-30 | 4.3 | CVE-2016-2816 CONFIRM CONFIRM |
| mozilla — firefox | The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted extension that accesses a (1) javascript: or (2) data: URL. | 2016-04-30 | 4.3 | CVE-2016-2817 CONFIRM CONFIRM |
| mozilla — firefox | The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element. | 2016-04-30 | 4.3 | CVE-2016-2820 CONFIRM CONFIRM |
| openssl — openssl | crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms. | 2016-05-04 | 5.0 | CVE-2000-1254 CONFIRM MLIST MLIST |
| openssl — openssl | Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. | 2016-05-04 | 5.0 | CVE-2016-2105 CONFIRM CONFIRM |
| openssl — openssl | Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. | 2016-05-04 | 5.0 | CVE-2016-2106 CONFIRM CONFIRM |
| openssl — openssl | The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data. | 2016-05-04 | 6.4 | CVE-2016-2176 CONFIRM CONFIRM |
| wireshark — wireshark | wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted file. | 2016-04-30 | 4.3 | CVE-2016-4415 CONFIRM MISC CONFIRM |
| wireshark — wireshark | epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. | 2016-04-30 | 4.3 | CVE-2016-4416 CONFIRM CONFIRM |
| wireshark — wireshark | Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a 0xff tag value. | 2016-04-30 | 4.3 | CVE-2016-4417 CONFIRM CONFIRM |
| wireshark — wireshark | epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set. | 2016-04-30 | 4.3 | CVE-2016-4418 CONFIRM CONFIRM |
| wireshark — wireshark | epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted packet. | 2016-04-30 | 4.3 | CVE-2016-4419 CONFIRM CONFIRM |
| wireshark — wireshark | The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 2016-04-30 | 4.3 | CVE-2016-4420 CONFIRM |
| wireshark — wireshark | epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data. | 2016-04-30 | 4.3 | CVE-2016-4421 CONFIRM CONFIRM |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| linux — linux_kernel | mm/filemap.c in the Linux kernel before 2.6.25 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers an iovec of zero length, followed by a page fault for an iovec of nonzero length. | 2016-05-02 | 2.1 | CVE-2008-7316 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux — linux_kernel | fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace. | 2016-05-02 | 3.6 | CVE-2014-9717 MLIST CONFIRM CONFIRM MLIST MLIST CONFIRM CONFIRM |
| linux — linux_kernel | The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program. | 2016-05-02 | 2.1 | CVE-2015-1350 CONFIRM MISC MLIST MLIST |
| linux — linux_kernel | fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of a file or directory. | 2016-05-02 | 2.1 | CVE-2015-4176 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux — linux_kernel | Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user’s file after unsynchronized hole punching and page-fault handling. | 2016-05-02 | 1.9 | CVE-2015-8839 CONFIRM CONFIRM MLIST CONFIRM |
| openssl — openssl | The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session, NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. | 2016-05-04 | 2.6 | CVE-2016-2107 CONFIRM CONFIRM |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| accellion — file_transfer_appliance | Multiple cross-site scripting (XSS) vulnerabilities on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) getimageajax.php, (2) move_partition_frame.html, or (3) wmInfo.html. | 2016-05-07 | not yet calculated | CVE-2016-2350 CERT-VN MISC |
| accellion — file_transfer_appliance | SQL injection vulnerability in home/seos/courier/security_key2.api on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote attackers to execute arbitrary SQL commands via the client_id parameter. | 2016-05-07 | not yet calculated | CVE-2016-2351 CERT-VN MISC |
| accellion — file_transfer_appliance | The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows local users to add an SSH key to an arbitrary group, and consequently gain privileges, via unspecified vectors. | 2016-05-07 | not yet calculated | CVE-2016-2353 CERT-VN MISC |
| accellion — file_transfer_appliance | The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote authenticated users to execute arbitrary commands by leveraging the YUM_CLIENT restricted-user role. | 2016-05-07 | not yet calculated | CVE-2016-2352 CERT-VN MISC |
| adobe — reader_and_acrobat | Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via a crafted Graphics State dictionary. | 2016-04-30 | not yet calculated | CVE-2016-1111 CONFIRM MISC |
| apache — subversion | The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check. | 2016-05-05 | not yet calculated | CVE-2016-2168 SECTRACK DEBIAN CONFIRM MLIST MLIST |
| cisco — asa_with_firepower | The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module for Cisco ASA with FirePOWER Services 5.3.1 through 6.0.0 misconfigures kernel logging, which allows remote attackers to cause a denial of service (resource consumption, and inspection outage or module outage) via a flood of crafted IP traffic, aka Bug ID CSCux19922. | 2016-05-05 | not yet calculated | CVE-2016-1369 CISCO |
| cisco — finesse | The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623. | 2016-05-05 | not yet calculated | CVE-2016-1373 CISCO |
| cisco — firepower_system | Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these appliances, allows remote attackers to cause a denial of service (packet-processing outage) via crafted packets, aka Bug ID CSCuu86214. | 2016-05-05 | not yet calculated | CVE-2016-1368 CISCO |
| cool_projects — tardiff | Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory. | 2016-05-06 | not yet calculated | CVE-2015-0858 CONFIRM DEBIAN |
| cool_projects — tardiff | Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file. | 2016-05-06 | not yet calculated | CVE-2015-0857 CONFIRM CONFIRM DEBIAN |
| emc — rsa_authentication_manager | CRLF injection vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 2016-05-07 | not yet calculated | CVE-2016-0902 BUGTRAQ |
| emc — rsa_authentication_manager | Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0901. | 2016-05-07 | not yet calculated | CVE-2016-0900 BUGTRAQ |
| emc –rsa_authentication_manager | Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0900. | 2016-05-07 | not yet calculated | CVE-2016-0901 BUGTRAQ |
| gnu — libtasn1 | The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. | 2016-05-05 | not yet calculated | CVE-2016-4008 MLIST UBUNTU UBUNTU MLIST FEDORA FEDORA FEDORA CONFIRM CONFIRM |
| hpe — network_node_manager | Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2010. | 2016-05-07 | not yet calculated | CVE-2016-2011 HP |
| hpe — network_node_manager | Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2011. | 2016-05-07 | not yet calculated | CVE-2016-2010 HP |
| hpe — network_node_manager | HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to bypass authentication via unspecified vectors. | 2016-05-07 | not yet calculated | CVE-2016-2012 HP |
| hpe — network_node_manager | HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | 2016-05-07 | not yet calculated | CVE-2016-2009 HP |
| hpe — network_node_manager | HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. | 2016-05-07 | not yet calculated | CVE-2016-2014 HP |
| hpe — network_node_manager | HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified vectors. | 2016-05-07 | not yet calculated | CVE-2016-2013 HP |
| imagemagick — imagemagick | The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. | 2016-05-05 | not yet calculated | CVE-2016-3718 CONFIRM CONFIRM MLIST CONFIRM |
| imagemagick — imagemagick | The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. | 2016-05-05 | not yet calculated | CVE-2016-3716 CONFIRM CONFIRM MLIST CONFIRM |
| jq — jv | The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. | 2016-05-06 | not yet calculated | CVE-2016-4074 MISC MLIST MLIST |
| jq — jv_parse.c | Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow. | 2016-05-06 | not yet calculated | CVE-2015-8863 CONFIRM CONFIRM CONFIRM MLIST MLIST SUSE SUSE |
| libarchive — libarchive | Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive. | 2016-05-07 | not yet calculated | CVE-2016-1541 CERT-VN CONFIRM CONFIRM |
| libpam_sshauth — pam_sshauth | The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account. | 2016-05-06 | not yet calculated | CVE-2016-4422 CONFIRM DEBIAN |
| linux — linux_kernel | Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread. | 2016-05-02 | not yet calculated | CVE-2015-4170 CONFIRM CONFIRM CONFIRM MLIST CONFIRM |
| linux — linux_kernel | The adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, uses an incorrect integer data type, which allows attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and incorrect memory allocation) or possibly have unspecified other impact via a crafted IOCTL_KGSL_PERFCOUNTER_QUERY ioctl call. | 2016-05-05 | not yet calculated | CVE-2016-2062 CONFIRM CONFIRM |
| linux — linux_kernel | The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_router_core.c in the IPC router kernel module for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify that a port is a client port, which allows attackers to gain privileges or cause a denial of service (race condition and list corruption) by making many BIND_CONTROL_PORT ioctl calls. | 2016-05-05 | not yet calculated | CVE-2016-2059 CONFIRM CONFIRM |
| linux — security_response | The HTTPS NIO Connector allows remote attackers to cause a denial of service (thread consumption) by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability. | 2016-05-06 | not yet calculated | CVE-2016-2094 CONFIRM REDHAT REDHAT REDHAT REDHAT REDHAT |
| little_cms_2 — liblcms2 | Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler. | 2016-05-07 | not yet calculated | CVE-2013-7455 CERT-VN MISC CONFIRM |
| mcafee — livesafe | Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted packed executable. | 2016-05-05 | not yet calculated | CVE-2016-4535 EXPLOIT-DB MISC MISC |
| mcafee — virusscan_enterprise | The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry handles. | 2016-05-05 | not yet calculated | CVE-2016-4534 EXPLOIT-DB MISC CONFIRM CONFIRM FULLDISC MISC |
| poppler — exponentialfunction | Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document. | 2016-05-06 | not yet calculated | CVE-2015-8868 CONFIRM CONFIRM CONFIRM UBUNTU MLIST DEBIAN FEDORA FEDORA |
| trend_micro — email_encryption_gateway | SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2016-05-05 | not yet calculated | CVE-2016-4351 CONFIRM MISC |
| veritas — netbackup | bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input. | 2016-05-07 | not yet calculated | CVE-2015-6550 CONFIRM |
| veritas — netbackup | The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors. | 2016-05-07 | not yet calculated | CVE-2015-6552 CONFIRM |
| veritas — netbackup | Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets. | 2016-05-07 | not yet calculated | CVE-2015-6551 CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.