SB16-193: Vulnerability Summary for the Week of July 4, 2016

Original release date: July 11, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — commons_fileupload The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. 2016-07-04 7.8 CVE-2016-3092
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
JVNDB
JVN
apache — struts The REST plugin in Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression. 2016-07-04 7.5 CVE-2016-4438
CONFIRM
CONFIRM
JVNDB
JVN
apple — airport_base_station_firmware Apple AirPort Base Station Firmware before 7.6.7 and 7.7.x before 7.7.7 misparses DNS data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. 2016-07-02 10.0 CVE-2015-7029
CONFIRM
APPLE
cisco — evolved_programmable_network_manager The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device credentials, aka Bug ID CSCuy10231. 2016-07-02 10.0 CVE-2016-1289
CISCO
cisco — epc3928_firmware goform/WClientMACList on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long h_sortWireless parameter, related to a “Gateway Client List Denial of Service” issue, aka Bug ID CSCux24948. 2016-07-03 7.8 CVE-2016-1328
BUGTRAQ
MISC
cisco — epc3928_firmware goform/Docsis_system on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long LanguageSelect parameter, related to a “Gateway HTTP Corruption Denial of Service” issue, aka Bug ID CSCuy28100. 2016-07-03 7.8 CVE-2016-1336
BUGTRAQ
MISC
cisco — firesight_system_software Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238. 2016-07-02 7.5 CVE-2016-1394
CISCO
cisco — prime_collaboration_provisioning Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513. 2016-07-02 10.0 CVE-2016-1416
CISCO
cisco — prime_infrastructure The administrative web interface in Cisco Prime Infrastructure (PI) before 3.1.1 allows remote authenticated users to execute arbitrary commands via crafted field values, aka Bug ID CSCuy96280. 2016-07-07 9.0 CVE-2016-1442
CISCO
eaton — elcsoft Stack-based buffer overflow in ELCSimulator in Eaton ELCSoft 2.4.01 and earlier allows remote attackers to execute arbitrary code via a long packet. 2016-07-03 7.5 CVE-2016-4512
MISC
ibm — power_hardware_management_console IBM Power Hardware Management Console (HMC) 7.3 through 7.3.0 SP7, 7.9 through 7.9.0 SP3, 8.1 through 8.1.0 SP3, 8.2 through 8.2.0 SP2, 8.3 through 8.3.0 SP2, 8.4 through 8.4.0 SP1, and 8.5.0 allows physically proximate attackers to obtain root access via unspecified vectors. 2016-07-07 7.2 CVE-2016-0230
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ibm — urbancode_deploy The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not verify a server’s identity in a JMS session or an HTTP session, which allows local users to obtain root access to arbitrary agents via unspecified vectors. 2016-07-07 7.2 CVE-2016-0271
CONFIRM
ibm — watson_developer_cloud The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random numbers for service-instance credentials, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. 2016-07-02 7.5 CVE-2016-0391
CONFIRM
linux — linux_kernel The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet. 2016-07-03 10.0 CVE-2016-3955
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement. 2016-07-03 7.2 CVE-2016-4997
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
meinberg — ims-lantime_m1000 Stack-based buffer overflow in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via a crafted parameter in a POST request. 2016-07-03 7.5 CVE-2016-3962
MISC
meinberg — ims-lantime_m1000 Multiple stack-based buffer overflows in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via a crafted parameter in a POST request. 2016-07-03 7.5 CVE-2016-3988
MISC
meinberg — ims-lantime_m1000 The NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote authenticated users to obtain root privileges for writing to unspecified scripts, and consequently obtain sensitive information or modify data, by leveraging access to the nobody account. 2016-07-03 8.5 CVE-2016-3989
MISC
microfocus — rumba Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (3) the PrinterName property value to ProfileEditor.PrintPasteControl in ProfEdit.dll, (4) the Data argument to the WriteRecords function in FTXBIFFLib.AS400FtxBIFF in FtxBIFF.dll, (5) the Serialized property value to NMSECCOMPARAMSLib.SSL3 in NMSecComParams.dll, (6) the UserName property value to NMSECCOMPARAMSLib.FirewallProxy in NMSecComParams.dll, (7) the LUName property value to ProfileEditor.MFSNAControl in ProfEdit.dll, (8) the newVal argument to the Load function in FTPSFTPLib.SFtpSession in FTPSFtp.dll, or (9) a long Host field in the FTP Client. 2016-07-02 10.0 CVE-2016-1606
MISC
MISC
CONFIRM
microfocus — rumba Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument. NOTE: some references mention CVE-2016-5226 but that is not a correct ID for any Rumba vulnerability. 2016-07-02 10.0 CVE-2016-5228
MISC
MISC
CONFIRM
openvswitch — openvswitch Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command. 2016-07-03 7.5 CVE-2016-2074
MLIST
CONFIRM
CONFIRM
MLIST
phpmyadmin — phpmyadmin SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query. 2016-07-02 7.5 CVE-2016-5703
CONFIRM
CONFIRM
phpmyadmin — phpmyadmin phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation. 2016-07-02 7.5 CVE-2016-5734
CONFIRM
CONFIRM
CONFIRM

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — struts The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter. 2016-07-04 5.0 CVE-2015-0899
CONFIRM
JVNDB
JVN
apache — struts ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899. 2016-07-04 6.8 CVE-2016-1181
CONFIRM
CONFIRM
CONFIRM
JVNDB
JVN
apache — struts ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899. 2016-07-04 6.4 CVE-2016-1182
CONFIRM
CONFIRM
CONFIRM
JVNDB
JVN
apache — http_server The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service (stream-processing outage) via modified flow-control windows. 2016-07-06 4.3 CVE-2016-1546
CONFIRM
CONFIRM
CONFIRM
apache — struts Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. 2016-07-04 6.8 CVE-2016-4430
CONFIRM
CONFIRM
JVNDB
JVN
apache — struts Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method. 2016-07-04 5.0 CVE-2016-4431
CONFIRM
CONFIRM
JVNDB
JVN
apache — struts Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request. 2016-07-04 5.0 CVE-2016-4433
CONFIRM
CONFIRM
JVNDB
JVN
apache — xerces-c++ Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD. 2016-07-08 5.0 CVE-2016-4463
DEBIAN
CONFIRM
CONFIRM
CONFIRM
SECTRACK
BID
BUGTRAQ
MISC
apache — struts The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field. 2016-07-04 5.0 CVE-2016-4465
CONFIRM
CONFIRM
JVNDB
JVN
apache — http_server The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the “SSLVerifyClient require” directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple requests over a single connection and aborting a renegotiation. 2016-07-06 5.0 CVE-2016-4979
CONFIRM
CONFIRM
MLIST
CONFIRM
cisco — epc3928_firmware Cisco EPC3928 devices allow remote attackers to obtain sensitive configuration and credential information by making requests during the early part of the boot process, related to a “Boot Information Disclosure” issue, aka Bug ID CSCux17178. 2016-07-03 4.3 CVE-2016-1337
BUGTRAQ
MISC
cisco — rv110w_firmware Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware through 1.2.1.4, RV130W devices with firmware through 1.0.2.7, and RV215W devices with firmware through 1.3.0.7 allows remote authenticated users to cause a denial of service (device reload) via a crafted HTTP request, aka Bug ID CSCux86669. 2016-07-03 6.8 CVE-2016-1398
CISCO
cisco — evolved_programmable_network_manager Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488. 2016-07-02 6.5 CVE-2016-1408
CISCO
cisco — ios Cisco IOS 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, and 15.4(1.13)S allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun66735. 2016-07-03 6.1 CVE-2016-1425
CISCO
cisco — web_security_appliance The proxy process on Cisco Web Security Appliance (WSA) devices through 9.1.0-070 allows remote attackers to cause a denial of service (CPU consumption) by establishing an FTP session and then improperly terminating the control connection after a file transfer, aka Bug ID CSCuy43468. 2016-07-02 5.0 CVE-2016-1440
CISCO
cisco — cloud_network_automation_provisioner Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET API calls, aka Bug ID CSCuy77145. 2016-07-02 6.4 CVE-2016-1441
CISCO
cisco — amp_threat_grid_appliance The virtual network stack on Cisco AMP Threat Grid Appliance devices before 2.1.1 allows remote attackers to bypass a sandbox protection mechanism, and consequently obtain sensitive interprocess information or modify interprocess data, via a crafted malware sample. 2016-07-07 6.8 CVE-2016-1443
CISCO
cisco — telepresence_video_communication_server The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601. 2016-07-07 5.8 CVE-2016-1444
CISCO
eaton — elcsoft Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and earlier allows remote authenticated users to execute arbitrary code via a crafted file. 2016-07-03 6.0 CVE-2016-4509
MISC
emc — avamar The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation. 2016-07-06 6.5 CVE-2016-0906
BUGTRAQ
google — chrome Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2016-07-03 6.8 CVE-2016-1704
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
ibm — jazz_reporting_service The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allow remote authenticated users to conduct clickjacking attacks via unspecified vectors. 2016-07-07 4.0 CVE-2016-0314
CONFIRM
ibm — jazz_reporting_service The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 maintain session ID validity after a logout action, which allows remote authenticated users to hijack sessions by leveraging an unattended workstation. 2016-07-07 6.5 CVE-2016-0315
CONFIRM
ibm — websphere_application_server CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. 2016-07-03 4.3 CVE-2016-0359
CONFIRM
AIXAPAR
ibm — tririga_application_platform Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees. 2016-07-02 6.0 CVE-2016-0386
AIXAPAR
ibm — websphere_application_server Admin Center in IBM WebSphere Application Server (WAS) 8.5.5.2 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. 2016-07-07 5.0 CVE-2016-0389
CONFIRM
AIXAPAR
ibm — cognos_analytics IBM Cognos Analytics (CA) 11.0 before 11.0.2 allows remote attackers to conduct content-spoofing attacks via a crafted URL. 2016-07-02 4.3 CVE-2016-0398
CONFIRM
ibm — websphere_extreme_scale CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. 2016-07-02 4.3 CVE-2016-0400
CONFIRM
AIXAPAR
AIXAPAR
ibm — websphere_extreme_scale IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. 2016-07-02 4.3 CVE-2016-2861
CONFIRM
AIXAPAR
AIXAPAR
ibm — websphere_commerce Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 before 7.0.0.9 cumulative iFix 3, and 8.0 before 8.0.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2016-07-03 4.3 CVE-2016-2862
CONFIRM
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ibm — websphere_commerce Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. 2016-07-03 6.0 CVE-2016-2863
CONFIRM
AIXAPAR
ibm — infosphere_streams IBM InfoSphere Streams before 4.0.1.2 and IBM Streams before 4.1.1.1 do not properly implement the runAsUser feature, which allows local users to obtain root group privileges via unspecified vectors. 2016-07-02 6.9 CVE-2016-2867
CONFIRM
ibm — qradar_security_information_and_event_manager IBM Security QRadar SIEM 7.2.x before 7.2.7 allows remote authenticated administrators to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2016-07-02 4.0 CVE-2016-2868
CONFIRM
ibm — websphere_datapower_xc10_appliance_firmware Buffer overflow in the CLI on IBM WebSphere DataPower XC10 appliances 2.1 and 2.5 allows remote authenticated users to cause a denial of service via unspecified vectors. 2016-07-02 5.0 CVE-2016-2870
CONFIRM
AIXAPAR
ibm — qradar_security_information_and_event_manager Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.7 and QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to read arbitrary files via a crafted URL. 2016-07-02 5.0 CVE-2016-2872
CONFIRM
ibm — tririga_application_platform IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to obtain sensitive information by reading HTTP responses. 2016-07-02 4.0 CVE-2016-2882
CONFIRM
ibm — jazz_reporting_service Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0313 and CVE-2016-0350. 2016-07-07 4.3 CVE-2016-2888
CONFIRM
ibm — jazz_reporting_service Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016, 6.0 and 6.0.1 before 6.0.1 ifix005, and 6.0.2 before ifix002 allows remote authenticated users to hijack the authentication of arbitrary users. 2016-07-07 6.8 CVE-2016-2889
CONFIRM
ibm — websphere_application_server IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. 2016-07-07 5.0 CVE-2016-2923
CONFIRM
AIXAPAR
ibm — websphere_application_server The API Discovery implementation in IBM WebSphere Application Server (WAS) 8.5.5.8 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authenticated users to gain privileges via an external reference in a Swagger document. 2016-07-07 6.0 CVE-2016-2945
CONFIRM
AIXAPAR
ibm — integration_bus The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace. 2016-07-02 5.0 CVE-2016-2961
CONFIRM
AIXAPAR
ibm — security_qradar_incident_forensics IBM Security QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unspecified vectors. 2016-07-02 5.5 CVE-2016-2968
CONFIRM
ibm — sdk The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers. 2016-07-02 5.0 CVE-2016-3956
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
isc — bind ISC BIND through 9.10.4-P1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message. 2016-07-06 4.0 CVE-2016-6170
MLIST
MLIST
MLIST
MISC
CONFIRM
MLIST
libreoffice — libreoffice Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and supercript tokens. 2016-07-08 6.8 CVE-2016-4324
UBUNTU
MISC
SECTRACK
BID
CONFIRM
DEBIAN
linux — linux_kernel The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary. 2016-07-03 5.6 CVE-2016-4998
CONFIRM
CONFIRM
MLIST
CONFIRM
ntp — ntp ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. 2016-07-04 4.3 CVE-2016-4953
CERT-VN
CONFIRM
CONFIRM
CONFIRM
ntp — ntp The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication. 2016-07-04 4.3 CVE-2016-4954
CERT-VN
CONFIRM
CONFIRM
CONFIRM
ntp — ntp ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548. 2016-07-04 5.0 CVE-2016-4956
CERT-VN
CONFIRM
CONFIRM
CONFIRM
ntp — ntp ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547. 2016-07-04 5.0 CVE-2016-4957
CERT-VN
CONFIRM
CONFIRM
CONFIRM
ntt_east — pr-400mi_firmware NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. 2016-07-03 6.5 CVE-2016-1227
CONFIRM
CONFIRM
JVNDB
JVN
ntt_west — pr-400mi Cross-site request forgery (CSRF) vulnerability on NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allows remote attackers to hijack the authentication of arbitrary users. 2016-07-03 6.8 CVE-2016-1228
CONFIRM
CONFIRM
JVNDB
JVN
phpmyadmin — phpmyadmin phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs. 2016-07-04 5.0 CVE-2016-5097
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
phpmyadmin — phpmyadmin Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error. 2016-07-04 5.0 CVE-2016-5098
CONFIRM
CONFIRM
phpmyadmin — phpmyadmin Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding. 2016-07-04 4.3 CVE-2016-5099
CONFIRM
CONFIRM
phpmyadmin — phpmyadmin setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI. 2016-07-02 4.3 CVE-2016-5701
CONFIRM
CONFIRM
phpmyadmin — phpmyadmin phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI. 2016-07-02 4.3 CVE-2016-5702
CONFIRM
CONFIRM
phpmyadmin — phpmyadmin Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment. 2016-07-02 4.3 CVE-2016-5704
CONFIRM
CONFIRM
phpmyadmin — phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an “invalid JSON” error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation. 2016-07-02 4.3 CVE-2016-5705
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
phpmyadmin — phpmyadmin js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter. 2016-07-02 5.0 CVE-2016-5706
CONFIRM
CONFIRM
phpmyadmin — phpmyadmin phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message. 2016-07-02 5.0 CVE-2016-5730
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
phpmyadmin — phpmyadmin Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message. 2016-07-02 4.3 CVE-2016-5731
CONFIRM
CONFIRM
CONFIRM
phpmyadmin — phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters. 2016-07-02 4.3 CVE-2016-5732
CONFIRM
CONFIRM
CONFIRM
phpmyadmin — phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml. 2016-07-02 4.3 CVE-2016-5733
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
phpmyadmin — phpmyadmin The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php. 2016-07-02 5.0 CVE-2016-5739
CONFIRM
CONFIRM
CONFIRM
qnap — qts Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-07-03 4.3 CVE-2015-5664
CONFIRM
JVNDB
JVN
rexroth — bladecontrol-webvis SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2016-07-06 5.5 CVE-2016-4507
MISC
rexroth — bladecontrol-webvis Cross-site scripting (XSS) vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-07-06 4.3 CVE-2016-4508
MISC
samba — samba libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag. 2016-07-07 6.8 CVE-2016-2119
CONFIRM
vmware — vcenter_server Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2016-07-02 4.3 CVE-2015-6931
CONFIRM
vmware — nsx_edge VMware NSX Edge 6.1 before 6.1.7 and 6.2 before 6.2.3 and vCNS Edge 5.5 before 5.5.4.3, when the SSL-VPN feature is configured, allow remote attackers to obtain sensitive information via unspecified vectors. 2016-07-02 4.3 CVE-2016-2079
CONFIRM
vmware — vrealize_log_insight Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-07-02 4.3 CVE-2016-2081
CONFIRM
vmware — vrealize_log_insight Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. 2016-07-02 6.8 CVE-2016-2082
CONFIRM

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
emc — rsa_archer_egrc EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files. 2016-07-04 3.5 CVE-2016-0899
BUGTRAQ
flexerasoftware — installanywhere Untrusted search path vulnerability in Flexera InstallAnywhere allows local users to gain privileges via a Trojan horse DLL in the current working directory of a setup-launcher executable file. 2016-07-02 3.7 CVE-2016-4560
CONFIRM
ibm — cognos_business_intelligence Cross-site scripting (XSS) vulnerability in IBM Cognos TM1, as used in IBM Cognos Business Intelligence 10.2 before IF20, 10.2.1 before IF17, 10.2.1.1 before IF16, 10.2.2 before IF12, and 10.1.1 before IF19, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2016-07-03 3.5 CVE-2016-0221
CONFIRM
ibm — control_center IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors. 2016-07-07 1.9 CVE-2016-0252
CONFIRM
ibm — i_access IBM i Access 7.1 on Windows allows local users to discover registry passwords via unspecified vectors. 2016-07-07 2.1 CVE-2016-0287
AIXAPAR
CONFIRM
ibm — jazz_reporting_service Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2888 and CVE-2016-0350. 2016-07-07 3.5 CVE-2016-0313
CONFIRM
ibm — cognos_business_intelligence Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence 10.2 before IF20, 10.2.1 before IF17, 10.2.1.1 before IF16, 10.2.2 before IF12, and 10.1.1 before IF19 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2016-07-03 3.5 CVE-2016-0346
CONFIRM
ibm — jazz_reporting_service Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2888 and CVE-2016-0313. 2016-07-07 3.5 CVE-2016-0350
CONFIRM
ibm — tririga_application_platform Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2016-07-02 3.5 CVE-2016-0387
CONFIRM
ibm — maximo_asset_management Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.9 IFIX007, and 7.6 before 7.6.0.5 FP005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2016-07-02 3.5 CVE-2016-0399
CONFIRM
ibm — tririga_application_platform Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2016-07-02 3.5 CVE-2016-2883
CONFIRM
ibm — tivoli_storage_manager IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging previous use of a symlink during archive and retrieve actions. 2016-07-03 2.1 CVE-2016-2894
CONFIRM
AIXAPAR
linux — linux_kernel Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a “double fetch” vulnerability. 2016-07-03 1.9 CVE-2016-6130
CONFIRM
CONFIRM
BUGTRAQ
CONFIRM
ntp — ntp ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time. 2016-07-04 2.6 CVE-2016-4955
CERT-VN
CONFIRM
CONFIRM
CONFIRM
siemens — sicam_pas Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges. 2016-07-04 1.7 CVE-2016-5848
CONFIRM
siemens — sicam_pas Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage. 2016-07-04 1.9 CVE-2016-5849
CONFIRM

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Leave a Reply