Category Archives: US-CERT

US-CERT Alerts – Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

Mozilla Releases Security Updates

November 15, 2016 007admin Leave a comment

Original release date: November 15, 2016

Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Available updates include:

Firefox 50
Firefox ESR 45.5

Users and administrators are encouraged to review the Mozilla Security Advisory for Firefox and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Symantec Releases Security Updates

November 15, 2016 007admin Leave a comment

Original release date: November 15, 2016

Symantec has released security updates to address a vulnerability in multiple products. Exploitation of this vulnerability may allow an attacker to take control of an affected system.

US-CERT encourages users and administrators to review Symantec Security Advisory SYM16-020 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Strategic Principles for Securing the IoT

November 15, 2016 007admin Leave a comment

Original release date: November 15, 2016

DHS has released a set of Strategic Principles for Securing the Internet of Things (IoT) to help inform consumers, operators and manufacturers in their decision-making regarding networked and networkable devices. While the IoT can provide efficiency, convenience, and interactivity features that are attractive, the IoT can also be vulnerable to manipulation by malicious actors, as observed in recent distributed denial-of-service (DDoS) attacks. US-CERT recommends reviewing the Strategic Principles for Securing the Internet of Things to learn more.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

VMWare Releases Security Updates

November 14, 2016 007admin Leave a comment

Original release date: November 14, 2016

VMWare has released security updates to address a vulnerability in VMware Workstation and Fusion. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review VMware Security Advisory VMSA-2016-0019 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

SB16-319: Vulnerability Summary for the Week of November 7, 2016

November 14, 2016 007admin Leave a comment

Original release date: November 14, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
adobe — flash_player	Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.	2016-11-08	10.0	CVE-2016-7857 CONFIRM
adobe — flash_player	Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.	2016-11-08	10.0	CVE-2016-7858 CONFIRM
adobe — flash_player	Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.	2016-11-08	10.0	CVE-2016-7859 CONFIRM
adobe — flash_player	Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.	2016-11-08	10.0	CVE-2016-7860 CONFIRM
adobe — flash_player	Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.	2016-11-08	10.0	CVE-2016-7861 CONFIRM
adobe — flash_player	Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.	2016-11-08	10.0	CVE-2016-7862 CONFIRM
adobe — flash_player	Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.	2016-11-08	10.0	CVE-2016-7863 CONFIRM
adobe — flash_player	Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.	2016-11-08	10.0	CVE-2016-7864 CONFIRM
adobe — flash_player	Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.	2016-11-08	10.0	CVE-2016-7865 CONFIRM
joomla — joomla!	The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.	2016-11-04	7.5	CVE-2016-8869 MISC BID SECTRACK MISC CONFIRM CONFIRM MISC EXPLOIT-DB
microsoft — windows_10	The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka “Windows Common Log File System Driver Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.	2016-11-10	9.3	CVE-2016-0026 MS
microsoft — windows_10	The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka “Windows Common Log File System Driver Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0026, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.	2016-11-10	9.3	CVE-2016-3332 MS
microsoft — windows_10	The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka “Windows Common Log File System Driver Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.	2016-11-10	9.3	CVE-2016-3333 MS
microsoft — windows_10	The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka “Windows Common Log File System Driver Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.	2016-11-10	9.3	CVE-2016-3334 MS
microsoft — windows_10	The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka “Windows Common Log File System Driver Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.	2016-11-10	9.3	CVE-2016-3335 MS
microsoft — windows_10	The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka “Windows Common Log File System Driver Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.	2016-11-10	9.3	CVE-2016-3338 MS
microsoft — windows_10	The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka “Windows Common Log File System Driver Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.	2016-11-10	9.3	CVE-2016-3340 MS
microsoft — windows_10	The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka “Windows Common Log File System Driver Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3343, and CVE-2016-7184.	2016-11-10	9.3	CVE-2016-3342 MS
microsoft — windows_10	The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka “Windows Common Log File System Driver Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, and CVE-2016-7184.	2016-11-10	9.3	CVE-2016-3343 MS
microsoft — windows_10	The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka “Windows Common Log File System Driver Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, and CVE-2016-3343.	2016-11-10	9.3	CVE-2016-7184 MS
microsoft — edge	Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-7198.	2016-11-10	7.6	CVE-2016-7195 MS MS
microsoft — edge	Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability.”	2016-11-10	7.6	CVE-2016-7196 MS MS
microsoft — edge	Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-7195.	2016-11-10	7.6	CVE-2016-7198 MS MS
microsoft — edge	The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.	2016-11-10	7.6	CVE-2016-7200 MS
microsoft — edge	The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.	2016-11-10	7.6	CVE-2016-7201 MS
microsoft — edge	The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.	2016-11-10	7.6	CVE-2016-7202 MS
microsoft — edge	The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.	2016-11-10	7.6	CVE-2016-7203 MS
microsoft — edge	The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.	2016-11-10	7.6	CVE-2016-7208 MS
microsoft — excel	Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”	2016-11-10	9.3	CVE-2016-7213 MS
microsoft — windows_10	The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability.”	2016-11-10	7.2	CVE-2016-7215 MS
microsoft — windows_10	Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via unspecified vectors, aka “Windows IME Elevation of Privilege Vulnerability.”	2016-11-10	7.2	CVE-2016-7221 MS
microsoft — windows_10	Task Scheduler in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to gain privileges via a crafted UNC pathname in a task, aka “Task Scheduler Elevation of Privilege Vulnerability.”	2016-11-10	7.2	CVE-2016-7222 MS
microsoft — excel	Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”	2016-11-10	9.3	CVE-2016-7228 MS
microsoft — excel	Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”	2016-11-10	9.3	CVE-2016-7229 MS
microsoft — office_web_apps	Microsoft PowerPoint 2010 SP2, PowerPoint Viewer, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”	2016-11-10	9.3	CVE-2016-7230 MS
microsoft — excel	Microsoft Excel 2007 SP3, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”	2016-11-10	9.3	CVE-2016-7231 MS
microsoft — office	Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”	2016-11-10	9.3	CVE-2016-7232 MS
microsoft — excel_for_mac	Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”	2016-11-10	9.3	CVE-2016-7234 MS
microsoft — excel_for_mac	Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”	2016-11-10	9.3	CVE-2016-7235 MS
microsoft — excel	Microsoft Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”	2016-11-10	9.3	CVE-2016-7236 MS
microsoft — windows_10	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandle caching for NTLM password-change requests, which allows local users to gain privileges via a crafted application, aka “Windows NTLM Elevation of Privilege Vulnerability.”	2016-11-10	7.2	CVE-2016-7238 MS
microsoft — edge	The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7242, and CVE-2016-7243.	2016-11-10	7.6	CVE-2016-7240 MS
microsoft — edge	Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability.”	2016-11-10	7.6	CVE-2016-7241 MS MS
microsoft — edge	The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, and CVE-2016-7243.	2016-11-10	7.6	CVE-2016-7242 MS
microsoft — edge	The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, and CVE-2016-7242.	2016-11-10	7.6	CVE-2016-7243 MS
microsoft — office	Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, and Office 2016 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”	2016-11-10	9.3	CVE-2016-7245 MS
microsoft — windows_10	The kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability.”	2016-11-10	7.2	CVE-2016-7246 MS
microsoft — windows_10	The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability.”	2016-11-10	7.2	CVE-2016-7255 MS
nvidia — geforce_experience	For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-3161 ID is for the GameStream unquoted service path.	2016-11-08	7.2	CVE-2016-3161 CONFIRM
nvidia — gpu_driver	For the NVIDIA Quadro, NVS, and GeForce products, there is a Remote Desktop denial of service. A successful exploit of a vulnerable system will result in a kernel null pointer dereference, causing a blue screen crash.	2016-11-08	7.8	CVE-2016-4959 CONFIRM
nvidia — geforce_experience	For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-5852 ID is for the NVTray Plugin unquoted service path.	2016-11-08	7.2	CVE-2016-5852 CONFIRM
nvidia — gpu_driver	For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a user input to index an array is not bounds checked, leading to denial of service or potential escalation of privileges.	2016-11-08	7.2	CVE-2016-7381 CONFIRM
nvidia — gpu_driver	For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) handler where a missing permissions check may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges.	2016-11-08	7.2	CVE-2016-7382 CONFIRM CONFIRM
nvidia — gpu_driver	For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) where unchecked input/output lengths in UVMLiteController Device IO Control handling may lead to denial of service or potential escalation of privileges.	2016-11-08	7.2	CVE-2016-7384 CONFIRM
nvidia — gpu_driver	For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x700010d where a value passed from a user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.	2016-11-08	7.2	CVE-2016-7385 CONFIRM
nvidia — gpu_driver	For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000D where a value passed from a user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.	2016-11-08	7.2	CVE-2016-7387 CONFIRM
nvidia — gpu_driver	For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges.	2016-11-08	7.2	CVE-2016-7388 CONFIRM
nvidia — gpu_driver	For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver on Linux R304 before 304.132, R340 before 340.98, R367 before 367.55, R361_93 before 361.93.03, and R370 before 370.28 contains a vulnerability in the kernel mode layer (nvidia.ko) handler for mmap() where improper input validation may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges.	2016-11-08	7.2	CVE-2016-7389 CONFIRM
nvidia — gpu_driver	For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x7000194 where a value passed from a user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.	2016-11-08	7.2	CVE-2016-7390 CONFIRM
nvidia — gpu_driver	For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x100010b where a missing array bounds check can allow a user to write to kernel memory, leading to denial of service or potential escalation of privileges.	2016-11-08	7.2	CVE-2016-7391 CONFIRM
nvidia — gpu_driver	For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x7000014 where a value passed from an user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.	2016-11-08	7.2	CVE-2016-8805 CONFIRM
nvidia — gpu_driver	For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x5000027 where a pointer passed from an user to the driver is used without validation, leading to denial of service or potential escalation of privileges.	2016-11-08	7.2	CVE-2016-8806 CONFIRM
nvidia — gpu_driver	For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x10000e9 where a value is passed from an user to the driver is used without validation as the size input to memcpy() causing a stack buffer overflow, leading to denial of service or potential escalation of privileges.	2016-11-08	7.2	CVE-2016-8807 CONFIRM
nvidia — gpu_driver	For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70000d5 where a value passed from an user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.	2016-11-08	7.2	CVE-2016-8808 CONFIRM
nvidia — gpu_driver	For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70001b2 where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges.	2016-11-08	7.2	CVE-2016-8809 CONFIRM
nvidia — gpu_driver	For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x100009a where a value passed from an user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.	2016-11-08	7.2	CVE-2016-8810 CONFIRM
nvidia — gpu_driver	For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x7000170 where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges.	2016-11-08	7.2	CVE-2016-8811 CONFIRM
nvidia — geforce_experience	For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before GFE 3.1.0.52 contains a vulnerability in the kernel mode layer (nvstreamkms.sys) allowing a user to cause a stack buffer overflow with specially crafted executable paths, leading to a denial of service or escalation of privileges.	2016-11-08	7.2	CVE-2016-8812 CONFIRM

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
adobe — connect	Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks.	2016-11-08	4.3	CVE-2016-7851 CONFIRM
citrix — receiver_desktop	Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of a LAN cable.	2016-11-07	4.6	CVE-2016-9111 MISC MISC MISC MISC
exponentcms — exponent_cms	Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter.	2016-11-07	6.5	CVE-2016-9242 CONFIRM
joomla — joomla!	The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.	2016-11-04	6.8	CVE-2016-8870 MISC BID SECTRACK MISC CONFIRM CONFIRM MISC EXPLOIT-DB
nvidia — geforce_experience	For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege.	2016-11-08	6.9	CVE-2016-4960 CONFIRM
nvidia — geforce_experience	For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers.	2016-11-08	4.9	CVE-2016-4961 CONFIRM
nvidia — gpu_driver	For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVAPI support layer causes a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers.	2016-11-08	6.1	CVE-2016-5025 CONFIRM
nvidia — gpu_driver	For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in a memory mapping API in the kernel mode layer (nvlddmkm.sys) handler, leading to denial of service or potential escalation of privileges.	2016-11-08	6.1	CVE-2016-7383 CONFIRM

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
microsoft — edge	Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the Same Origin Policy and obtain sensitive window-state information via a crafted web site, aka “Microsoft Browser Information Disclosure Vulnerability.”	2016-11-10	2.6	CVE-2016-7199 MS MS
microsoft — edge	Microsoft Edge allows remote attackers to access arbitrary “My Documents” files via a crafted web site, aka “Microsoft Edge Information Disclosure Vulnerability.”	2016-11-10	2.6	CVE-2016-7204 MS
microsoft — edge	Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka “Microsoft Edge Spoofing Vulnerability.”	2016-11-10	2.6	CVE-2016-7209 MS
microsoft — windows_10	The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to bypass the ASLR protection mechanism via a crafted application, aka “Win32k Information Disclosure Vulnerability.”	2016-11-10	2.1	CVE-2016-7214 MS
microsoft — windows_7	The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandles permissions, which allows local users to gain privileges via a crafted application, aka “Windows Kernel Elevation of Privilege Vulnerability.”	2016-11-10	2.1	CVE-2016-7216 MS
microsoft — windows_10	Virtual Secure Mode in Microsoft Windows 10 allows local users to obtain sensitive information via a crafted application, aka “Virtual Secure Mode Information Disclosure Vulnerability.”	2016-11-10	2.1	CVE-2016-7220 MS
microsoft — windows_10	Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka “VHD Driver Elevation of Privilege Vulnerability.”	2016-11-10	3.6	CVE-2016-7223 MS
microsoft — windows_10	Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka “VHD Driver Elevation of Privilege Vulnerability.”	2016-11-10	3.6	CVE-2016-7224 MS
microsoft — windows_10	Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka “VHD Driver Elevation of Privilege Vulnerability.”	2016-11-10	3.6	CVE-2016-7225 MS
microsoft — windows_10	Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka “VHD Driver Elevation of Privilege Vulnerability.”	2016-11-10	3.6	CVE-2016-7226 MS
microsoft — edge	The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of local files via unspecified vectors, aka “Microsoft Browser Information Disclosure Vulnerability.”	2016-11-10	2.6	CVE-2016-7227 MS MS
microsoft — edge	The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka “Microsoft Browser Information Disclosure Vulnerability.”	2016-11-10	2.6	CVE-2016-7239 MS MS
nvidia — gpu_driver	For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70000D4 which may lead to leaking of kernel memory contents to user space through an uninitialized buffer.	2016-11-08	2.1	CVE-2016-7386 CONFIRM
qemu — qemu	The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.	2016-11-04	1.9	CVE-2016-8576 CONFIRM MLIST MLIST BID MLIST
qemu — qemu	Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation.	2016-11-04	1.9	CVE-2016-8577 CONFIRM MLIST MLIST BID
qemu — qemu	The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation.	2016-11-04	1.9	CVE-2016-8578 MLIST MLIST BID MLIST
qemu — qemu	The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.	2016-11-04	1.9	CVE-2016-8667 MLIST MLIST BID MLIST
qemu — qemu	The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size.	2016-11-04	1.9	CVE-2016-8668 MLIST MLIST BID MLIST
qemu — qemu	The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.	2016-11-04	1.9	CVE-2016-8669 CONFIRM MLIST MLIST BID
qemu — qemu	The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position.	2016-11-04	1.9	CVE-2016-8909 MLIST MLIST BID MLIST
qemu — qemu	The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.	2016-11-04	1.9	CVE-2016-8910 MLIST MLIST BID MLIST

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
adobe — reader_and_acrobat	Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.	2016-11-10	not yet calculated	CVE-2016-4095 CONFIRM
artifex — mujs	Artifex Software, Inc. MuJS before 5008105780c0b0182ea6eda83ad5598f225be3ee allows context-dependent attackers to conduct “denial of service (application crash)” attacks by using the “malformed labeled break/continue in JavaScript” approach, related to a “NULL pointer dereference” issue affecting the jscompile.c component.	2016-11-11	not yet calculated	CVE-2016-9294 CONFIRM CONFIRM
dotclear — dotclear	Unrestricted file upload vulnerability in the Blog appearance in the “Install or upgrade manually” module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it via unspecified vectors.	2016-11-10	not yet calculated	CVE-2016-9268 CONFIRM CONFIRM
exponent_cms — exponent_cms	A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service.	2016-11-11	not yet calculated	CVE-2016-9272 CONFIRM CONFIRM CONFIRM
exponent_cms — exponent_cms	framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an “addresses, countries, and regions” issue.	2016-11-11	not yet calculated	CVE-2016-9285 CONFIRM
exponent_cms — exponent_cms	framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI.	2016-11-11	not yet calculated	CVE-2016-9286 CONFIRM
exponent_cms — exponent_cms	getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string.	2016-11-11	not yet calculated	CVE-2016-9284 CONFIRM
exponent_cms — exponent_cms	In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter “target” of function “DragnDropReRank” is directly used without any filtration which caused SQL injection. The payload can be used like this: /navigation/DragnDropReRank/target/1.	2016-11-11	not yet calculated	CVE-2016-9288 CONFIRM
exponent_cms — exponent_cms	SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a “sef URL” issue.	2016-11-11	not yet calculated	CVE-2016-9283 CONFIRM
exponent_cms — exponent_cms	SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter.	2016-11-11	not yet calculated	CVE-2016-9282 CONFIRM
git — git_1.x	Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory. NOTE: 2.x is unaffected.	2016-11-11	not yet calculated	CVE-2016-9274 MISC MISC
linux — mm/gup.c	Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka “Dirty COW.”	2016-11-10	not yet calculated	CVE-2016-5195 CONFIRM CONFIRM MLIST CONFIRM CONFIRM CONFIRM CONFIRM MISC MISC MISC CONFIRM CONFIRM CONFIRM CERT-VN
microsoft — animation_manager	Animation Manager in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka “Windows Animation Manager Memory Corruption Vulnerability.”	2016-11-10	not yet calculated	CVE-2016-7205 MS
microsoft — office	Microsoft Office 2007 SP3 allows remote attackers to cause a denial of service (application hang) via a crafted Office document, aka “Microsoft Office Denial of Service Vulnerability.”	2016-11-10	not yet calculated	CVE-2016-7244 MS
microsoft — office	Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka “Microsoft Office Information Disclosure Vulnerability.”	2016-11-10	not yet calculated	CVE-2016-7233 MS
microsoft — sql_server	Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka “MDS API XSS Vulnerability.”	2016-11-10	not yet calculated	CVE-2016-7251 MS
microsoft — sql_server	Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka “SQL RDBMS Engine Elevation of Privilege Vulnerability.”	2016-11-10	not yet calculated	CVE-2016-7254 MS
microsoft — sql_server	Microsoft SQL Server 2014 SP1, 2014 SP2, and 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka “SQL RDBMS Engine Elevation of Privilege Vulnerability.”	2016-11-10	not yet calculated	CVE-2016-7250 MS
microsoft — sql_server	Microsoft SQL Server 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka “SQL RDBMS Engine Elevation of Privilege Vulnerability.”	2016-11-10	not yet calculated	CVE-2016-7249 MS
microsoft — sql_server	Microsoft SQL Server 2016 mishandles the FILESTREAM path, which allows remote authenticated users to gain privileges via unspecified vectors, aka “SQL Analysis Services Information Disclosure Vulnerability.”	2016-11-10	not yet calculated	CVE-2016-7252 MS
microsoft — sql_server	The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecified vectors, aka “SQL Server Agent Elevation of Privilege Vulnerability.”	2016-11-10	not yet calculated	CVE-2016-7253 MS
microsoft — windows	atmfd.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted Open Type font on a web site, aka “Open Type Font Information Disclosure Vulnerability.”	2016-11-10	not yet calculated	CVE-2016-7210 MS
microsoft — windows	atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka “Open Type Font Remote Code Execution Vulnerability.”	2016-11-10	not yet calculated	CVE-2016-7256 MS
microsoft — windows	Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka “Windows Bowser.sys Information Disclosure Vulnerability.”	2016-11-10	not yet calculated	CVE-2016-7218 MS
microsoft — windows	Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote authenticated users to cause a denial of service (system hang) via a crafted request, aka “Local Security Authority Subsystem Service Denial of Service Vulnerability.”	2016-11-10	not yet calculated	CVE-2016-7237 MS
microsoft — windows	Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow physically proximate attackers to bypass the Secure Boot protection mechanism via a crafted boot policy, aka “Secure Boot Component Vulnerability.”	2016-11-10	not yet calculated	CVE-2016-7247 MS
microsoft — windows	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow remote attackers to execute arbitrary code via a crafted image file, aka “Windows Remote Code Execution Vulnerability.”	2016-11-10	not yet calculated	CVE-2016-7212 MS
microsoft — windows_media_foundation	Media Foundation in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka “Media Foundation Memory Corruption Vulnerability.”	2016-11-10	not yet calculated	CVE-2016-7217 MS
microsoft — windows_video_control	Microsoft Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted file, aka “Microsoft Video Control Remote Code Execution Vulnerability.”	2016-11-10	not yet calculated	CVE-2016-7248 MS
moinmoin — moinmoin	MoinMoin 1.9.8 allows remote attackers to conduct “JavaScript injection” attacks by using the “page creation or crafted URL” approach, related to a “Cross Site Scripting (XSS)” issue affecting the action=fckdialog&dialog=attachment (via page name) component.	2016-11-10	not yet calculated	CVE-2016-7146 MISC
moinmoin — moinmoin	MoinMoin 1.9.8 allows remote attackers to conduct “JavaScript injection” attacks by using the “page creation” approach, related to a “Cross Site Scripting (XSS)” issue affecting the action=AttachFile (via page name) component.	2016-11-10	not yet calculated	CVE-2016-7148 MISC
p7zip — p7zip	A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z applications, will cause a crash and a denial of service when decoding malformed 7z files.	2016-11-11	not yet calculated	CVE-2016-9296 MISC MISC MISC
samsung — note_devices	Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note devices allows attackers to cause a denial of service (UI restart) via vectors involving APIs and an activity that computes an out-of-bounds array index, aka SVE-2016-6906.	2016-11-11	not yet calculated	CVE-2016-9277 CONFIRM
teradata — studio_express	The installation script studioexpressinstall for Teradata Studio Express 15.12.00.00 creates files in /tmp insecurely. A malicious local user could create a symlink in /tmp and possibly clobber system files or perhaps elevate privileges.	2016-11-10	not yet calculated	CVE-2016-7490 MISC
teradata — virtual_machine_community_edition	Teradata Virtual Machine Community Edition v15.10 has insecure file permissions on /etc/luminex/pkgmgr. These could allow a local user to modify its contents and execute commands as root.	2016-11-10	not yet calculated	CVE-2016-7488 MISC
teradata — virtual_machine_community_edition	Teradata Virtual Machine Community Edition v15.10’s perl script /opt/teradata/gsctools/bin/t2a.pl creates files in /tmp in an insecure manner, this may lead to elevated code execution.	2016-11-10	not yet calculated	CVE-2016-7489 MISC

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

OpenSSL Releases Security Update

November 10, 2016 007admin Leave a comment

Original release date: November 10, 2016

OpenSSL version 1.1.0c has been released to address vulnerabilities in prior versions. Exploitation of some of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.

Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Google Releases Security Updates for Chrome

November 10, 2016 007admin Leave a comment

Original release date: November 10, 2016

Google has released Chrome version 54.0.2840.99 for Windows and version 54.0.2840.98 for Linux. These new versions address multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Microsoft Releases Security Updates

November 8, 2016 007admin Leave a comment

Original release date: November 08, 2016

Microsoft has released 14 updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Users and administrators are encouraged to review Microsoft Security Bulletins MS16-129 through MS16-142 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Adobe Releases Security Updates

November 8, 2016 007admin Leave a comment

Original release date: November 08, 2016

Adobe has released security updates to address vulnerabilities in Flash Player and Connect. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletins APSB16-37 and APSB16-35 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

SB16-312: Vulnerability Summary for the Week of October 31, 2016

November 7, 2016 007admin Leave a comment

Original release date: November 07, 2016

High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
adobe — flash_player	Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.	2016-11-01	10.0	CVE-2016-7855 MS CONFIRM MISC
alienvault — open_source_security_information _and_event_management	PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes.	2016-10-28	7.5	CVE-2016-8580 CONFIRM
alienvault — open_source_security_information _and_event_management	A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL’s LOAD_FILE.	2016-10-28	7.5	CVE-2016-8582 CONFIRM
artifex — mujs	A use-after-free vulnerability was observed in Rp_toString function of Artifex Software, Inc. MuJS before 5c337af4b3df80cf967e4f9f6a21522de84b392a. A successful exploitation of this issue can lead to code execution or denial of service condition.	2016-10-28	7.5	CVE-2016-7504 CONFIRM
artifex — mujs	A buffer overflow vulnerability was observed in divby function of Artifex Software, Inc. MuJS before 8c805b4eb19cf2af689c860b77e6111d2ee439d5. A successful exploitation of this issue can lead to code execution or denial of service condition.	2016-10-28	7.5	CVE-2016-7505 CONFIRM
brocade — netiron_os	A memory corruption in the IPsec code path of Brocade NetIron OS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a images could allow attackers to cause a denial of service (line card reset) via certain constructed IPsec control packets.	2016-10-31	7.8	CVE-2016-8203 CONFIRM
cisco — ios_xe	A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the affected system. This vulnerability affects Cisco ASR 900 Series Aggregation Services Routers (ASR902, ASR903, and ASR907) that are running the following releases of Cisco IOS XE Software: 3.17.0S 3.17.1S 3.17.2S 3.18.0S 3.18.1S. More Information: CSCuy15175. Known Affected Releases: 15.6(1)S 15.6(2)S. Known Fixed Releases: 15.6(1)S2.12 15.6(1.17)S0.41 15.6(1.17)SP 15.6(2)SP 16.4(0.183) 16.5(0.10).	2016-11-03	10.0	CVE-2016-6441 CONFIRM
cisco — meeting_app	A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to 2.0.1, Acano Server releases prior to 1.8.16 and prior to 1.9.3, Cisco Meeting App releases prior to 1.9.8, Acano Meeting Apps releases prior to 1.8.35. More Information: CSCva75942 CSCvb67878. Known Affected Releases: 1.81.92.0.	2016-11-03	7.5	CVE-2016-6447 CONFIRM
cisco — meeting_server	A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to Release 2.0.3, Acano Server releases 1.9.x prior to Release 1.9.5, Acano Server releases 1.8.x prior to Release 1.8.17. More Information: CSCva76004. Known Affected Releases: 1.8.x 1.92.0.	2016-11-03	7.5	CVE-2016-6448 CONFIRM
cisco — prime_home	A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. Cisco Prime Home versions 5.1.1.6 and earlier and 5.2.2.2 and earlier have been confirmed to be vulnerable. Cisco Prime Home versions 6.0 and later are not vulnerable. More Information: CSCvb71732. Known Affected Releases: 5.0 5.0(1) 5.0(1.1) 5.0(1.2) 5.0(2) 5.15.1(0) 5.1(1) 5.1(1.3) 5.1(1.4) 5.1(1.5) 5.1(1.6) 5.1(2) 5.1(2.1) 5.1(2.3) 5.25.2(0.1) 5.2(1.0) 5.2(1.2) 5.2(2.0) 5.2(2.1) 5.2(2.2).	2016-11-03	10.0	CVE-2016-6452 CONFIRM
exponentcms — exponent_cms	Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution.	2016-11-03	7.5	CVE-2016-7095 CONFIRM
exponentcms — exponent_cms	The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection.	2016-11-03	7.5	CVE-2016-7453 CONFIRM
google — android	On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configuration messages being handled by wifi-service.jar within the Android Framework, a subset of SVE-2016-6542.	2016-10-31	7.8	CVE-2016-7988 CONFIRM
google — android	On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung’s implementation of the WifiServiceImpl class within wifi-service.jar. This causes the Android runtime to continually crash, rendering the device unusable until a factory reset is performed, a subset of SVE-2016-6542.	2016-10-31	7.8	CVE-2016-7989 CONFIRM
google — android	On Samsung Galaxy S4 through S7 devices, an integer overflow condition exists within libomacp.so when parsing OMACP messages (within WAP Push SMS messages) leading to a heap corruption that can result in Denial of Service and potentially remote code execution, a subset of SVE-2016-6542.	2016-10-31	10.0	CVE-2016-7990 CONFIRM
google — android	On Samsung Galaxy S4 through S7 devices, the “omacp” app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542.	2016-10-31	7.8	CVE-2016-7991 CONFIRM
hp — system_management_homepage	HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a “Buffer Overflow” issue.	2016-10-28	7.8	CVE-2016-4395 miscellaneous CONFIRM miscellaneous
hp — system_management_homepage	HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a “Buffer Overflow” issue.	2016-10-28	7.8	CVE-2016-4396 miscellaneous CONFIRM miscellaneous
libcsp_project — libcsp	Buffer overflow in the csp_can_process_frame in csp_if_can.c in the libcsp library v1.4 and earlier allows hostile components connected to the canbus to execute arbitrary code via a long csp packet.	2016-10-28	7.5	CVE-2016-8596 MISC
libcsp_project — libcsp	Buffer overflow in the csp_sfp_recv_fp in csp_sfp.c in the libcsp library v1.4 and earlier allows hostile components with network access to the SFP underlying network layers to execute arbitrary code via specially crafted SFP packets.	2016-10-28	7.5	CVE-2016-8597 MISC
libcsp_project — libcsp	Buffer overflow in the zmq interface in csp_if_zmqhub.c in the libcsp library v1.4 and earlier allows hostile computers connected via a zmq interface to execute arbitrary code via a long packet.	2016-10-28	7.5	CVE-2016-8598 MISC
microfocus — rumba	Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execute code.	2016-11-03	7.5	CVE-2016-9176 MISC
pivotal_software — redis	A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.	2016-10-28	7.5	CVE-2016-8339 MISC MISC
samsung — samsung_mobile	A vulnerability on Samsung Mobile L(5.0/5.1) and M(6.0) devices with the Exynos7420 chipset exists because of a NULL pointer dereference in the fimg2d driver. The patch (aka “SVE-2016-6248: SystemUI Security issue”) verifies if the object is null before dereferencing it.	2016-11-03	7.8	CVE-2016-7160 CONFIRM
square — git-fastclone	git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone, they could exploit this. The ext command will be run if the repository is recursively cloned or if submodules are updated. This attack works when cloning both local and remote repositories.	2016-11-03	9.3	CVE-2015-8968 MISC MISC
square — git-fastclone	git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to “cd ” and “git clone ” commands in the library.	2016-11-03	10.0	CVE-2015-8969 MISC MISC
sybase — adaptive_server_enterprise	SAP ASE 16.0 SP02 PL03 and prior versions allow attackers who own SourceDB and TargetDB databases to elevate privileges to sa (system administrator) via dbcc import_sproc SQL injection.	2016-11-03	7.5	CVE-2016-7402 MISC

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
alienvault — open_source_security_information _and_event_management	A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator.	2016-10-28	4.3	CVE-2016-8581 CONFIRM
alienvault — open_source_security_information _and_event_management	Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS.	2016-10-28	4.3	CVE-2016-8583 CONFIRM
artifex — mujs	An out-of-bounds read vulnerability was observed in Sp_replace_regexp function of Artifex Software, Inc. MuJS before 5000749f5afe3b956fc916e407309de840997f4a. A successful exploitation of this issue can lead to code execution or denial of service condition.	2016-10-28	5.0	CVE-2016-7506 CONFIRM
artifex — mujs	Artifex Software, Inc. MuJS before a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 allows context-dependent attackers to obtain sensitive information by using the “opname in crafted JavaScript file” approach, related to an “Out-of-Bounds read” issue affecting the jsC_dumpfunction function in the jsdump.c component.	2016-10-28	5.0	CVE-2016-9017 CONFIRM
artifex — mujs	Artifex Software, Inc. MuJS before a0ceaf5050faf419401fe1b83acfa950ec8a8a89 allows context-dependent attackers to obtain sensitive information by using the “crafted JavaScript” approach, related to a “Buffer Over-read” issue.	2016-11-03	5.0	CVE-2016-9136 CONFIRM
cisco — ip_interoperability_and _collaboration_system	A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. More Information: CSCva47092. Known Affected Releases: 4.10(1).	2016-11-03	4.3	CVE-2016-6429 CONFIRM
cisco — ip_interoperability_and _collaboration_system	A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. More Information: CSCva38636. Known Affected Releases: 4.10(1). Known Fixed Releases: 5.0(1).	2016-11-03	6.6	CVE-2016-6430 CONFIRM
cisco — prime_collaboration_provisioning	Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCut43061 CSCut43066 CSCut43736 CSCut43738 CSCut43741 CSCut43745 CSCut43748 CSCut43751 CSCut43756 CSCut43759 CSCut43764 CSCut43766. Known Affected Releases: 10.6.	2016-11-03	4.3	CVE-2016-6451 CONFIRM
cisco — identity_services_engine	A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CSCva46542. Known Affected Releases: 1.3(0.876).	2016-11-03	4.9	CVE-2016-6453 CONFIRM
cisco — hosted_collaboration _mediation_fulfillment	A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute unwanted actions. More Information: CSCva54241. Known Affected Releases: 11.5(1). Known Fixed Releases: 11.5(0.98000.216).	2016-11-03	4.3	CVE-2016-6454 CONFIRM
cisco — asr_5000_software	A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber sessions to be disconnected, resulting in a partial denial of service (DoS) condition. This vulnerability affects Cisco ASR 5500 devices with Data Processing Card 2 (DPC2) running StarOS 18.0 or later. More Information: CSCvb12081. Known Affected Releases: 18.7.4 19.5.0 20.0.2.64048 20.2.3 21.0.0. Known Fixed Releases: 18.7.4 18.7.4.65030 18.8.M0.65044 19.5.0 19.5.0.65092 19.5.M0.65023 19.5.M0.65050 20.2.3 20.2.3.64982 20.2.3.65017 20.2.a4.65307 20.3.M0.64984 20.3.M0.65029 20.3.M0.65037 20.3.M0.65071 20.3.T0.64985 20.3.T0.65031 20.3.T0.65043 20.3.T0.65067 21.0.0 21.0.0.65256 21.0.M0.64922 21.0.M0.64983 21.0.M0.65140 21.0.V0.65150 21.1.A0.64932 21.1.A0.64987 21.1.A0.65145 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.R0.65154 21.1.VC0.65203 21.2.A0.65147.	2016-11-03	5.0	CVE-2016-6455 CONFIRM
citrix — netscaler_application_delivery _controller_firmware	Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header.	2016-10-28	5.8	CVE-2016-9028 CONFIRM
docker — docker	Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes.	2016-10-28	5.0	CVE-2016-8867 CONFIRM
dokuwiki — dokuwiki	The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16.	2016-10-31	4.3	CVE-2016-7964 CONFIRM
dokuwiki — dokuwiki	DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL. This can lead to phishing attacks. (A remote unauthenticated attacker can change the URL’s hostname via the HTTP Host header.) The vulnerability can be triggered only if the Host header is not part of the web server routing process (e.g., if several domains are served by the same web server).	2016-10-31	4.3	CVE-2016-7965 CONFIRM
dotcms — dotcms	In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later.	2016-10-28	5.0	CVE-2016-8600 MISC CONFIRM MISC
exponentcms — exponent_cms	The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal.	2016-11-03	5.0	CVE-2016-7452 CONFIRM
exponentcms — exponent_cms	Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in “/expPaginator.php” affecting the order parameter. Impact is Information Disclosure.	2016-11-03	5.0	CVE-2016-9134 CONFIRM CONFIRM
exponentcms — exponent_cms	Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in “/framework/modules/help/controllers/helpController.php” affecting the version parameter. Impact is Information Disclosure.	2016-11-03	5.0	CVE-2016-9135 CONFIRM
exponentcms — exponent_cms	Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can use a capitalized method name to bypass the permission check, e.g., controller=expHTMLEditor&action=preview&editor=ckeditor and controller=expHTMLEditor&action=Preview&editor=ckeditor. An anonymous user will be rejected for the former but can access the latter.	2016-11-04	5.0	CVE-2016-9182 CONFIRM
exponentcms — exponent_cms	In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. The method selectObjectsBySql of class mysqli_database uses the injectProof method to prevent SQL injection, but this filter can be bypassed easily: it only sanitizes user input if there are odd numbers of ‘ or ” characters. Impact is Information Disclosure.	2016-11-04	5.0	CVE-2016-9183 CONFIRM
exponentcms — exponent_cms	In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection. Impact is Information Disclosure.	2016-11-04	5.0	CVE-2016-9184 CONFIRM
foxitsoftware — reader	Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. After the installation, Foxit Reader’s core files were world-writable by default, allowing an attacker to overwrite them with backdoor code, which when executed by privileged user would result in Privilege Escalation, Code Execution, or both.	2016-10-31	4.6	CVE-2016-8856 CONFIRM
foxitsoftware — phantompdf	The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image, aka “Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ConvertToPDF_x86!CreateFXPDFConvertor.”	2016-10-31	4.3	CVE-2016-8875 CONFIRM
foxitsoftware — phantompdf	Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF image embedded in the XFA stream in a PDF document, aka “Read Access Violation starting at FoxitReader.”	2016-10-31	6.8	CVE-2016-8876 CONFIRM
foxitsoftware — phantompdf	Heap buffer overflow (Out-of-Bounds write) vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted JPEG2000 image embedded in a PDF document, aka a “corrupted suffix pattern” issue.	2016-10-31	6.8	CVE-2016-8877 CONFIRM
foxitsoftware — phantompdf	Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedded in the XFA stream in a PDF document, aka “Data from Faulting Address may be used as a return value starting at FOXITREADER.”	2016-10-31	6.8	CVE-2016-8878 CONFIRM
foxitsoftware — phantompdf	The thumbnail shell extension plugin (FoxitThumbnailHndlr_x86.dll) in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted JPEG2000 image embedded in a PDF document, aka an “Exploitable – Heap Corruption” issue.	2016-10-31	4.3	CVE-2016-8879 CONFIRM
gitlab — gitlab	GitLab versions 8.9.x and above contain a critical security flaw in the “import/export project” feature of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their projects as tape archive files (tar). All GitLab versions prior to 8.13.0 restricted this feature to administrators only. Starting with version 8.13.0 this feature was made available to all users. This feature did not properly check for symbolic links in user-provided archives and therefore it was possible for an authenticated user to retrieve the contents of any file accessible to the GitLab service account. This included sensitive files such as those that contain secret tokens used by the GitLab service to authenticate users. GitLab CE and EE versions 8.13.0 through 8.13.2, 8.12.0 through 8.12.7, 8.11.0 through 8.11.10, 8.10.0 through 8.10.12, and 8.9.0 through 8.9.11 are affected.	2016-11-03	4.0	CVE-2016-9086 CONFIRM
hp — system_management_homepage	HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an “HSTS” issue.	2016-10-28	5.8	CVE-2016-4394 Miscellaneous CONFIRM Miscellaneous
iceni — argus	An exploitable stack-based buffer overflow vulnerability exists in the ipfSetColourStroke functionality of Iceni Argus version 6.6.04 A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code execution. An attacker can provide a malicious pdf file to trigger this vulnerability.	2016-10-28	6.8	CVE-2016-8333 MISC
iceni — argus	An exploitable stack based buffer overflow vulnerability exists in the ipNameAdd functionality of Iceni Argus Version 6.6.04 (Sep 7 2012) NK – Linux x64 and Version 6.6.04 (Nov 14 2014) NK – Windows x64. A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code execution. An attacker can send/provide malicious pdf file to trigger this vulnerability.	2016-10-28	6.8	CVE-2016-8335 MISC
isc — bind	named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.	2016-11-02	5.0	CVE-2016-8864 CONFIRM
libtiff — libtiff	An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF’s tag extension functionality.	2016-10-28	6.8	CVE-2016-8331 MISC
moodle — moodle	Unrestricted file upload vulnerability in the “legacy course files” and “file manager” modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.	2016-11-04	6.5	CVE-2016-9186 MISC
moodle — moodle	Unrestricted file upload vulnerability in the double extension support in the “image” module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.	2016-11-04	6.5	CVE-2016-9187 MISC
moodle — moodle	Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and s_additionalhtmlfooter parameters.	2016-11-04	4.3	CVE-2016-9188 MISC
openjpeg — openjpeg	A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.	2016-10-28	6.8	CVE-2016-8332 MISC MISC
openjpeg — openjpeg	Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.	2016-10-29	5.0	CVE-2016-9112 MISC
openjpeg — openjpeg	There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.	2016-10-30	5.0	CVE-2016-9113 MISC
openjpeg — openjpeg	There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.	2016-10-30	5.0	CVE-2016-9114 MISC
openjpeg — openjpeg	Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.	2016-10-30	4.3	CVE-2016-9115 MISC
openjpeg — openjpeg	NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.	2016-10-30	4.3	CVE-2016-9116 MISC
openjpeg — openjpeg	NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.	2016-10-30	4.3	CVE-2016-9117 MISC
openjpeg — openjpeg	Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2.	2016-10-30	5.0	CVE-2016-9118 MISC
openstack — heat	In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0.	2016-11-04	4.0	CVE-2016-9185 CONFIRM
python — pillow	Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the “crafted image file” approach, related to an “Integer Overflow” issue affecting the Image.core.map_buffer in map.c component.	2016-11-04	4.3	CVE-2016-9189 CONFIRM CONFIRM CONFIRM
python — pillow	Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the “crafted image file” approach, related to an “Insecure Sign Extension” issue affecting the ImagingNew in Storage.c component.	2016-11-04	6.8	CVE-2016-9190 CONFIRM CONFIRM CONFIRM
realnetworks — realplayer	Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file.	2016-10-28	4.3	CVE-2016-9018 MISC
sparkjava — spark	Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.	2016-11-04	5.0	CVE-2016-9177 MISC

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
avast — business_security	Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Protection Suite v8.x.x, Endpoint Protection Suite Plus v8.x.x, File Server Security v8.x.x, and Email Server Security v8.x.x allow attackers to bypass the DeepScreen feature via a DeviceIoControl call.	2016-11-03	2.1	CVE-2016-4025 MISC
bitcoin_knots_project — bitcoin_knots	In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fixed in v0.13.1.knots20161027), the debug console stores sensitive information including private keys and the wallet passphrase in its persistent command history.	2016-10-28	2.1	CVE-2016-8889 CONFIRM CONFIRM
botan_project — botan	In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an “OAEP side channel” attack.	2016-10-28	2.1	CVE-2016-8871 CONFIRM
docker2aci_project — docker2aci	docker2aci <= 0.12.3 has an infinite loop when handling local images with cyclic dependency chain.	2016-10-28	2.1	CVE-2016-8579 CONFIRM
hp — system_management_homepage	HPE System Management Homepage before v7.6 allows “remote authenticated” attackers to obtain sensitive information via unspecified vectors, related to an “XSS” issue.	2016-10-28	3.5	CVE-2016-4393 Miscellaneous CONFIRM Miscellaneous
ibm — financial_transaction_manager	Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.	2016-10-28	3.5	CVE-2016-3060 AIXAPAR AIXAPAR AIXAPAR CONFIRM
ibm — financial_transaction_manager	Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.	2016-10-28	3.5	CVE-2016-5920 AIXAPAR CONFIRM

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
joomla — usersmodelregistration	The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.	2016-11-04	not yet calculated	CVE-2016-8869 MISC BID SECTRACK MISC CONFIRM CONFIRM MISC EXPLOIT-DB
joomla — usersmodelregistration	The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.	2016-11-04	not yet calculated	CVE-2016-8870 MISC BID SECTRACK MISC CONFIRM CONFIRM MISC EXPLOIT-DB
qemu — qemu	Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation.	2016-11-04	not yet calculated	CVE-2016-8577 CONFIRM MLIST MLIST BID
qemu — qemu	The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position.	2016-11-04	not yet calculated	CVE-2016-8909 MLIST MLIST BID MLIST
qemu — qemu	The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.	2016-11-04	not yet calculated	CVE-2016-8667 MLIST MLIST BID MLIST
qemu — qemu	The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size.	2016-11-04	not yet calculated	CVE-2016-8668 MLIST MLIST BID MLIST
qemu — qemu	The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.	2016-11-04	not yet calculated	CVE-2016-8910 MLIST MLIST BID MLIST
qemu — qemu	The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.	2016-11-04	not yet calculated	CVE-2016-8669 CONFIRM MLIST MLIST BID
qemu — qemu	The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation.	2016-11-04	not yet calculated	CVE-2016-8578 MLIST MLIST BID MLIST
qemu — qemu	The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.	2016-11-04	not yet calculated	CVE-2016-8576 CONFIRM MLIST MLIST BID MLIST

This product is provided subject to this Notification and this Privacy & Use policy.

007 Software

Category Archives: US-CERT

Mozilla Releases Security Updates

Symantec Releases Security Updates

Strategic Principles for Securing the IoT

VMWare Releases Security Updates

SB16-319: Vulnerability Summary for the Week of November 7, 2016

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

OpenSSL Releases Security Update

Google Releases Security Updates for Chrome

Microsoft Releases Security Updates

Adobe Releases Security Updates

SB16-312: Vulnerability Summary for the Week of October 31, 2016

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

Software and Security Information