Monday, June 27, 2016

SB16-179: Vulnerability Summary for the Week of June 20, 2016

Original release date: June 27, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apple -- mac_os_x The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846. 2016-06-19 9.3 CVE-2016-1861
CONFIRM
APPLE
cisco -- rv110w_wireless-n_vpn_firewall_firmware The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428. 2016-06-18 10.0 CVE-2016-1395
CISCO
dx_library_project -- dx_library The printfDx function in Takumi Yamada DX Library for Borland C++ 3.13f through 3.16b, DX Library for Gnu C++ 3.13f through 3.16b, and DX Library for Visual C++ 3.13f through 3.16b allows remote attackers to execute arbitrary code via a crafted string. 2016-06-18 7.5 CVE-2016-4819
JVNDB
JVN
CONFIRM
emc -- data_domain EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 has a default no_root_squash option for NFS exports, which makes it easier for remote attackers to obtain filesystem access by leveraging client root privileges. 2016-06-19 7.2 CVE-2016-0911
BUGTRAQ
emc -- data_domain EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote authenticated users to bypass intended password-change restrictions by leveraging access to (1) a different account with the same role as a target account or (2) an account's session at an unattended workstation. 2016-06-19 9.0 CVE-2016-0912
BUGTRAQ
fonality -- fonality Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a (1) FTP or (2) SSH connection. 2016-06-19 10.0 CVE-2016-2362
CERT-VN
fonality -- fonality Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 uses weak permissions for the /var/www/rpc/surun script, which allows local users to obtain root access for unspecified command execution by leveraging access to the nobody account. 2016-06-19 7.2 CVE-2016-2363
CERT-VN
netcommons -- netcommons NetCommons 2.4.2.1 and earlier allows remote authenticated secretariat (aka CLERK) users to gain privileges by creating a SYSTEM_ADMIN account. 2016-06-18 9.0 CVE-2016-4813
CONFIRM
JVNDB
JVN
openssl -- openssl OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. 2016-06-19 7.5 CVE-2016-2177
CONFIRM
CONFIRM
solarwinds -- virtualization_manager The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. 2016-06-17 10.0 CVE-2016-3642
FULLDISC
FULLDISC
MISC
solarwinds -- virtualization_manager SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd." 2016-06-17 7.2 CVE-2016-3643
FULLDISC
MISC
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apple -- mac_os_x Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1862. 2016-06-19 4.3 CVE-2016-1860
CONFIRM
APPLE
apple -- mac_os_x Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860. 2016-06-19 4.3 CVE-2016-1862
CONFIRM
APPLE
apple -- safari The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL. 2016-06-19 5.0 CVE-2016-1864
CONFIRM
CONFIRM
APPLE
APPLE
buffalo -- wzr-600dhp2_firmware Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors. 2016-06-18 5.0 CVE-2016-4815
CONFIRM
JVNDB
JVN
buffalo -- wzr-600dhp2_firmware BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices allow remote attackers to discover credentials and other sensitive information via unspecified vectors. 2016-06-18 4.3 CVE-2016-4816
CONFIRM
JVNDB
JVN
cisco -- ios Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476. 2016-06-22 5.0 CVE-2015-6289
CISCO
cisco -- rv110w_wireless-n_vpn_firewall_firmware Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583. 2016-06-18 4.3 CVE-2016-1396
CISCO
cisco -- rv110w_wireless-n_vpn_firewall_firmware Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523. 2016-06-18 6.8 CVE-2016-1397
CISCO
cisco -- ios Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun63132. 2016-06-18 6.1 CVE-2016-1424
CISCO
cisco -- prime_network_registrar The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694. 2016-06-17 5.0 CVE-2016-1427
CISCO
cisco -- ios_xe Double free vulnerability in Cisco IOS XE 3.15S, 3.16S, and 3.17S allows remote authenticated users to cause a denial of service (device restart) via a sequence of crafted SNMP read requests, aka Bug ID CSCux13174. 2016-06-22 6.8 CVE-2016-1428
CISCO
cisco -- firepower_management_center Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur25516. 2016-06-17 4.3 CVE-2016-1431
CISCO
cisco -- ios_xe Cisco IOS XE 3.15S and 3.16S on cBR-8 Converged Broadband Router devices allows remote authenticated users to cause a denial of service (NULL pointer dereference and card restart) via a crafted SNMP request, aka Bug ID CSCuu68862. 2016-06-17 6.8 CVE-2016-1432
CISCO
cisco -- ip_phone_8800_series_firmware The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010. 2016-06-22 4.0 CVE-2016-1434
CISCO
cisco -- ip_phone_8800_series_firmware Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014. 2016-06-22 6.2 CVE-2016-1435
CISCO
cisco -- asr_5000_software The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1 packet, aka Bug ID CSCuz46198. 2016-06-22 5.0 CVE-2016-1436
CISCO
cisco -- prime_collaboration_deployment SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy92549. 2016-06-22 4.0 CVE-2016-1437
CISCO
cisco -- asyncos Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210. 2016-06-22 5.0 CVE-2016-1438
CISCO
cisco -- unified_contact_center_enterprise Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center Enterprise through 10.5(2) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux59650. 2016-06-22 4.3 CVE-2016-1439
CISCO
citrix -- ios_receiver Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors. 2016-06-17 5.8 CVE-2016-5433
CONFIRM
cybozu -- garoon Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196. 2016-06-19 4.3 CVE-2015-7776
CONFIRM
CONFIRM
CONFIRM
CONFIRM
JVNDB
JVN
cybozu -- garoon Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors. 2016-06-19 5.0 CVE-2016-1191
CONFIRM
JVNDB
JVN
cybozu -- garoon Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors. 2016-06-19 4.0 CVE-2016-1192
CONFIRM
JVNDB
JVN
cybozu -- garoon Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. 2016-06-19 5.8 CVE-2016-1195
CONFIRM
JVNDB
JVN
cybozu -- garoon Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776. 2016-06-19 4.0 CVE-2016-1196
CONFIRM
JVNDB
JVN
cybozu -- garoon Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775. 2016-06-19 4.3 CVE-2016-1197
CONFIRM
JVNDB
JVN
emc -- documentum_administrator EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface. 2016-06-22 6.5 CVE-2016-0914
BUGTRAQ
fonality -- fonality The Chrome HUDweb plugin before 2016-05-05 for Fonality (previously trixbox Pro) 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. 2016-06-19 5.0 CVE-2016-2364
CERT-VN
gsi -- old_gsi_maps Directory traversal vulnerability in kml2jsonp.php in Geospatial Information Authority of Japan (aka GSI) Old_GSI_Maps before January 2015 on Windows allows remote attackers to read arbitrary files via unspecified vectors. 2016-06-18 5.0 CVE-2016-4814
CONFIRM
JVNDB
JVN
h2o_project -- h2o lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 mishandles HTTP/2 disconnection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted packet. 2016-06-18 5.0 CVE-2016-4817
CONFIRM
CONFIRM
JVNDB
JVN
hp -- service_manager HP Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client, Windows Client, and Service Request components. 2016-06-18 6.0 CVE-2016-4371
CONFIRM
ibm -- elastic_storage_server IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum Scale RAID, allows local users to gain privileges via a crafted parameter to a setuid program. 2016-06-19 4.6 CVE-2016-0392
AIXAPAR
CONFIRM
iodata -- etx-r_firmware Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users. 2016-06-18 6.8 CVE-2016-4820
CONFIRM
JVNDB
JVN
iodata -- etx-r_firmware I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial of service (web-server crash) via unspecified vectors. 2016-06-18 5.0 CVE-2016-4821
CONFIRM
JVNDB
JVN
moxa -- pt-7728_firmware Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy. 2016-06-19 4.6 CVE-2016-4514
MISC
netgear -- d3600_firmware NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. 2016-06-19 4.3 CVE-2015-8288
CERT-VN
CONFIRM
netgear -- d3600_firmware The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code. 2016-06-19 4.3 CVE-2015-8289
CERT-VN
CONFIRM
ntt-bp -- japan_connected-free_wi-fi The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.15.1 and earlier for Android and 1.13.0 and earlier for iOS allows man-in-the-middle attackers to obtain API access via unspecified vectors. 2016-06-19 5.1 CVE-2016-4811
CONFIRM
CONFIRM
JVNDB
JVN
CONFIRM
nttdata -- terasoluna_server_framework_for_java_web NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname. 2016-06-18 4.3 CVE-2016-1183
CONFIRM
JVNDB
JVN
openstack -- neutron The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address. 2016-06-17 6.4 CVE-2015-8914
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
openstack -- neutron The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message. 2016-06-17 6.4 CVE-2016-5362
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
openstack -- neutron The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) crafted non-IP traffic. 2016-06-17 6.4 CVE-2016-5363
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
osisoft -- pi_af_server_2016 OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated users to cause a denial of service (service outage) via a message. 2016-06-19 4.0 CVE-2016-4518
MISC
CONFIRM
oslsoft -- pi_sql_data_access_server_2016 OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote authenticated users to cause a denial of service (service outage and data loss) via a message. 2016-06-19 4.0 CVE-2016-4530
MISC
CONFIRM
trend_micro -- business_security Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors. 2016-06-18 5.0 CVE-2016-1223
JVNDB
JVN
CONFIRM
trend_micro -- business_security CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors. 2016-06-18 4.3 CVE-2016-1224
JVNDB
JVN
CONFIRM
trendmicro -- internet_security Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors. 2016-06-19 5.0 CVE-2016-1225
CONFIRM
JVNDB
JVN
trendmicro -- internet_security Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-06-19 4.3 CVE-2016-1226
CONFIRM
JVNDB
JVN
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
cybozu -- garoon Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-1197. 2016-06-19 3.5 CVE-2015-7775
CONFIRM
JVNDB
JVN
ibm -- websphere_mq IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program. 2016-06-19 2.1 CVE-2015-7462
CONFIRM
openssl -- openssl The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. 2016-06-19 2.1 CVE-2016-2178
CONFIRM
CONFIRM
MLIST
MLIST
MISC
Back to top

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
advantech -- webaccess Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file. 2016-06-24 not yet calculated CVE-2016-4528
MISC
advantech -- webaccess Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag. 2016-06-24 not yet calculated CVE-2016-4525
MISC
alertus -- desktop_notification Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak permissions for configuration files and unspecified other files, which allows local users to suppress emergency notifications or change content via standard filesystem operations. 2016-06-25 not yet calculated CVE-2016-5087
CONFIRM
CERT-VN
apple -- mdnsresponder Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function. 2016-06-25 not yet calculated CVE-2015-7987
CERT-VN
CONFIRM
apple -- mdnsresponder The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors. 2016-06-25   CVE-2015-7988
CERT-VN
CONFIRM
corega -- cg_wlbaragm Corega CG-WLBARAGM devices allow remote attackers to cause a denial of service (reboot) via unspecified vectors. 2016-06-25 not yet calculated CVE-2016-4823
JVNDB
JVN
CONFIRM
corega -- cg_wlbargl Corega CG-WLBARGL devices allow remote authenticated users to execute arbitrary commands via unspecified vectors. 2016-06-25 not yet calculated CVE-2016-4822
JVNDB
JVN
CONFIRM
corega -- wifi The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack. 2016-06-25 not yet calculated CVE-2016-4824
JVNDB
JVN
CONFIRM
curl -- libcurl Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory. 2016-06-24 not yet calculated CVE-2016-4802
CONFIRM
SECTRACK
cybozu -- garoon Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors. 2016-06-25 not yet calculated CVE-2016-1190
CONFIRM
CONFIRM
JVNDB
JVN
cybozu -- garoon Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors. 2016-06-25 not yet calculated CVE-2016-1193
CONFIRM
JVNDB
JVN
cybozu -- garoon Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors. 2016-06-25 not yet calculated CVE-2016-1189
CONFIRM
CONFIRM
JVNDB
JVN
cybozu -- garoon Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors. 2016-06-25 not yet calculatednot yet calculated CVE-2016-1188
CONFIRM
CONFIRM
JVNDB
JVN
f5 -- icontrol_rest The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sensitive information via unspecified vectors. 2016-06-24 not yet calculated CVE-2016-5021
CONFIRM
huawei -- fusioninsight Huawei FusionInsight HD before V100R002C60SPC200 allows local users to gain root privileges via unspecified vectors. 2016-06-24 not yet calculated CVE-2016-5723
CONFIRM
huawei -- ips_module Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows remote attackers to cause a denial of service (memory consumption and reboot) via a crafted packet. 2016-06-24 not yet calculated CVE-2016-5435
CONFIRM
ibm -- websphere_portal Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. 2016-06-25 not yet calculated CVE-2016-2901
CONFIRM
AIXAPAR
oceanstor -- oceanstor OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network. 2016-06-24 not yet calculated CVE-2016-5722
CONFIRM
schneider -- powerlogic Cross-site scripting (XSS) vulnerability in the Schneider Electric PowerLogic PM8ECC module before 2.651 for PowerMeter 800 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-06-25 not yet calculated CVE-2016-4513
MISC
solarwinds -- virtualization_ manager SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack. 2016-06-24 not yet calculated CVE-2016-5709
FULLDISC
unitronics -- visilogic Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers to execute arbitrary code via a crafted filename field in a ZIP archive in a vlp file. 2016-06-24 not yet calculated CVE-2016-4519
MISC
MISC
wordpress -- e-commerce_plugin Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826. 2016-06-25 not yet calculated CVE-2016-4827
CONFIRM
JVNDB
JVN
wordpress -- e-commerce_plugin Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827. 2016-06-25 not yet calculated CVE-2016-4826
CONFIRM
JVNDB
JVN
wordpress -- e_commerce_plugin The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data. 2016-06-25 not yet calculated CVE-2016-4825
CONFIRM
JVNDB
JVN
wordpress -- e-commerce_plugin The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account. 2016-06-25 not yet calculated CVE-2016-4828
CONFIRM
JVNDB
JVN
Back to top

 


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/28ZDItY

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.