Monday, July 4, 2016

SB16-186: Vulnerability Summary for the Week of June 27, 2016

Original release date: July 04, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apple -- mdnsresponder The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors. 2016-06-25 7.5 CVE-2015-7988
CERT-VN
CONFIRM
corega -- cg-wlbaragm_firmware Corega CG-WLBARAGM devices allow remote attackers to cause a denial of service (reboot) via unspecified vectors. 2016-06-25 7.8 CVE-2016-4823
JVNDB
JVN
CONFIRM
f5 -- big-ip_access_policy_manager F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended Application Verification (EAV) monitor script. 2016-06-30 9.0 CVE-2016-5020
CONFIRM
SECTRACK
huawei -- mate_8_firmware Buffer overflow in Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (system crash) via a crafted app. 2016-06-30 7.1 CVE-2016-5232
CONFIRM
huawei -- ar3200_firmware Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted Multiprotocol Label Switching (MPLS) packets. 2016-06-30 7.8 CVE-2016-5368
CONFIRM
huawei -- huawei_firmware Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows remote attackers to cause a denial of service (memory consumption and reboot) via a crafted packet. 2016-06-24 7.1 CVE-2016-5435
CONFIRM
huawei -- ocean_stor_firmware OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network. 2016-06-24 7.5 CVE-2016-5722
CONFIRM
huawei -- fusioninsight_hd Huawei FusionInsight HD before V100R002C60SPC200 allows local users to gain root privileges via unspecified vectors. 2016-06-24 7.2 CVE-2016-5723
CONFIRM
ibm -- marketing_platform SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2016-06-27 7.5 CVE-2016-0224
CONFIRM
ibm -- general_parallel_file_system_storage_server IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2 and General Parallel File System 3.5 before 3.5.0.30 allow local users to gain privileges or cause a denial of service via a crafted mmapplypolicy command. 2016-06-28 7.2 CVE-2016-0263
CONFIRM
ibm -- messagesight JMS Client in IBM MessageSight 1.1.x through 1.1.0.1, 1.2.x through 1.2.0.3, and 2.0.x through 2.0.0.0 allows remote authenticated users to obtain administrator privileges for executing arbitrary commands via unspecified vectors. 2016-06-30 9.0 CVE-2016-0375
CONFIRM
lenovo -- solution_center Lenovo Solution Center (LSC) before 3.3.003 allows local users to execute arbitrary code with LocalSystem privileges via vectors involving the LSC.Services.SystemService StartProxy command with a named pipe created in advance and crafted .NET assembly. 2016-06-30 7.2 CVE-2016-5249
MISC
CONFIRM
linux -- linux_kernel Integer overflow in the snd_compr_allocate_buffer function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.6-rc6-next-20120917 allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call. 2016-06-29 7.2 CVE-2012-6703
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
linux -- linux_kernel The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call. 2016-06-27 7.2 CVE-2014-9904
CONFIRM
CONFIRM
linux -- linux_kernel Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data. 2016-06-27 7.2 CVE-2016-0758
CONFIRM
CONFIRM
MLIST
CONFIRM
linux -- linux_kernel The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling. 2016-06-27 7.2 CVE-2016-1583
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
MLIST
MLIST
CONFIRM
CONFIRM
linux -- linux_kernel arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS, and consequently cause a denial of service (host OS crash) or possibly execute arbitrary code on the host OS, via x2APIC mode. 2016-06-27 7.2 CVE-2016-4440
CONFIRM
CONFIRM
MLIST
CONFIRM
linux -- linux_kernel The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call. 2016-06-27 7.2 CVE-2016-5828
MISC
MLIST
linux -- linux_kernel Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call. 2016-06-27 7.2 CVE-2016-5829
CONFIRM
MLIST
CONFIRM
opera -- opera_mail Unspecified vulnerability in Opera Mail before 2016-02-16 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted e-mail message. 2016-06-29 9.3 CVE-2016-5101
CONFIRM
siemens -- simatic_s7-300_with_profitnet_support_firmware Siemens SIMATIC S7-300 Profinet-enabled CPU devices with firmware before 3.2.12 and SIMATIC S7-300 Profinet-disabled CPU devices with firmware before 3.3.12 allow remote attackers to cause a denial of service (defect-mode transition) via crafted (1) ISO-TSAP or (2) Profibus packets. 2016-06-27 7.8 CVE-2016-3949
CONFIRM
symphony-cms -- symphony_cms Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter. 2016-06-30 7.6 CVE-2016-4309
EXPLOIT-DB
CONFIRM
BUGTRAQ
MISC
MISC
trend_micro -- deep_discovery_inspector hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via a crafted string. 2016-06-30 9.0 CVE-2016-5840
MISC
CONFIRM
unitronics -- visilogic_oplc_ide Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers to execute arbitrary code via a crafted filename field in a ZIP archive in a vlp file. 2016-06-24 7.5 CVE-2016-4519
MISC
MISC
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
advantech -- webaccess Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file. 2016-06-24 4.3 CVE-2016-4528
MISC
apple -- mdnsresponder Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function. 2016-06-25 6.8 CVE-2015-7987
CERT-VN
CONFIRM
arvidn -- libtorrent The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP broadcast. 2016-06-30 5.0 CVE-2016-5301
CONFIRM
CONFIRM
MLIST
MLIST
SUSE
bzip -- bzip2 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. 2016-06-30 4.3 CVE-2016-3189
CONFIRM
SECTRACK
MLIST
ca -- release_automation Multiple cross-site scripting (XSS) vulnerabilities in CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-06-28 4.3 CVE-2015-8699
CONFIRM
corega -- cg-wlbargnl_firmware Corega CG-WLBARGL devices allow remote authenticated users to execute arbitrary commands via unspecified vectors. 2016-06-25 5.2 CVE-2016-4822
JVNDB
JVN
CONFIRM
corega -- cg-wlr300gnv-w_firmware The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack. 2016-06-25 5.0 CVE-2016-4824
JVNDB
JVN
CONFIRM
cybozu -- garoon Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors. 2016-06-25 4.0 CVE-2016-1188
CONFIRM
CONFIRM
JVNDB
JVN
cybozu -- garoon Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors. 2016-06-25 5.5 CVE-2016-1189
CONFIRM
CONFIRM
JVNDB
JVN
cybozu -- garoon Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors. 2016-06-25 4.0 CVE-2016-1190
CONFIRM
CONFIRM
JVNDB
JVN
cybozu -- garoon Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors. 2016-06-25 5.0 CVE-2016-1193
CONFIRM
JVNDB
JVN
dotcms -- dotcms CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject. 2016-06-30 5.0 CVE-2016-4803
MISC
CONFIRM
FULLDISC
f5 -- big-ip_access_policy_manager The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sensitive information via unspecified vectors. 2016-06-24 4.0 CVE-2016-5021
CONFIRM
gnu_wget_project -- gnu_wget GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. 2016-06-30 4.3 CVE-2016-4971
CONFIRM
UBUNTU
MLIST
CONFIRM
haproxy -- haproxy HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impact via unknown vectors. 2016-06-30 5.0 CVE-2016-5360
UBUNTU
MLIST
MLIST
CONFIRM
haxx -- curl Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory. 2016-06-24 6.9 CVE-2016-4802
CONFIRM
SECTRACK
huawei -- mate_8_firmware Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to bypass permission checks and control partial module functions via a crafted app. 2016-06-30 6.8 CVE-2016-5230
CONFIRM
huawei -- mate_8_firmware Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to bypass permission checks and delete user data via a crafted app. 2016-06-30 5.0 CVE-2016-5231
CONFIRM
ibm -- marketing_platform Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 8.6.x and 9.x before 9.1.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2016-06-27 4.3 CVE-2016-0229
CONFIRM
ibm -- marketing_platform SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2016-06-27 6.5 CVE-2016-0233
CONFIRM
ibm -- websphere_mq Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before 8.0.0.5 allows remote attackers to cause a denial of service (heap memory consumption) by triggering many errors. 2016-06-28 5.0 CVE-2016-0260
CONFIRM
ibm -- urbancode_deploy IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 allows remote authenticated users to obtain sensitive cleartext secure-property information via (1) the server UI or (2) a database request. 2016-06-28 4.0 CVE-2016-0267
CONFIRM
ibm -- domino Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0278, CVE-2016-0279, and CVE-2016-0301. 2016-06-26 6.8 CVE-2016-0277
CONFIRM
ibm -- domino Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0279, and CVE-2016-0301. 2016-06-26 6.8 CVE-2016-0278
CONFIRM
ibm -- domino Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0301. 2016-06-26 6.8 CVE-2016-0279
CONFIRM
ibm -- security_guardium Directory traversal vulnerability in IBM Security Guardium Database Activity Monitor 10 before 10.0p100 allows remote authenticated users to read arbitrary files via a crafted URL. 2016-06-28 4.0 CVE-2016-0298
CONFIRM
ibm -- domino Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0279. 2016-06-26 6.8 CVE-2016-0301
CONFIRM
ibm -- domino The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, aka SPR KLYHA7MM3J. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0920. 2016-06-28 6.8 CVE-2016-0304
CONFIRM
ibm -- business_process_manager IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call. 2016-06-29 4.0 CVE-2016-0349
CONFIRM
AIXAPAR
ibm -- tririga_application_platform IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet or Internet hosts, via a crafted proxy request to a web service. 2016-06-30 4.0 CVE-2016-0362
CONFIRM
ibm -- urbancode_deploy IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 does not properly implement a logging-obfuscation feature for secure properties, which allows remote authenticated users to obtain sensitive information via vectors involving special characters. 2016-06-30 4.0 CVE-2016-0364
CONFIRM
ibm -- urbancode_deploy IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1, when agent-relay Codestation artifact caching is enabled, allows remote attackers to bypass authentication and obtain sensitive artifact information via unspecified vectors. 2016-06-30 4.3 CVE-2016-0365
CONFIRM
ibm -- tririga_application_platform The builder tools in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allow remote authenticated users to gain privileges for application modification via unspecified vectors. 2016-06-30 6.5 CVE-2016-0374
CONFIRM
ibm -- web_content_manager Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. 2016-06-25 6.8 CVE-2016-2901
CONFIRM
AIXAPAR
libexpat -- expat The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716. 2016-06-30 6.8 CVE-2016-4472
CONFIRM
CONFIRM
UBUNTU
linux -- linux_kernel nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c. 2016-06-29 4.9 CVE-2016-1237
CONFIRM
CONFIRM
MLIST
CONFIRM
linux -- linux_kernel-rt The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file. 2016-06-27 6.8 CVE-2016-3707
CONFIRM
MLIST
linux -- linux_kernel The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvm_arch_vcpu data structure, and consequently obtain sensitive information or cause a denial of service (system crash), via a crafted ioctl call. 2016-06-27 5.6 CVE-2016-3713
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernel The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. 2016-06-27 4.9 CVE-2016-4470
CONFIRM
CONFIRM
MLIST
CONFIRM
linux -- linux_kernel The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message. 2016-06-27 5.0 CVE-2016-5244
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
linux -- linux_kernel Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_vringh.c in the MIC VOP driver in the Linux kernel before 4.6.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (memory corruption and system crash) by changing a certain header, aka a "double fetch" vulnerability. 2016-06-27 5.6 CVE-2016-5728
CONFIRM
CONFIRM
CONFIRM
CONFIRM
schneider-electric -- powerlogic_pm8ecc_firmware Cross-site scripting (XSS) vulnerability in the Schneider Electric PowerLogic PM8ECC module before 2.651 for PowerMeter 800 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-06-25 4.3 CVE-2016-4513
MISC
symantec -- endpoint_protection_manager Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet hosts, via a crafted request. 2016-06-30 4.0 CVE-2016-3647
CONFIRM
BID
symantec -- endpoint_protection_manager Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing attacks against management-console accounts, by entering data into the authorization window. 2016-06-30 4.0 CVE-2016-3648
CONFIRM
BID
symantec -- endpoint_protection_manager Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated administrators to enumerate administrator accounts via modified GET requests. 2016-06-30 4.0 CVE-2016-3649
CONFIRM
BID
symantec -- endpoint_protection_manager Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack. 2016-06-30 4.0 CVE-2016-3650
CONFIRM
BID
symantec -- endpoint_protection_manager Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors. 2016-06-30 6.0 CVE-2016-3651
CONFIRM
BID
symantec -- endpoint_protection_manager Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users. 2016-06-30 6.0 CVE-2016-3653
CONFIRM
BID
symantec -- endpoint_protection_manager Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2016-06-30 4.9 CVE-2016-5304
CONFIRM
BID
symantec -- endpoint_protection_manager Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445. 2016-06-30 5.0 CVE-2016-5306
CONFIRM
BID
symantec -- endpoint_protection_manager Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspecified vectors. 2016-06-30 4.0 CVE-2016-5307
CONFIRM
BID
thekelleys -- dnsmasq Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally. 2016-06-30 5.0 CVE-2015-8899
UBUNTU
SECTRACK
MLIST
MLIST
CONFIRM
MLIST
MLIST
welcart -- e-commerce The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data. 2016-06-25 6.8 CVE-2016-4825
CONFIRM
JVNDB
JVN
welcart -- e-commerce Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827. 2016-06-25 4.3 CVE-2016-4826
CONFIRM
JVNDB
JVN
welcart -- e-commerce Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826. 2016-06-25 4.3 CVE-2016-4827
CONFIRM
JVNDB
JVN
welcart -- e-commerce The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account. 2016-06-25 6.4 CVE-2016-4828
CONFIRM
JVNDB
JVN
wordpress -- wordpress The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors. 2016-06-29 5.0 CVE-2016-5832
CONFIRM
CONFIRM
wordpress -- wordpress Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5834. 2016-06-29 4.3 CVE-2016-5833
CONFIRM
CONFIRM
CONFIRM
wordpress -- wordpress Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5833. 2016-06-29 4.3 CVE-2016-5834
CONFIRM
CONFIRM
CONFIRM
wordpress -- wordpress WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php. 2016-06-29 5.0 CVE-2016-5835
CONFIRM
CONFIRM
CONFIRM
wordpress -- wordpress The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors. 2016-06-29 5.0 CVE-2016-5836
CONFIRM
CONFIRM
wordpress -- wordpress WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors. 2016-06-29 5.0 CVE-2016-5837
CONFIRM
CONFIRM
wordpress -- wordpress WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie. 2016-06-29 5.0 CVE-2016-5838
CONFIRM
CONFIRM
wordpress -- wordpress WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors. 2016-06-29 5.0 CVE-2016-5839
CONFIRM
CONFIRM
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
advantech -- webaccess Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag. 2016-06-24 3.3 CVE-2016-4525
MISC
alertus -- alertus_desktop_notification_for_os_x Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak permissions for configuration files and unspecified other files, which allows local users to suppress emergency notifications or change content via standard filesystem operations. 2016-06-25 3.6 CVE-2016-5087
CONFIRM
CERT-VN
ca -- release_automation CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allows remote attackers to read arbitrary files or cause a denial of service via a request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2016-06-28 3.6 CVE-2015-8698
CONFIRM
ibm -- websphere_mq runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp. 2016-06-26 2.1 CVE-2015-7473
CONFIRM
ibm -- websphere_mq runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass an intended +dsp authority requirement and obtain sensitive information via unspecified display commands. 2016-06-26 2.1 CVE-2016-0259
CONFIRM
ibm -- connections Cross-site scripting (XSS) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 through CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML by uploading an HTML document. 2016-06-29 3.5 CVE-2016-0322
CONFIRM
AIXAPAR
lenovo -- solution_center The StopProxy command in LSC.Services.SystemService in Lenovo Solution Center before 3.3.003 allows local users to terminate arbitrary process via the PID argument. 2016-06-30 2.1 CVE-2016-5248
MISC
CONFIRM
linux -- linux_kernel The sched_read_attr function in kernel/sched/core.c in the Linux kernel 3.14-rc before 3.14-rc4 uses an incorrect size, which allows local users to obtain sensitive information from kernel stack memory via a crafted sched_getattr system call. 2016-06-27 2.1 CVE-2014-9903
CONFIRM
CONFIRM
linux -- linux_kernel The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. 2016-06-27 2.1 CVE-2016-5243
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
solarwinds -- virtualization_manager SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack. 2016-06-24 1.9 CVE-2016-5709
FULLDISC
symantec -- endpoint_protection_manager Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device. 2016-06-30 3.3 CVE-2015-8801
CONFIRM
BID
symantec -- endpoint_protection_manager Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2016-06-30 3.5 CVE-2016-3652
CONFIRM
BID
symantec -- endpoint_protection_manager Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via a "DOM link manipulation" attack. 2016-06-30 3.5 CVE-2016-5305
CONFIRM
BID
Back to top

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apple -- airport_base_station_firmware Apple AirPort Base Station Firmware before 7.6.7 and 7.7.x before 7.7.7 misparses DNS data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. 2016-07-02 not yet calculated CVE-2015-7029
CONFIRM
APPLE
cisco -- cnap Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET API calls, aka Bug ID CSCuy77145. 2016-07-02 not yet calculated CVE-2016-1441
CISCO
cisco -- firepower Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238. 2016-07-02 not yet calculated CVE-2016-1394
CISCO
cisco -- prime_collaboration_provisioning Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513. 2016-07-02 not yet calculated CVE-2016-1416
CISCO
cisco -- prime_infrastructure Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488. 2016-07-02 not yet calculated CVE-2016-1408
CISCO
cisco -- prime_infrastructure The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device credentials, aka Bug ID CSCuy10231. 2016-07-02 not yet calculated CVE-2016-1289
CISCO
cisco -- web_security_appliance The proxy process on Cisco Web Security Appliance (WSA) devices through 9.1.0-070 allows remote attackers to cause a denial of service (CPU consumption) by establishing an FTP session and then improperly terminating the control connection after a file transfer, aka Bug ID CSCuy43468. 2016-07-02 not yet calculated CVE-2016-1440
CISCO
flexera -- installanywhere Untrusted search path vulnerability in Flexera InstallAnywhere allows local users to gain privileges via a Trojan horse DLL in the current working directory of a setup-launcher executable file. 2016-07-02 not yet calculated CVE-2016-4560
CONFIRM
huawei -- fusion_compute Huawei FusionCompute before V100R005C10SPC700 allows remote authenticated users to cause a denial of service (resource consumption) via a large number of crafted packets. 2016-06-30 not yet calculated CVE-2016-4057
CONFIRM
huawei -- hisuite Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors. 2016-06-30 not yet calculated CVE-2016-4086
CONFIRM
ibm -- cognos_analytics IBM Cognos Analytics (CA) 11.0 before 11.0.2 allows remote attackers to conduct content-spoofing attacks via a crafted URL. 2016-07-02 not yet calculated CVE-2016-0398
CONFIRM
ibm -- infosphere_streams IBM InfoSphere Streams before 4.0.1.2 and IBM Streams before 4.1.1.1 do not properly implement the runAsUser feature, which allows local users to obtain root group privileges via unspecified vectors. 2016-07-02 not yet calculated CVE-2016-2867
CONFIRM
ibm -- integration_bus The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace. 2016-07-02 not yet calculated CVE-2016-2961
CONFIRM
AIXAPAR
ibm -- maximo_asset_management Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.9 IFIX007, and 7.6 before 7.6.0.5 FP005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2016-07-02 not yet calculated CVE-2016-0399
CONFIRM
ibm -- qradar Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.7 and QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to read arbitrary files via a crafted URL. 2016-07-02 not yet calculated CVE-2016-2872
CONFIRM
ibm -- qradar IBM Security QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to bypass authentication and obtain sensitive information or modify data via unspecified vectors. 2016-07-02 not yet calculated CVE-2016-2968
CONFIRM
ibm -- qradar IBM Security QRadar SIEM 7.2.x before 7.2.7 allows remote authenticated administrators to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2016-07-02 not yet calculated CVE-2016-2868
CONFIRM
ibm -- tririga Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees. 2016-07-02 not yet calculated CVE-2016-0386
AIXAPAR
ibm -- tririga Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2016-07-02 not yet calculated CVE-2016-0387
CONFIRM
ibm -- tririga Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2016-07-02 not yet calculated CVE-2016-2883
CONFIRM
ibm -- tririga IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to obtain sensitive information by reading HTTP responses. 2016-07-02 not yet calculated CVE-2016-2882
CONFIRM
ibm -- watson_developer_cloud The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random numbers for service-instance credentials, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. 2016-07-02 not yet calculated CVE-2016-0391
CONFIRM
ibm -- websphere_datapower Buffer overflow in the CLI on IBM WebSphere DataPower XC10 appliances 2.1 and 2.5 allows remote authenticated users to cause a denial of service via unspecified vectors. 2016-07-02 not yet calculated CVE-2016-2870
CONFIRM
AIXAPAR
ibm -- websphere_extreme_scale CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. 2016-07-02 not yet calculated CVE-2016-0400
CONFIRM
AIXAPAR
AIXAPAR
ibm -- websphere_extreme_scale IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. 2016-07-02 not yet calculated CVE-2016-2861
CONFIRM
AIXAPAR
AIXAPAR
jgroups -- encrypt JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors. 2016-06-30 not yet calculated CVE-2016-2141
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
SECTRACK
lenovo -- bios_efi_driver Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors. 2016-06-30 not yet calculated CVE-2016-5729
CONFIRM
micro_focus -- rumba Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (3) the PrinterName property value to ProfileEditor.PrintPasteControl in ProfEdit.dll, (4) the Data argument to the WriteRecords function in FTXBIFFLib.AS400FtxBIFF in FtxBIFF.dll, (5) the Serialized property value to NMSECCOMPARAMSLib.SSL3 in NMSecComParams.dll, (6) the UserName property value to NMSECCOMPARAMSLib.FirewallProxy in NMSecComParams.dll, (7) the LUName property value to ProfileEditor.MFSNAControl in ProfEdit.dll, (8) the newVal argument to the Load function in FTPSFTPLib.SFtpSession in FTPSFtp.dll, or (9) a long Host field in the FTP Client. 2016-07-02 not yet calculated CVE-2016-1606
MISC
MISC
CONFIRM
micro_focus -- runba Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument. NOTE: some references mention CVE-2016-5226 but that is not a correct ID for any Rumba vulnerability. 2016-07-02 not yet calculated CVE-2016-5228
MISC
MISC
CONFIRM
npm -- cli The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers. 2016-07-02 not yet calculated CVE-2016-3956
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
phpmyadmin -- examples/openid.php Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message. 2016-07-02 not yet calculated CVE-2016-5731
CONFIRM
CONFIRM
CONFIRM
phpmyadmin -- js/get_scripts.js.php js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter. 2016-07-02 not yet calculated CVE-2016-5706
CONFIRM
CONFIRM
phpmyadmin -- libraries/central_columns.lib.php SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query. 2016-07-02 not yet calculated CVE-2016-5703
CONFIRM
CONFIRM
phpmyadmin -- libraries/header.php The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php. 2016-07-02 not yet calculated CVE-2016-5739
CONFIRM
CONFIRM
CONFIRM
phpmyadmin -- phpmyadmin Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment. 2016-07-02 not yet calculated CVE-2016-5704
CONFIRM
CONFIRM
phpmyadmin -- phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml. 2016-07-02 not yet calculated CVE-2016-5733
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
phpmyadmin -- phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation. 2016-07-02 not yet calculated CVE-2016-5705
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
phpmyadmin -- phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters. 2016-07-02 not yet calculated CVE-2016-5732
CONFIRM
CONFIRM
CONFIRM
phpmyadmin -- phpmyadmin phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message. 2016-07-02 not yet calculated CVE-2016-5730
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
phpmyadmin -- phpmyadmin phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation. 2016-07-02 not yet calculated CVE-2016-5734
CONFIRM
CONFIRM
CONFIRM
phpmyadmin -- phpmyadmin phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI. 2016-07-02 not yet calculated CVE-2016-5702
CONFIRM
CONFIRM
phpmyadmin -- setup/frames/index.inc.php setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI. 2016-07-02 not yet calculated CVE-2016-5701
CONFIRM
CONFIRM
redhat -- openstack_platform The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors. 2016-06-30 not yet calculated CVE-2016-4474
REDHAT
CONFIRM
REDHAT
symantec -- antivirus_decomposer Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code via a crafted file. 2016-06-30 not yet calculated CVE-2016-2210
CONFIRM
BID
symantec -- antivirus_decomposer Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code via a crafted file. 2016-06-30 not yet calculated CVE-2016-2209
CONFIRM
BID
symantec -- antivirus_decomposer Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to have an unspecified impact via crafted TNEF data. 2016-06-30 not yet calculated CVE-2016-3645
CONFIRM
BID
symantec -- antivirus_decomposer The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted RAR file that is mishandled during decompression. 2016-06-30 not yet calculated CVE-2016-2207
CONFIRM
BID
symantec -- antivirus_decomposer The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted ZIP archive that is mishandled during decompression. 2016-06-30 not yet calculated CVE-2016-3646
CONFIRM
BID
symantec -- antivirus_decomposer The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted CAB file that is mishandled during decompression. 2016-06-30 not yet calculated CVE-2016-2211
CONFIRM
BID
symantec -- antivirus_decomposer The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via modified MIME data in a message. 2016-06-30 not yet calculated CVE-2016-3644
CONFIRM
BID
vmware -- nsx_edge VMware NSX Edge 6.1 before 6.1.7 and 6.2 before 6.2.3 and vCNS Edge 5.5 before 5.5.4.3, when the SSL-VPN feature is configured, allow remote attackers to obtain sensitive information via unspecified vectors. 2016-07-02 not yet calculated CVE-2016-2079
CONFIRM
vmware -- vcenter_server Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2016-07-02 not yet calculated CVE-2015-6931
CONFIRM
vmware -- vrealize_log_insight Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. 2016-07-02 not yet calculated CVE-2016-2082
CONFIRM
vmware -- vrealize_log_insight Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-07-02 not yet calculated CVE-2016-2081
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/29r6zKd

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.