Monday, December 5, 2016

SB16-340: Vulnerability Summary for the Week of November 28, 2016

Original release date: December 05, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
bmc -- patrol In BMC Patrol before 9.13.10.02, the binary "listguests64" is configured with the setuid bit. However, when executing it, it will look for a binary named "virsh" using the PATH environment variable. The "listguests64" program will then run "virsh" using root privileges. This allows local users to elevate their privileges to root. 2016-12-02 7.2 CVE-2016-9638
MISC
canonical -- ubuntu_linux The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace. 2016-11-27 7.2 CVE-2015-1328
MLIST
EXPLOIT-DB
BID
CONFIRM
CONFIRM
dell -- idrac7_firmware Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection. 2016-11-29 9.0 CVE-2016-5685
MISC
BID
exponentcms -- exponent_cms In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' used directly in SQL. Impact is a SQL injection. 2016-11-29 7.5 CVE-2016-9481
MISC
BID
google -- android An elevation of privilege vulnerability in libzipfile in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30916186. 2016-11-25 9.3 CVE-2016-6700
BID
CONFIRM
google -- android An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-30229821. 2016-11-25 9.3 CVE-2016-6704
BID
CONFIRM
google -- android An elevation of privilege vulnerability in Mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-30907212. 2016-11-25 9.3 CVE-2016-6705
BID
CONFIRM
google -- android An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-31350622. 2016-11-25 9.3 CVE-2016-6707
BID
CONFIRM
google -- android A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-30822755. 2016-11-25 7.1 CVE-2016-6713
BID
CONFIRM
google -- android A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-31092462. 2016-11-25 7.1 CVE-2016-6714
BID
CONFIRM
google -- android An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability. Android ID: A-31350239. 2016-11-25 7.6 CVE-2016-6717
BID
CONFIRM
google -- android A denial of service vulnerability in the Input Manager Service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to cause the device to continually reboot. This issue is rated as Moderate because it is a temporary denial of service that requires a factory reset to fix. Android ID: A-30568284. 2016-11-25 7.1 CVE-2016-6724
BID
CONFIRM
google -- android A remote code execution vulnerability in the Qualcomm crypto driver in Android before 2016-11-05 could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Android ID: A-30515053. References: Qualcomm QC-CR#1050970. 2016-11-25 10.0 CVE-2016-6725
BID
CONFIRM
google -- android An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30400942. 2016-11-25 9.3 CVE-2016-6728
BID
CONFIRM
google -- android An elevation of privilege vulnerability in the Qualcomm bootloader in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30977990. References: Qualcomm QC-CR#977684. 2016-11-25 9.3 CVE-2016-6729
BID
CONFIRM
google -- android An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30904789. References: NVIDIA N-CVE-2016-6730. 2016-11-25 9.3 CVE-2016-6730
BID
CONFIRM
google -- android An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906023. References: NVIDIA N-CVE-2016-6731. 2016-11-25 9.3 CVE-2016-6731
BID
CONFIRM
google -- android An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906599. References: NVIDIA N-CVE-2016-6732. 2016-11-25 9.3 CVE-2016-6732
BID
CONFIRM
google -- android An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906694. References: NVIDIA N-CVE-2016-6733. 2016-11-25 9.3 CVE-2016-6733
BID
CONFIRM
google -- android An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30907120. References: NVIDIA N-CVE-2016-6734. 2016-11-25 9.3 CVE-2016-6734
BID
CONFIRM
google -- android An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30907701. References: NVIDIA N-CVE-2016-6735. 2016-11-25 9.3 CVE-2016-6735
BID
CONFIRM
google -- android An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30953284. References: NVIDIA N-CVE-2016-6736. 2016-11-25 9.3 CVE-2016-6736
BID
CONFIRM
google -- android An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30928456. 2016-11-25 9.3 CVE-2016-6737
BID
CONFIRM
google -- android An elevation of privilege vulnerability in the Qualcomm crypto engine driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30034511. References: Qualcomm QC-CR#1050538. 2016-11-25 9.3 CVE-2016-6738
BID
CONFIRM
google -- android An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30074605. References: Qualcomm QC-CR#1049826. 2016-11-25 9.3 CVE-2016-6739
BID
CONFIRM
google -- android An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30143904. References: Qualcomm QC-CR#1056307. 2016-11-25 9.3 CVE-2016-6740
BID
CONFIRM
google -- android An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30559423. References: Qualcomm QC-CR#1060554. 2016-11-25 9.3 CVE-2016-6741
BID
CONFIRM
google -- android An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30799828. 2016-11-25 9.3 CVE-2016-6742
BID
CONFIRM
google -- android An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30937462. 2016-11-25 9.3 CVE-2016-6743
BID
CONFIRM
google -- android An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30970485. 2016-11-25 9.3 CVE-2016-6744
BID
CONFIRM
google -- android An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-31252388. 2016-11-25 9.3 CVE-2016-6745
BID
CONFIRM
google -- android A denial of service vulnerability in Mediaserver in Android before 2016-11-05 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-31244612. References: NVIDIA N-CVE-2016-6747. 2016-11-25 7.1 CVE-2016-6747
BID
CONFIRM
ibm -- qradar_security_information_and_event_manager IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access by leveraging a command-injection issue. 2016-11-30 8.5 CVE-2016-2876
CONFIRM
ibm -- tivoli_monitoring Stack-based buffer overflow in the ax Shared Libraries in the Agent in IBM Tivoli Monitoring (ITM) 6.2.2 before FP9, 6.2.3 before FP5, and 6.3.0 before FP2 on Linux and UNIX allows local users to gain privileges via unspecified vectors. 2016-12-01 7.2 CVE-2016-2946
AIXAPAR
CONFIRM
BID
linux -- linux_kernel The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability. 2016-11-27 7.2 CVE-2016-8632
MLIST
BID
CONFIRM
MLIST
linux -- linux_kernel drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug." 2016-11-27 7.2 CVE-2016-9083
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernel security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type. 2016-11-27 9.3 CVE-2016-9313
CONFIRM
CONFIRM
MLIST
BID
CONFIRM
linux -- linux_kernel The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data. 2016-11-27 10.0 CVE-2016-9555
CONFIRM
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernel The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this vulnerability exists because of incorrect backporting of the CVE-2016-9178 patch to older kernels. 2016-11-27 9.3 CVE-2016-9644
MLIST
BID
CONFIRM
nginx -- nginx The nginx package before 1.6.2-5+deb8u3 on Debian jessie and the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10 allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log. 2016-11-29 7.2 CVE-2016-1247
MISC
FULLDISC
DEBIAN
BUGTRAQ
BID
SECTRACK
UBUNTU
MISC
EXPLOIT-DB
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apache -- hadoop In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as the HDFS service. 2016-11-29 6.5 CVE-2016-5393
CONFIRM
BID
b2evolution -- b2evolution The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request. 2016-12-02 5.0 CVE-2016-9479
CONFIRM
CONFIRM
boa -- boa Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters. 2016-11-30 5.0 CVE-2016-9564
MISC
BID
dbd-mysql_project -- dbd-mysql There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1. 2016-11-29 6.8 CVE-2016-1251
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRM
drupal -- drupal The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags. 2016-11-25 4.0 CVE-2016-9449
BID
CONFIRM
drupal -- drupal The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context. 2016-11-25 5.0 CVE-2016-9450
BID
CONFIRM
drupal -- drupal Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors. 2016-11-25 4.9 CVE-2016-9451
BID
CONFIRM
drupal -- drupal The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL. 2016-11-25 4.3 CVE-2016-9452
BID
CONFIRM
google -- android An elevation of privilege vulnerability in the Qualcomm bus driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30311977. References: Qualcomm QC-CR#1050455. 2016-11-25 6.8 CVE-2016-3904
BID
CONFIRM
google -- android An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30445973. References: Qualcomm QC-CR#1054344. 2016-11-25 4.3 CVE-2016-3906
BID
CONFIRM
google -- android An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30593266. References: Qualcomm QC-CR#1054352. 2016-11-25 4.3 CVE-2016-3907
BID
CONFIRM
google -- android An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30741851. References: Qualcomm QC-CR#1058826. 2016-11-25 4.3 CVE-2016-6698
BID
CONFIRM
google -- android A remote code execution vulnerability in libskia in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of the gallery process. Android ID: A-30190637. 2016-11-25 6.8 CVE-2016-6701
BID
CONFIRM
google -- android A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087. 2016-11-25 6.8 CVE-2016-6702
BID
CONFIRM
google -- android A remote code execution vulnerability in an Android runtime library in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker using a specially crafted payload to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Android runtime. Android ID: A-30765246. 2016-11-25 6.8 CVE-2016-6703
BID
CONFIRM
google -- android An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a man-in-the-middle attacker to gain access to sensitive information if a non-standard cipher suite is used by an application. This issue is rated as High because it could be used to access data without permission. Android ID: A-31081987. 2016-11-25 4.3 CVE-2016-6709
BID
CONFIRM
google -- android An information disclosure vulnerability in the download manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Android ID: A-30537115. 2016-11-25 4.3 CVE-2016-6710
BID
CONFIRM
google -- android An elevation of privilege vulnerability in the Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could allow a local malicious application to record audio without the user's permission. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-29833954. 2016-11-25 4.3 CVE-2016-6715
BID
CONFIRM
google -- android An elevation of privilege vulnerability in the AOSP Launcher in Android 7.0 before 2016-11-01 could allow a local malicious application to create shortcuts that have elevated privileges without the user's consent. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission). Android ID: A-30778130. 2016-11-25 4.3 CVE-2016-6716
BID
CONFIRM
google -- android An elevation of privilege vulnerability in the Account Manager Service in Android 7.0 before 2016-11-01 could enable a local malicious application to retrieve sensitive information without user interaction. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-30455516. 2016-11-25 4.3 CVE-2016-6718
BID
CONFIRM
google -- android An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to pair with any Bluetooth device without user consent. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-29043989. 2016-11-25 4.3 CVE-2016-6719
BID
CONFIRM
google -- android An information disclosure vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Android ID: A-30875060. 2016-11-25 4.3 CVE-2016-6721
BID
CONFIRM
google -- android A denial of service vulnerability in Proxy Auto Config in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Android ID: A-30100884. 2016-11-25 5.4 CVE-2016-6723
BID
CONFIRM
google -- android An information disclosure vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Android ID: A-30955105. References: NVIDIA N-CVE-2016-6746. 2016-11-25 4.3 CVE-2016-6746
BID
CONFIRM
google -- android An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30076504. References: Qualcomm QC-CR#987018. 2016-11-25 4.3 CVE-2016-6748
BID
CONFIRM
google -- android An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30228438. References: Qualcomm QC-CR#1052818. 2016-11-25 4.3 CVE-2016-6749
BID
CONFIRM
google -- android An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30312054. References: Qualcomm QC-CR#1052825. 2016-11-25 4.3 CVE-2016-6750
BID
CONFIRM
google -- android An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30902162. References: Qualcomm QC-CR#1062271. 2016-11-25 4.3 CVE-2016-6751
BID
CONFIRM
google -- android An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-31498159. References: Qualcomm QC-CR#987051. 2016-11-25 4.3 CVE-2016-6752
BID
CONFIRM
google -- android An information disclosure vulnerability in kernel components, including the process-grouping subsystem and the networking subsystem, in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30149174. 2016-11-25 4.3 CVE-2016-6753
BID
CONFIRM
google -- android A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is navigating to a website. This issue is rated as High due to the possibility of remote code execution in an unprivileged process. Android ID: A-31217937. 2016-11-25 6.8 CVE-2016-6754
BID
CONFIRM
ibm -- jazz_reporting_service Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors. 2016-11-25 4.3 CVE-2016-0317
CONFIRM
BID
ibm -- jazz_reporting_service Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation. 2016-11-25 6.0 CVE-2016-0318
CONFIRM
BID
ibm -- jazz_reporting_service The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2016-11-25 5.0 CVE-2016-0319
CONFIRM
BID
ibm -- qradar_security_information_and_event_manager IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information by reading a configuration file. 2016-11-30 4.6 CVE-2016-2871
CONFIRM
ibm -- qradar_security_information_and_event_manager SQL injection vulnerability in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2016-11-30 6.5 CVE-2016-2873
CONFIRM
ibm -- qradar_security_information_and_event_manager Multiple cross-site request forgery (CSRF) vulnerabilities in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. 2016-11-30 6.0 CVE-2016-2878
CONFIRM
ibm -- qradar_security_information_and_event_manager IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 and QRadar Incident Forensics 7.2 before 7.2.7 allow remote attackers to bypass intended access restrictions via modified request parameters. 2016-11-30 6.4 CVE-2016-2881
CONFIRM
ibm -- forms_experience_builder Cross-site request forgery (CSRF) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3.1, in an unspecified non-default configuration, allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. 2016-11-30 6.0 CVE-2016-2884
AIXAPAR
CONFIRM
ibm -- ims_enterprise_suite IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. 2016-11-30 5.5 CVE-2016-2887
CONFIRM
BID
ibm -- tririga_application_platform The notifications component in IBM TRIRIGA Applications 10.4 and 10.5 before 10.5.1 allows remote authenticated users to obtain sensitive password information, and consequently gain privileges, via unspecified vectors. 2016-11-30 6.5 CVE-2016-2917
AIXAPAR
CONFIRM
ibm -- bigfix_remote_control IBM BigFix Remote Control before 9.1.3 does not properly restrict the set of available encryption algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data. 2016-11-25 4.3 CVE-2016-2927
AIXAPAR
CONFIRM
BID
ibm -- bigfix_remote_control IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to obtain sensitive information by reading error logs. 2016-11-25 4.0 CVE-2016-2928
AIXAPAR
CONFIRM
BID
ibm -- bigfix_remote_control IBM BigFix Remote Control before 9.1.3 does not properly restrict password choices, which makes it easier for remote attackers to obtain access via a brute-force approach. 2016-11-25 4.3 CVE-2016-2929
AIXAPAR
CONFIRM
BID
ibm -- bigfix_remote_control IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network. 2016-11-30 5.0 CVE-2016-2931
AIXAPAR
CONFIRM
ibm -- bigfix_remote_control IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks via unspecified vectors. 2016-11-30 5.0 CVE-2016-2932
AIXAPAR
CONFIRM
ibm -- bigfix_remote_control Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request. 2016-11-30 6.8 CVE-2016-2933
AIXAPAR
CONFIRM
ibm -- bigfix_remote_control Cross-site scripting (XSS) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-11-30 4.3 CVE-2016-2934
AIXAPAR
CONFIRM
ibm -- bigfix_remote_control The broker application in IBM BigFix Remote Control before 9.1.3 allows remote attackers to cause a denial of service via an invalid HTTP request. 2016-11-30 5.0 CVE-2016-2935
AIXAPAR
CONFIRM
ibm -- bigfix_remote_control IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information via unknown vectors. 2016-11-30 5.0 CVE-2016-2936
AIXAPAR
CONFIRM
ibm -- bigfix_remote_control IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive information or spoof e-mail transmission via a crafted POST request, related to an "untrusted information vulnerability." 2016-11-30 6.4 CVE-2016-2937
AIXAPAR
CONFIRM
ibm -- bigfix_remote_control Multiple unspecified vulnerabilities in IBM BigFix Remote Control before 9.1.3 allow remote attackers to obtain sensitive information via unknown vectors. 2016-11-30 5.0 CVE-2016-2940
AIXAPAR
CONFIRM
BID
ibm -- bigfix_remote_control IBM BigFix Remote Control before 9.1.3 does not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. 2016-11-30 5.0 CVE-2016-2944
AIXAPAR
CONFIRM
BID
ibm -- bigfix_remote_control IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors. 2016-11-30 4.6 CVE-2016-2948
AIXAPAR
CONFIRM
BID
ibm -- bigfix_remote_control SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2016-11-30 4.0 CVE-2016-2950
AIXAPAR
CONFIRM
BID
ibm -- bigfix_remote_control IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data. 2016-11-30 4.3 CVE-2016-2951
AIXAPAR
CONFIRM
BID
ibm -- bigfix_remote_control IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP. 2016-11-30 4.3 CVE-2016-2952
AIXAPAR
CONFIRM
BID
ibm -- connections IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. 2016-11-30 4.3 CVE-2016-2953
AIXAPAR
AIXAPAR
CONFIRM
BID
ibm -- connections IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading a stack trace in a response. 2016-11-30 4.0 CVE-2016-2957
AIXAPAR
CONFIRM
BID
ibm -- connections IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading an "archaic" e-mail address in a response. 2016-11-30 4.0 CVE-2016-2958
AIXAPAR
CONFIRM
BID
ibm -- bigfix_remote_control Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. 2016-11-30 6.8 CVE-2016-2963
AIXAPAR
CONFIRM
BID
ibm -- connections Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the set of available applications. 2016-11-30 4.9 CVE-2016-3004
AIXAPAR
CONFIRM
BID
ibm -- api_connect IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials. 2016-12-01 5.0 CVE-2016-3012
CONFIRM
BID
ibm -- appscan_source IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2016-12-01 5.5 CVE-2016-3033
CONFIRM
BID
ibm -- filenet_workplace Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through 4.0.2.14 IF001 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2016-12-01 4.9 CVE-2016-3047
CONFIRM
ibm -- filenet_workplace IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2016-12-01 5.5 CVE-2016-3055
CONFIRM
BID
ibm -- sterling_b2b_integrator Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-11-30 4.3 CVE-2016-3057
AIXAPAR
CONFIRM
BID
ibm -- maximo_asset_management IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers construction of a runtime error message. 2016-11-30 5.0 CVE-2016-5987
CONFIRM
BID
libdwarf_project -- libdwarf libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component, aka DW201611-006. 2016-11-29 6.4 CVE-2016-9480
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernel crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c. 2016-11-27 4.9 CVE-2015-8970
CONFIRM
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernel The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction. 2016-11-27 4.9 CVE-2016-8630
CONFIRM
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
linux -- linux_kernel drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. 2016-11-27 6.2 CVE-2016-8633
CONFIRM
CONFIRM
MLIST
BID
CONFIRM
MISC
CONFIRM
linux -- linux_kernel The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. 2016-11-27 4.9 CVE-2016-8645
CONFIRM
CONFIRM
MLIST
MLIST
BID
CONFIRM
CONFIRM
linux -- linux_kernel The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data. 2016-11-27 4.9 CVE-2016-8646
CONFIRM
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
linux -- linux_kernel The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent. 2016-11-27 4.9 CVE-2016-8650
CONFIRM
FULLDISC
MLIST
BID
CONFIRM
CONFIRM
linux -- linux_kernel drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file. 2016-11-27 4.6 CVE-2016-9084
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernel The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity. 2016-11-27 4.9 CVE-2016-9191
MLIST
BID
CONFIRM
microfocus -- host_access_management_and_security_server Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. Applies to MSS 12.3 before 12.3.326 and MSS 12.2 before 12.2.342 and RSG 12.1 before 12.1.362 and RWeb 12.3 before 12.3.312 and RWeb 12.2 before 12.2.342 and RWeb 12.1 before 12.1.362 and ZFE 2.0.1 before 2.0.1.18 and ZFE 2.0.0 before 2.0.0.52 and ZFE 1.4.0 before 1.4.0.14. 2016-11-29 4.3 CVE-2016-5765
CONFIRM
BID
piwigo -- piwigo Cross-site scripting (XSS) vulnerability in the search results front end in Piwigo 2.8.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter. 2016-12-01 4.3 CVE-2016-9751
CONFIRM
s9y -- serendipity In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code. 2016-12-01 5.0 CVE-2016-9752
BID
CONFIRM
CONFIRM
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
google -- android An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local malicious user to bypass the security prompt of your work profile in Multi-Window mode. This issue is rated as High because it is a local bypass of user interaction requirements for any developer or security setting modifications. Android ID: A-30693465. 2016-11-25 2.1 CVE-2016-6708
BID
CONFIRM
ibm -- jazz_reporting_service Cross-site scripting (XSS) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 and 6.0.2 before iFix003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2016-11-25 3.5 CVE-2016-0316
CONFIRM
BID
ibm -- qradar_security_information_and_event_manager Multiple cross-site scripting (XSS) vulnerabilities in the UI in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote authenticated users to inject arbitrary web script or HTML via crafted fields in a URL. 2016-11-30 3.5 CVE-2016-2869
CONFIRM
ibm -- qradar_security_information_and_event_manager IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors. 2016-11-30 3.5 CVE-2016-2874
CONFIRM
ibm -- qradar_security_information_and_event_manager IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak permissions for unspecified directories under the web root, which allows local users to modify data by writing to a file. 2016-11-30 2.1 CVE-2016-2877
CONFIRM
ibm -- rational_collaborative_lifecycle_management Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2016-11-25 3.5 CVE-2016-2926
CONFIRM
BID
ibm -- bigfix_remote_control IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by leveraging unspecified privileges to read a log file. 2016-11-30 1.9 CVE-2016-2943
AIXAPAR
CONFIRM
BID
ibm -- bigfix_remote_control IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by reading cached web pages from a different user's session. 2016-11-30 2.1 CVE-2016-2949
AIXAPAR
CONFIRM
BID
ibm -- connections Cross-site scripting (XSS) vulnerability in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2016-12-01 3.5 CVE-2016-2955
CONFIRM
BID
ibm -- lotus_protector_for_mail_security Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Protector for Mail Security 2.8.0.0 through 2.8.1.0 before 2.8.1.0-22115 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2016-12-01 3.5 CVE-2016-2991
CONFIRM
BID
ibm -- urbancode_deploy Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2016-12-01 3.5 CVE-2016-2994
CONFIRM
ibm -- connections IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device. 2016-11-30 2.1 CVE-2016-3002
AIXAPAR
CONFIRM
BID
ibm -- connections Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the Connections generic page. 2016-11-30 3.5 CVE-2016-3009
AIXAPAR
CONFIRM
BID
ibm -- rational_collaborative_lifecycle_management Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational DOORS Next Generation 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2016-11-30 3.5 CVE-2016-3014
CONFIRM
BID
ibm -- sterling_b2b_integrator IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors. 2016-11-30 3.5 CVE-2016-5890
AIXAPAR
CONFIRM
BID
ibm -- maximo_asset_management Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2016-11-30 3.5 CVE-2016-5905
CONFIRM
BID
linux -- linux_kernel The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call. 2016-11-27 2.1 CVE-2016-9178
CONFIRM
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
Back to top

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
alcatel-lucent -- omnivista Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJobSet, AddJob, and ExecuteNow) that can be used to run arbitrary commands on the server, with the privilege of NT AUTHORITY\SYSTEM on the server. NOTE: The discoverer states "The vendor position is to refer to the technical guidelines of the product security deployment to mitigate this issue, which means applying proper firewall rules to prevent unauthorised clients to connect to the OmniVista server." 2016-12-03 not yet calculated CVE-2016-9796
MISC
MISC
MISC
bluez -- bluez In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. 2016-12-03 not yet calculated CVE-2016-9802
MISC
bluez -- bluez In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. 2016-12-03 not yet calculated CVE-2016-9797
MISC
bluez -- bluez In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "frm->ptr" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. 2016-12-03 not yet calculated CVE-2016-9804
MISC
bluez -- bluez In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pin_code_reply_cp *cp" parameter. 2016-12-03 not yet calculated CVE-2016-9800
MISC
bluez -- bluez In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" function in "btsnoop.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. 2016-12-03 not yet calculated CVE-2016-9799
MISC
bluez -- bluez In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file. 2016-12-03 not yet calculated CVE-2016-9801
MISC
bluez -- bluez In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. 2016-12-03 not yet calculated CVE-2016-9798
MISC
bluez -- bluez In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed. 2016-12-03 not yet calculated CVE-2016-9803
MISC
ibm -- powerkvm The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 allows guest OS users to cause a denial of service (host OS infinite loop and hang) via unspecified vectors. 2016-12-01 not yet calculated CVE-2016-3044
CONFIRM
BID
lenovo -- notebook_and_thinkserver A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system. 2016-11-29 not yet calculated CVE-2016-8224
BID
CONFIRM
lenovo -- system_interface_software During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with local privileges could run arbitrary code with administrator level privileges. 2016-11-29 not yet calculated CVE-2016-8223
BID
CONFIRM
lenovo -- thinkpad A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow certain BIOS variables or settings to be altered (such as boot sequence). The setting or changing of BIOS passwords is not affected by this vulnerability. 2016-11-30 not yet calculated CVE-2016-8222
BID
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2gHxRO8

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.