SB16-179: Vulnerability Summary for the Week of June 20, 2016
Original release date: June 27, 2016
Back to top
Back to top
Back to top
Back to top
from US-CERT National Cyber Alert System http://ift.tt/28ZDItY
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple -- mac_os_x | The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846. | 2016-06-19 | 9.3 | CVE-2016-1861 CONFIRM APPLE |
| cisco -- rv110w_wireless-n_vpn_firewall_firmware | The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428. | 2016-06-18 | 10.0 | CVE-2016-1395 CISCO |
| dx_library_project -- dx_library | The printfDx function in Takumi Yamada DX Library for Borland C++ 3.13f through 3.16b, DX Library for Gnu C++ 3.13f through 3.16b, and DX Library for Visual C++ 3.13f through 3.16b allows remote attackers to execute arbitrary code via a crafted string. | 2016-06-18 | 7.5 | CVE-2016-4819 JVNDB JVN CONFIRM |
| emc -- data_domain | EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 has a default no_root_squash option for NFS exports, which makes it easier for remote attackers to obtain filesystem access by leveraging client root privileges. | 2016-06-19 | 7.2 | CVE-2016-0911 BUGTRAQ |
| emc -- data_domain | EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote authenticated users to bypass intended password-change restrictions by leveraging access to (1) a different account with the same role as a target account or (2) an account's session at an unattended workstation. | 2016-06-19 | 9.0 | CVE-2016-0912 BUGTRAQ |
| fonality -- fonality | Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a (1) FTP or (2) SSH connection. | 2016-06-19 | 10.0 | CVE-2016-2362 CERT-VN |
| fonality -- fonality | Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 uses weak permissions for the /var/www/rpc/surun script, which allows local users to obtain root access for unspecified command execution by leveraging access to the nobody account. | 2016-06-19 | 7.2 | CVE-2016-2363 CERT-VN |
| netcommons -- netcommons | NetCommons 2.4.2.1 and earlier allows remote authenticated secretariat (aka CLERK) users to gain privileges by creating a SYSTEM_ADMIN account. | 2016-06-18 | 9.0 | CVE-2016-4813 CONFIRM JVNDB JVN |
| openssl -- openssl | OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. | 2016-06-19 | 7.5 | CVE-2016-2177 CONFIRM CONFIRM |
| solarwinds -- virtualization_manager | The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | 2016-06-17 | 10.0 | CVE-2016-3642 FULLDISC FULLDISC MISC |
| solarwinds -- virtualization_manager | SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd." | 2016-06-17 | 7.2 | CVE-2016-3643 FULLDISC MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple -- mac_os_x | Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1862. | 2016-06-19 | 4.3 | CVE-2016-1860 CONFIRM APPLE |
| apple -- mac_os_x | Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860. | 2016-06-19 | 4.3 | CVE-2016-1862 CONFIRM APPLE |
| apple -- safari | The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL. | 2016-06-19 | 5.0 | CVE-2016-1864 CONFIRM CONFIRM APPLE APPLE |
| buffalo -- wzr-600dhp2_firmware | Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | 2016-06-18 | 5.0 | CVE-2016-4815 CONFIRM JVNDB JVN |
| buffalo -- wzr-600dhp2_firmware | BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices allow remote attackers to discover credentials and other sensitive information via unspecified vectors. | 2016-06-18 | 4.3 | CVE-2016-4816 CONFIRM JVNDB JVN |
| cisco -- ios | Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476. | 2016-06-22 | 5.0 | CVE-2015-6289 CISCO |
| cisco -- rv110w_wireless-n_vpn_firewall_firmware | Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583. | 2016-06-18 | 4.3 | CVE-2016-1396 CISCO |
| cisco -- rv110w_wireless-n_vpn_firewall_firmware | Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523. | 2016-06-18 | 6.8 | CVE-2016-1397 CISCO |
| cisco -- ios | Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun63132. | 2016-06-18 | 6.1 | CVE-2016-1424 CISCO |
| cisco -- prime_network_registrar | The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694. | 2016-06-17 | 5.0 | CVE-2016-1427 CISCO |
| cisco -- ios_xe | Double free vulnerability in Cisco IOS XE 3.15S, 3.16S, and 3.17S allows remote authenticated users to cause a denial of service (device restart) via a sequence of crafted SNMP read requests, aka Bug ID CSCux13174. | 2016-06-22 | 6.8 | CVE-2016-1428 CISCO |
| cisco -- firepower_management_center | Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur25516. | 2016-06-17 | 4.3 | CVE-2016-1431 CISCO |
| cisco -- ios_xe | Cisco IOS XE 3.15S and 3.16S on cBR-8 Converged Broadband Router devices allows remote authenticated users to cause a denial of service (NULL pointer dereference and card restart) via a crafted SNMP request, aka Bug ID CSCuu68862. | 2016-06-17 | 6.8 | CVE-2016-1432 CISCO |
| cisco -- ip_phone_8800_series_firmware | The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010. | 2016-06-22 | 4.0 | CVE-2016-1434 CISCO |
| cisco -- ip_phone_8800_series_firmware | Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014. | 2016-06-22 | 6.2 | CVE-2016-1435 CISCO |
| cisco -- asr_5000_software | The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1 packet, aka Bug ID CSCuz46198. | 2016-06-22 | 5.0 | CVE-2016-1436 CISCO |
| cisco -- prime_collaboration_deployment | SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy92549. | 2016-06-22 | 4.0 | CVE-2016-1437 CISCO |
| cisco -- asyncos | Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210. | 2016-06-22 | 5.0 | CVE-2016-1438 CISCO |
| cisco -- unified_contact_center_enterprise | Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center Enterprise through 10.5(2) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux59650. | 2016-06-22 | 4.3 | CVE-2016-1439 CISCO |
| citrix -- ios_receiver | Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors. | 2016-06-17 | 5.8 | CVE-2016-5433 CONFIRM |
| cybozu -- garoon | Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196. | 2016-06-19 | 4.3 | CVE-2015-7776 CONFIRM CONFIRM CONFIRM CONFIRM JVNDB JVN |
| cybozu -- garoon | Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors. | 2016-06-19 | 5.0 | CVE-2016-1191 CONFIRM JVNDB JVN |
| cybozu -- garoon | Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors. | 2016-06-19 | 4.0 | CVE-2016-1192 CONFIRM JVNDB JVN |
| cybozu -- garoon | Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | 2016-06-19 | 5.8 | CVE-2016-1195 CONFIRM JVNDB JVN |
| cybozu -- garoon | Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776. | 2016-06-19 | 4.0 | CVE-2016-1196 CONFIRM JVNDB JVN |
| cybozu -- garoon | Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775. | 2016-06-19 | 4.3 | CVE-2016-1197 CONFIRM JVNDB JVN |
| emc -- documentum_administrator | EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface. | 2016-06-22 | 6.5 | CVE-2016-0914 BUGTRAQ |
| fonality -- fonality | The Chrome HUDweb plugin before 2016-05-05 for Fonality (previously trixbox Pro) 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | 2016-06-19 | 5.0 | CVE-2016-2364 CERT-VN |
| gsi -- old_gsi_maps | Directory traversal vulnerability in kml2jsonp.php in Geospatial Information Authority of Japan (aka GSI) Old_GSI_Maps before January 2015 on Windows allows remote attackers to read arbitrary files via unspecified vectors. | 2016-06-18 | 5.0 | CVE-2016-4814 CONFIRM JVNDB JVN |
| h2o_project -- h2o | lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 mishandles HTTP/2 disconnection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted packet. | 2016-06-18 | 5.0 | CVE-2016-4817 CONFIRM CONFIRM JVNDB JVN |
| hp -- service_manager | HP Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client, Windows Client, and Service Request components. | 2016-06-18 | 6.0 | CVE-2016-4371 CONFIRM |
| ibm -- elastic_storage_server | IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum Scale RAID, allows local users to gain privileges via a crafted parameter to a setuid program. | 2016-06-19 | 4.6 | CVE-2016-0392 AIXAPAR CONFIRM |
| iodata -- etx-r_firmware | Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users. | 2016-06-18 | 6.8 | CVE-2016-4820 CONFIRM JVNDB JVN |
| iodata -- etx-r_firmware | I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial of service (web-server crash) via unspecified vectors. | 2016-06-18 | 5.0 | CVE-2016-4821 CONFIRM JVNDB JVN |
| moxa -- pt-7728_firmware | Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy. | 2016-06-19 | 4.6 | CVE-2016-4514 MISC |
| netgear -- d3600_firmware | NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | 2016-06-19 | 4.3 | CVE-2015-8288 CERT-VN CONFIRM |
| netgear -- d3600_firmware | The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code. | 2016-06-19 | 4.3 | CVE-2015-8289 CERT-VN CONFIRM |
| ntt-bp -- japan_connected-free_wi-fi | The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.15.1 and earlier for Android and 1.13.0 and earlier for iOS allows man-in-the-middle attackers to obtain API access via unspecified vectors. | 2016-06-19 | 5.1 | CVE-2016-4811 CONFIRM CONFIRM JVNDB JVN CONFIRM |
| nttdata -- terasoluna_server_framework_for_java_web | NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname. | 2016-06-18 | 4.3 | CVE-2016-1183 CONFIRM JVNDB JVN |
| openstack -- neutron | The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address. | 2016-06-17 | 6.4 | CVE-2015-8914 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST MLIST |
| openstack -- neutron | The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message. | 2016-06-17 | 6.4 | CVE-2016-5362 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST MLIST |
| openstack -- neutron | The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) crafted non-IP traffic. | 2016-06-17 | 6.4 | CVE-2016-5363 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST MLIST |
| osisoft -- pi_af_server_2016 | OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated users to cause a denial of service (service outage) via a message. | 2016-06-19 | 4.0 | CVE-2016-4518 MISC CONFIRM |
| oslsoft -- pi_sql_data_access_server_2016 | OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote authenticated users to cause a denial of service (service outage and data loss) via a message. | 2016-06-19 | 4.0 | CVE-2016-4530 MISC CONFIRM |
| trend_micro -- business_security | Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors. | 2016-06-18 | 5.0 | CVE-2016-1223 JVNDB JVN CONFIRM |
| trend_micro -- business_security | CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors. | 2016-06-18 | 4.3 | CVE-2016-1224 JVNDB JVN CONFIRM |
| trendmicro -- internet_security | Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors. | 2016-06-19 | 5.0 | CVE-2016-1225 CONFIRM JVNDB JVN |
| trendmicro -- internet_security | Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2016-06-19 | 4.3 | CVE-2016-1226 CONFIRM JVNDB JVN |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cybozu -- garoon | Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-1197. | 2016-06-19 | 3.5 | CVE-2015-7775 CONFIRM JVNDB JVN |
| ibm -- websphere_mq | IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program. | 2016-06-19 | 2.1 | CVE-2015-7462 CONFIRM |
| openssl -- openssl | The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. | 2016-06-19 | 2.1 | CVE-2016-2178 CONFIRM CONFIRM MLIST MLIST MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| advantech -- webaccess | Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file. | 2016-06-24 | not yet calculated | CVE-2016-4528 MISC |
| advantech -- webaccess | Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag. | 2016-06-24 | not yet calculated | CVE-2016-4525 MISC |
| alertus -- desktop_notification | Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak permissions for configuration files and unspecified other files, which allows local users to suppress emergency notifications or change content via standard filesystem operations. | 2016-06-25 | not yet calculated | CVE-2016-5087 CONFIRM CERT-VN |
| apple -- mdnsresponder | Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function. | 2016-06-25 | not yet calculated | CVE-2015-7987 CERT-VN CONFIRM |
| apple -- mdnsresponder | The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors. | 2016-06-25 | CVE-2015-7988 CERT-VN CONFIRM | |
| corega -- cg_wlbaragm | Corega CG-WLBARAGM devices allow remote attackers to cause a denial of service (reboot) via unspecified vectors. | 2016-06-25 | not yet calculated | CVE-2016-4823 JVNDB JVN CONFIRM |
| corega -- cg_wlbargl | Corega CG-WLBARGL devices allow remote authenticated users to execute arbitrary commands via unspecified vectors. | 2016-06-25 | not yet calculated | CVE-2016-4822 JVNDB JVN CONFIRM |
| corega -- wifi | The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack. | 2016-06-25 | not yet calculated | CVE-2016-4824 JVNDB JVN CONFIRM |
| curl -- libcurl | Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory. | 2016-06-24 | not yet calculated | CVE-2016-4802 CONFIRM SECTRACK |
| cybozu -- garoon | Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors. | 2016-06-25 | not yet calculated | CVE-2016-1190 CONFIRM CONFIRM JVNDB JVN |
| cybozu -- garoon | Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors. | 2016-06-25 | not yet calculated | CVE-2016-1193 CONFIRM JVNDB JVN |
| cybozu -- garoon | Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors. | 2016-06-25 | not yet calculated | CVE-2016-1189 CONFIRM CONFIRM JVNDB JVN |
| cybozu -- garoon | Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors. | 2016-06-25 | not yet calculatednot yet calculated | CVE-2016-1188 CONFIRM CONFIRM JVNDB JVN |
| f5 -- icontrol_rest | The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sensitive information via unspecified vectors. | 2016-06-24 | not yet calculated | CVE-2016-5021 CONFIRM |
| huawei -- fusioninsight | Huawei FusionInsight HD before V100R002C60SPC200 allows local users to gain root privileges via unspecified vectors. | 2016-06-24 | not yet calculated | CVE-2016-5723 CONFIRM |
| huawei -- ips_module | Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows remote attackers to cause a denial of service (memory consumption and reboot) via a crafted packet. | 2016-06-24 | not yet calculated | CVE-2016-5435 CONFIRM |
| ibm -- websphere_portal | Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 2016-06-25 | not yet calculated | CVE-2016-2901 CONFIRM AIXAPAR |
| oceanstor -- oceanstor | OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network. | 2016-06-24 | not yet calculated | CVE-2016-5722 CONFIRM |
| schneider -- powerlogic | Cross-site scripting (XSS) vulnerability in the Schneider Electric PowerLogic PM8ECC module before 2.651 for PowerMeter 800 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2016-06-25 | not yet calculated | CVE-2016-4513 MISC |
| solarwinds -- virtualization_ manager | SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack. | 2016-06-24 | not yet calculated | CVE-2016-5709 FULLDISC |
| unitronics -- visilogic | Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers to execute arbitrary code via a crafted filename field in a ZIP archive in a vlp file. | 2016-06-24 | not yet calculated | CVE-2016-4519 MISC MISC |
| wordpress -- e-commerce_plugin | Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826. | 2016-06-25 | not yet calculated | CVE-2016-4827 CONFIRM JVNDB JVN |
| wordpress -- e-commerce_plugin | Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827. | 2016-06-25 | not yet calculated | CVE-2016-4826 CONFIRM JVNDB JVN |
| wordpress -- e_commerce_plugin | The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data. | 2016-06-25 | not yet calculated | CVE-2016-4825 CONFIRM JVNDB JVN |
| wordpress -- e-commerce_plugin | The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account. | 2016-06-25 | not yet calculated | CVE-2016-4828 CONFIRM JVNDB JVN |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System http://ift.tt/28ZDItY