SB16-340: Vulnerability Summary for the Week of November 28, 2016
Original release date: December 05, 2016
Back to top
Back to top
Back to top
Back to top
from US-CERT National Cyber Alert System http://ift.tt/2gHxRO8
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| bmc -- patrol | In BMC Patrol before 9.13.10.02, the binary "listguests64" is configured with the setuid bit. However, when executing it, it will look for a binary named "virsh" using the PATH environment variable. The "listguests64" program will then run "virsh" using root privileges. This allows local users to elevate their privileges to root. | 2016-12-02 | 7.2 | CVE-2016-9638 MISC |
| canonical -- ubuntu_linux | The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace. | 2016-11-27 | 7.2 | CVE-2015-1328 MLIST EXPLOIT-DB BID CONFIRM CONFIRM |
| dell -- idrac7_firmware | Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection. | 2016-11-29 | 9.0 | CVE-2016-5685 MISC BID |
| exponentcms -- exponent_cms | In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' used directly in SQL. Impact is a SQL injection. | 2016-11-29 | 7.5 | CVE-2016-9481 MISC BID |
| google -- android | An elevation of privilege vulnerability in libzipfile in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30916186. | 2016-11-25 | 9.3 | CVE-2016-6700 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-30229821. | 2016-11-25 | 9.3 | CVE-2016-6704 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in Mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-30907212. | 2016-11-25 | 9.3 | CVE-2016-6705 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-31350622. | 2016-11-25 | 9.3 | CVE-2016-6707 BID CONFIRM |
| google -- android | A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-30822755. | 2016-11-25 | 7.1 | CVE-2016-6713 BID CONFIRM |
| google -- android | A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-31092462. | 2016-11-25 | 7.1 | CVE-2016-6714 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability. Android ID: A-31350239. | 2016-11-25 | 7.6 | CVE-2016-6717 BID CONFIRM |
| google -- android | A denial of service vulnerability in the Input Manager Service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to cause the device to continually reboot. This issue is rated as Moderate because it is a temporary denial of service that requires a factory reset to fix. Android ID: A-30568284. | 2016-11-25 | 7.1 | CVE-2016-6724 BID CONFIRM |
| google -- android | A remote code execution vulnerability in the Qualcomm crypto driver in Android before 2016-11-05 could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Android ID: A-30515053. References: Qualcomm QC-CR#1050970. | 2016-11-25 | 10.0 | CVE-2016-6725 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30400942. | 2016-11-25 | 9.3 | CVE-2016-6728 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Qualcomm bootloader in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30977990. References: Qualcomm QC-CR#977684. | 2016-11-25 | 9.3 | CVE-2016-6729 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30904789. References: NVIDIA N-CVE-2016-6730. | 2016-11-25 | 9.3 | CVE-2016-6730 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906023. References: NVIDIA N-CVE-2016-6731. | 2016-11-25 | 9.3 | CVE-2016-6731 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906599. References: NVIDIA N-CVE-2016-6732. | 2016-11-25 | 9.3 | CVE-2016-6732 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906694. References: NVIDIA N-CVE-2016-6733. | 2016-11-25 | 9.3 | CVE-2016-6733 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30907120. References: NVIDIA N-CVE-2016-6734. | 2016-11-25 | 9.3 | CVE-2016-6734 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30907701. References: NVIDIA N-CVE-2016-6735. | 2016-11-25 | 9.3 | CVE-2016-6735 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30953284. References: NVIDIA N-CVE-2016-6736. | 2016-11-25 | 9.3 | CVE-2016-6736 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30928456. | 2016-11-25 | 9.3 | CVE-2016-6737 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Qualcomm crypto engine driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30034511. References: Qualcomm QC-CR#1050538. | 2016-11-25 | 9.3 | CVE-2016-6738 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30074605. References: Qualcomm QC-CR#1049826. | 2016-11-25 | 9.3 | CVE-2016-6739 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30143904. References: Qualcomm QC-CR#1056307. | 2016-11-25 | 9.3 | CVE-2016-6740 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30559423. References: Qualcomm QC-CR#1060554. | 2016-11-25 | 9.3 | CVE-2016-6741 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30799828. | 2016-11-25 | 9.3 | CVE-2016-6742 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30937462. | 2016-11-25 | 9.3 | CVE-2016-6743 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30970485. | 2016-11-25 | 9.3 | CVE-2016-6744 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-31252388. | 2016-11-25 | 9.3 | CVE-2016-6745 BID CONFIRM |
| google -- android | A denial of service vulnerability in Mediaserver in Android before 2016-11-05 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-31244612. References: NVIDIA N-CVE-2016-6747. | 2016-11-25 | 7.1 | CVE-2016-6747 BID CONFIRM |
| ibm -- qradar_security_information_and_event_manager | IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access by leveraging a command-injection issue. | 2016-11-30 | 8.5 | CVE-2016-2876 CONFIRM |
| ibm -- tivoli_monitoring | Stack-based buffer overflow in the ax Shared Libraries in the Agent in IBM Tivoli Monitoring (ITM) 6.2.2 before FP9, 6.2.3 before FP5, and 6.3.0 before FP2 on Linux and UNIX allows local users to gain privileges via unspecified vectors. | 2016-12-01 | 7.2 | CVE-2016-2946 AIXAPAR CONFIRM BID |
| linux -- linux_kernel | The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability. | 2016-11-27 | 7.2 | CVE-2016-8632 MLIST BID CONFIRM MLIST |
| linux -- linux_kernel | drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug." | 2016-11-27 | 7.2 | CVE-2016-9083 CONFIRM MLIST BID CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type. | 2016-11-27 | 9.3 | CVE-2016-9313 CONFIRM CONFIRM MLIST BID CONFIRM |
| linux -- linux_kernel | The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data. | 2016-11-27 | 10.0 | CVE-2016-9555 CONFIRM CONFIRM MLIST BID CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this vulnerability exists because of incorrect backporting of the CVE-2016-9178 patch to older kernels. | 2016-11-27 | 9.3 | CVE-2016-9644 MLIST BID CONFIRM |
| nginx -- nginx | The nginx package before 1.6.2-5+deb8u3 on Debian jessie and the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10 allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log. | 2016-11-29 | 7.2 | CVE-2016-1247 MISC FULLDISC DEBIAN BUGTRAQ BID SECTRACK UBUNTU MISC EXPLOIT-DB |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- hadoop | In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as the HDFS service. | 2016-11-29 | 6.5 | CVE-2016-5393 CONFIRM BID |
| b2evolution -- b2evolution | The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request. | 2016-12-02 | 5.0 | CVE-2016-9479 CONFIRM CONFIRM |
| boa -- boa | Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters. | 2016-11-30 | 5.0 | CVE-2016-9564 MISC BID |
| dbd-mysql_project -- dbd-mysql | There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1. | 2016-11-29 | 6.8 | CVE-2016-1251 CONFIRM BID CONFIRM CONFIRM CONFIRM |
| drupal -- drupal | The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags. | 2016-11-25 | 4.0 | CVE-2016-9449 BID CONFIRM |
| drupal -- drupal | The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context. | 2016-11-25 | 5.0 | CVE-2016-9450 BID CONFIRM |
| drupal -- drupal | Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors. | 2016-11-25 | 4.9 | CVE-2016-9451 BID CONFIRM |
| drupal -- drupal | The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL. | 2016-11-25 | 4.3 | CVE-2016-9452 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Qualcomm bus driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30311977. References: Qualcomm QC-CR#1050455. | 2016-11-25 | 6.8 | CVE-2016-3904 BID CONFIRM |
| google -- android | An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30445973. References: Qualcomm QC-CR#1054344. | 2016-11-25 | 4.3 | CVE-2016-3906 BID CONFIRM |
| google -- android | An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30593266. References: Qualcomm QC-CR#1054352. | 2016-11-25 | 4.3 | CVE-2016-3907 BID CONFIRM |
| google -- android | An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30741851. References: Qualcomm QC-CR#1058826. | 2016-11-25 | 4.3 | CVE-2016-6698 BID CONFIRM |
| google -- android | A remote code execution vulnerability in libskia in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of the gallery process. Android ID: A-30190637. | 2016-11-25 | 6.8 | CVE-2016-6701 BID CONFIRM |
| google -- android | A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087. | 2016-11-25 | 6.8 | CVE-2016-6702 BID CONFIRM |
| google -- android | A remote code execution vulnerability in an Android runtime library in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker using a specially crafted payload to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Android runtime. Android ID: A-30765246. | 2016-11-25 | 6.8 | CVE-2016-6703 BID CONFIRM |
| google -- android | An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a man-in-the-middle attacker to gain access to sensitive information if a non-standard cipher suite is used by an application. This issue is rated as High because it could be used to access data without permission. Android ID: A-31081987. | 2016-11-25 | 4.3 | CVE-2016-6709 BID CONFIRM |
| google -- android | An information disclosure vulnerability in the download manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Android ID: A-30537115. | 2016-11-25 | 4.3 | CVE-2016-6710 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could allow a local malicious application to record audio without the user's permission. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-29833954. | 2016-11-25 | 4.3 | CVE-2016-6715 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the AOSP Launcher in Android 7.0 before 2016-11-01 could allow a local malicious application to create shortcuts that have elevated privileges without the user's consent. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission). Android ID: A-30778130. | 2016-11-25 | 4.3 | CVE-2016-6716 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Account Manager Service in Android 7.0 before 2016-11-01 could enable a local malicious application to retrieve sensitive information without user interaction. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-30455516. | 2016-11-25 | 4.3 | CVE-2016-6718 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to pair with any Bluetooth device without user consent. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-29043989. | 2016-11-25 | 4.3 | CVE-2016-6719 BID CONFIRM |
| google -- android | An information disclosure vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Android ID: A-30875060. | 2016-11-25 | 4.3 | CVE-2016-6721 BID CONFIRM |
| google -- android | A denial of service vulnerability in Proxy Auto Config in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Android ID: A-30100884. | 2016-11-25 | 5.4 | CVE-2016-6723 BID CONFIRM |
| google -- android | An information disclosure vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Android ID: A-30955105. References: NVIDIA N-CVE-2016-6746. | 2016-11-25 | 4.3 | CVE-2016-6746 BID CONFIRM |
| google -- android | An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30076504. References: Qualcomm QC-CR#987018. | 2016-11-25 | 4.3 | CVE-2016-6748 BID CONFIRM |
| google -- android | An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30228438. References: Qualcomm QC-CR#1052818. | 2016-11-25 | 4.3 | CVE-2016-6749 BID CONFIRM |
| google -- android | An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30312054. References: Qualcomm QC-CR#1052825. | 2016-11-25 | 4.3 | CVE-2016-6750 BID CONFIRM |
| google -- android | An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30902162. References: Qualcomm QC-CR#1062271. | 2016-11-25 | 4.3 | CVE-2016-6751 BID CONFIRM |
| google -- android | An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-31498159. References: Qualcomm QC-CR#987051. | 2016-11-25 | 4.3 | CVE-2016-6752 BID CONFIRM |
| google -- android | An information disclosure vulnerability in kernel components, including the process-grouping subsystem and the networking subsystem, in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30149174. | 2016-11-25 | 4.3 | CVE-2016-6753 BID CONFIRM |
| google -- android | A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is navigating to a website. This issue is rated as High due to the possibility of remote code execution in an unprivileged process. Android ID: A-31217937. | 2016-11-25 | 6.8 | CVE-2016-6754 BID CONFIRM |
| ibm -- jazz_reporting_service | Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 2016-11-25 | 4.3 | CVE-2016-0317 CONFIRM BID |
| ibm -- jazz_reporting_service | Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation. | 2016-11-25 | 6.0 | CVE-2016-0318 CONFIRM BID |
| ibm -- jazz_reporting_service | The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2016-11-25 | 5.0 | CVE-2016-0319 CONFIRM BID |
| ibm -- qradar_security_information_and_event_manager | IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information by reading a configuration file. | 2016-11-30 | 4.6 | CVE-2016-2871 CONFIRM |
| ibm -- qradar_security_information_and_event_manager | SQL injection vulnerability in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 2016-11-30 | 6.5 | CVE-2016-2873 CONFIRM |
| ibm -- qradar_security_information_and_event_manager | Multiple cross-site request forgery (CSRF) vulnerabilities in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 2016-11-30 | 6.0 | CVE-2016-2878 CONFIRM |
| ibm -- qradar_security_information_and_event_manager | IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 and QRadar Incident Forensics 7.2 before 7.2.7 allow remote attackers to bypass intended access restrictions via modified request parameters. | 2016-11-30 | 6.4 | CVE-2016-2881 CONFIRM |
| ibm -- forms_experience_builder | Cross-site request forgery (CSRF) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3.1, in an unspecified non-default configuration, allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 2016-11-30 | 6.0 | CVE-2016-2884 AIXAPAR CONFIRM |
| ibm -- ims_enterprise_suite | IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | 2016-11-30 | 5.5 | CVE-2016-2887 CONFIRM BID |
| ibm -- tririga_application_platform | The notifications component in IBM TRIRIGA Applications 10.4 and 10.5 before 10.5.1 allows remote authenticated users to obtain sensitive password information, and consequently gain privileges, via unspecified vectors. | 2016-11-30 | 6.5 | CVE-2016-2917 AIXAPAR CONFIRM |
| ibm -- bigfix_remote_control | IBM BigFix Remote Control before 9.1.3 does not properly restrict the set of available encryption algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data. | 2016-11-25 | 4.3 | CVE-2016-2927 AIXAPAR CONFIRM BID |
| ibm -- bigfix_remote_control | IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to obtain sensitive information by reading error logs. | 2016-11-25 | 4.0 | CVE-2016-2928 AIXAPAR CONFIRM BID |
| ibm -- bigfix_remote_control | IBM BigFix Remote Control before 9.1.3 does not properly restrict password choices, which makes it easier for remote attackers to obtain access via a brute-force approach. | 2016-11-25 | 4.3 | CVE-2016-2929 AIXAPAR CONFIRM BID |
| ibm -- bigfix_remote_control | IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network. | 2016-11-30 | 5.0 | CVE-2016-2931 AIXAPAR CONFIRM |
| ibm -- bigfix_remote_control | IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks via unspecified vectors. | 2016-11-30 | 5.0 | CVE-2016-2932 AIXAPAR CONFIRM |
| ibm -- bigfix_remote_control | Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request. | 2016-11-30 | 6.8 | CVE-2016-2933 AIXAPAR CONFIRM |
| ibm -- bigfix_remote_control | Cross-site scripting (XSS) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2016-11-30 | 4.3 | CVE-2016-2934 AIXAPAR CONFIRM |
| ibm -- bigfix_remote_control | The broker application in IBM BigFix Remote Control before 9.1.3 allows remote attackers to cause a denial of service via an invalid HTTP request. | 2016-11-30 | 5.0 | CVE-2016-2935 AIXAPAR CONFIRM |
| ibm -- bigfix_remote_control | IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information via unknown vectors. | 2016-11-30 | 5.0 | CVE-2016-2936 AIXAPAR CONFIRM |
| ibm -- bigfix_remote_control | IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive information or spoof e-mail transmission via a crafted POST request, related to an "untrusted information vulnerability." | 2016-11-30 | 6.4 | CVE-2016-2937 AIXAPAR CONFIRM |
| ibm -- bigfix_remote_control | Multiple unspecified vulnerabilities in IBM BigFix Remote Control before 9.1.3 allow remote attackers to obtain sensitive information via unknown vectors. | 2016-11-30 | 5.0 | CVE-2016-2940 AIXAPAR CONFIRM BID |
| ibm -- bigfix_remote_control | IBM BigFix Remote Control before 9.1.3 does not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. | 2016-11-30 | 5.0 | CVE-2016-2944 AIXAPAR CONFIRM BID |
| ibm -- bigfix_remote_control | IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors. | 2016-11-30 | 4.6 | CVE-2016-2948 AIXAPAR CONFIRM BID |
| ibm -- bigfix_remote_control | SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 2016-11-30 | 4.0 | CVE-2016-2950 AIXAPAR CONFIRM BID |
| ibm -- bigfix_remote_control | IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data. | 2016-11-30 | 4.3 | CVE-2016-2951 AIXAPAR CONFIRM BID |
| ibm -- bigfix_remote_control | IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP. | 2016-11-30 | 4.3 | CVE-2016-2952 AIXAPAR CONFIRM BID |
| ibm -- connections | IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. | 2016-11-30 | 4.3 | CVE-2016-2953 AIXAPAR AIXAPAR CONFIRM BID |
| ibm -- connections | IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading a stack trace in a response. | 2016-11-30 | 4.0 | CVE-2016-2957 AIXAPAR CONFIRM BID |
| ibm -- connections | IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading an "archaic" e-mail address in a response. | 2016-11-30 | 4.0 | CVE-2016-2958 AIXAPAR CONFIRM BID |
| ibm -- bigfix_remote_control | Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 2016-11-30 | 6.8 | CVE-2016-2963 AIXAPAR CONFIRM BID |
| ibm -- connections | Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the set of available applications. | 2016-11-30 | 4.9 | CVE-2016-3004 AIXAPAR CONFIRM BID |
| ibm -- api_connect | IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials. | 2016-12-01 | 5.0 | CVE-2016-3012 CONFIRM BID |
| ibm -- appscan_source | IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2016-12-01 | 5.5 | CVE-2016-3033 CONFIRM BID |
| ibm -- filenet_workplace | Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through 4.0.2.14 IF001 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 2016-12-01 | 4.9 | CVE-2016-3047 CONFIRM |
| ibm -- filenet_workplace | IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2016-12-01 | 5.5 | CVE-2016-3055 CONFIRM BID |
| ibm -- sterling_b2b_integrator | Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2016-11-30 | 4.3 | CVE-2016-3057 AIXAPAR CONFIRM BID |
| ibm -- maximo_asset_management | IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers construction of a runtime error message. | 2016-11-30 | 5.0 | CVE-2016-5987 CONFIRM BID |
| libdwarf_project -- libdwarf | libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component, aka DW201611-006. | 2016-11-29 | 6.4 | CVE-2016-9480 CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c. | 2016-11-27 | 4.9 | CVE-2015-8970 CONFIRM CONFIRM MLIST BID CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction. | 2016-11-27 | 4.9 | CVE-2016-8630 CONFIRM CONFIRM MLIST BID CONFIRM CONFIRM |
| linux -- linux_kernel | drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. | 2016-11-27 | 6.2 | CVE-2016-8633 CONFIRM CONFIRM MLIST BID CONFIRM MISC CONFIRM |
| linux -- linux_kernel | The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. | 2016-11-27 | 4.9 | CVE-2016-8645 CONFIRM CONFIRM MLIST MLIST BID CONFIRM CONFIRM |
| linux -- linux_kernel | The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data. | 2016-11-27 | 4.9 | CVE-2016-8646 CONFIRM CONFIRM MLIST BID CONFIRM CONFIRM |
| linux -- linux_kernel | The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent. | 2016-11-27 | 4.9 | CVE-2016-8650 CONFIRM FULLDISC MLIST BID CONFIRM CONFIRM |
| linux -- linux_kernel | drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file. | 2016-11-27 | 4.6 | CVE-2016-9084 CONFIRM MLIST BID CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity. | 2016-11-27 | 4.9 | CVE-2016-9191 MLIST BID CONFIRM |
| microfocus -- host_access_management_and_security_server | Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. Applies to MSS 12.3 before 12.3.326 and MSS 12.2 before 12.2.342 and RSG 12.1 before 12.1.362 and RWeb 12.3 before 12.3.312 and RWeb 12.2 before 12.2.342 and RWeb 12.1 before 12.1.362 and ZFE 2.0.1 before 2.0.1.18 and ZFE 2.0.0 before 2.0.0.52 and ZFE 1.4.0 before 1.4.0.14. | 2016-11-29 | 4.3 | CVE-2016-5765 CONFIRM BID |
| piwigo -- piwigo | Cross-site scripting (XSS) vulnerability in the search results front end in Piwigo 2.8.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 2016-12-01 | 4.3 | CVE-2016-9751 CONFIRM |
| s9y -- serendipity | In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code. | 2016-12-01 | 5.0 | CVE-2016-9752 BID CONFIRM CONFIRM |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| google -- android | An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local malicious user to bypass the security prompt of your work profile in Multi-Window mode. This issue is rated as High because it is a local bypass of user interaction requirements for any developer or security setting modifications. Android ID: A-30693465. | 2016-11-25 | 2.1 | CVE-2016-6708 BID CONFIRM |
| ibm -- jazz_reporting_service | Cross-site scripting (XSS) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 and 6.0.2 before iFix003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2016-11-25 | 3.5 | CVE-2016-0316 CONFIRM BID |
| ibm -- qradar_security_information_and_event_manager | Multiple cross-site scripting (XSS) vulnerabilities in the UI in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote authenticated users to inject arbitrary web script or HTML via crafted fields in a URL. | 2016-11-30 | 3.5 | CVE-2016-2869 CONFIRM |
| ibm -- qradar_security_information_and_event_manager | IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 2016-11-30 | 3.5 | CVE-2016-2874 CONFIRM |
| ibm -- qradar_security_information_and_event_manager | IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak permissions for unspecified directories under the web root, which allows local users to modify data by writing to a file. | 2016-11-30 | 2.1 | CVE-2016-2877 CONFIRM |
| ibm -- rational_collaborative_lifecycle_management | Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2016-11-25 | 3.5 | CVE-2016-2926 CONFIRM BID |
| ibm -- bigfix_remote_control | IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by leveraging unspecified privileges to read a log file. | 2016-11-30 | 1.9 | CVE-2016-2943 AIXAPAR CONFIRM BID |
| ibm -- bigfix_remote_control | IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by reading cached web pages from a different user's session. | 2016-11-30 | 2.1 | CVE-2016-2949 AIXAPAR CONFIRM BID |
| ibm -- connections | Cross-site scripting (XSS) vulnerability in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2016-12-01 | 3.5 | CVE-2016-2955 CONFIRM BID |
| ibm -- lotus_protector_for_mail_security | Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Protector for Mail Security 2.8.0.0 through 2.8.1.0 before 2.8.1.0-22115 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2016-12-01 | 3.5 | CVE-2016-2991 CONFIRM BID |
| ibm -- urbancode_deploy | Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2016-12-01 | 3.5 | CVE-2016-2994 CONFIRM |
| ibm -- connections | IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device. | 2016-11-30 | 2.1 | CVE-2016-3002 AIXAPAR CONFIRM BID |
| ibm -- connections | Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the Connections generic page. | 2016-11-30 | 3.5 | CVE-2016-3009 AIXAPAR CONFIRM BID |
| ibm -- rational_collaborative_lifecycle_management | Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational DOORS Next Generation 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2016-11-30 | 3.5 | CVE-2016-3014 CONFIRM BID |
| ibm -- sterling_b2b_integrator | IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors. | 2016-11-30 | 3.5 | CVE-2016-5890 AIXAPAR CONFIRM BID |
| ibm -- maximo_asset_management | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2016-11-30 | 3.5 | CVE-2016-5905 CONFIRM BID |
| linux -- linux_kernel | The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call. | 2016-11-27 | 2.1 | CVE-2016-9178 CONFIRM CONFIRM MLIST BID CONFIRM CONFIRM |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| alcatel-lucent -- omnivista | Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJobSet, AddJob, and ExecuteNow) that can be used to run arbitrary commands on the server, with the privilege of NT AUTHORITY\SYSTEM on the server. NOTE: The discoverer states "The vendor position is to refer to the technical guidelines of the product security deployment to mitigate this issue, which means applying proper firewall rules to prevent unauthorised clients to connect to the OmniVista server." | 2016-12-03 | not yet calculated | CVE-2016-9796 MISC MISC MISC |
| bluez -- bluez | In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. | 2016-12-03 | not yet calculated | CVE-2016-9802 MISC |
| bluez -- bluez | In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. | 2016-12-03 | not yet calculated | CVE-2016-9797 MISC |
| bluez -- bluez | In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "frm->ptr" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. | 2016-12-03 | not yet calculated | CVE-2016-9804 MISC |
| bluez -- bluez | In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pin_code_reply_cp *cp" parameter. | 2016-12-03 | not yet calculated | CVE-2016-9800 MISC |
| bluez -- bluez | In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" function in "btsnoop.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. | 2016-12-03 | not yet calculated | CVE-2016-9799 MISC |
| bluez -- bluez | In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file. | 2016-12-03 | not yet calculated | CVE-2016-9801 MISC |
| bluez -- bluez | In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. | 2016-12-03 | not yet calculated | CVE-2016-9798 MISC |
| bluez -- bluez | In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed. | 2016-12-03 | not yet calculated | CVE-2016-9803 MISC |
| ibm -- powerkvm | The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 allows guest OS users to cause a denial of service (host OS infinite loop and hang) via unspecified vectors. | 2016-12-01 | not yet calculated | CVE-2016-3044 CONFIRM BID |
| lenovo -- notebook_and_thinkserver | A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system. | 2016-11-29 | not yet calculated | CVE-2016-8224 BID CONFIRM |
| lenovo -- system_interface_software | During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with local privileges could run arbitrary code with administrator level privileges. | 2016-11-29 | not yet calculated | CVE-2016-8223 BID CONFIRM |
| lenovo -- thinkpad | A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow certain BIOS variables or settings to be altered (such as boot sequence). The setting or changing of BIOS passwords is not affected by this vulnerability. | 2016-11-30 | not yet calculated | CVE-2016-8222 BID CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System http://ift.tt/2gHxRO8