This is a work in progress, I will be... Full Story
By Manny Fernandez
October 10, 2016
US Cert – SB16-284: Vulnerability Summary for the Week of October 3, 2016
This is a share from US-Cert’s website.
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology(NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
- Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
- Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe — flash_player | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248. | 2016-10-05 | 10.0 | CVE-2016-7020 CONFIRM(link is external) |
| adodb_project — adodb | The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. | 2016-10-03 | 7.5 | CVE-2016-7405 MLIST(link is external) MLIST(link is external) BID(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) FEDORA |
| american_auto-matrix — aspect-matrix_building_automation_front-end_solutions_application | American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application store passwords in cleartext, which allows remote attackers to obtain sensitive information by reading a file. | 2016-10-05 | 7.5 | CVE-2016-2308 MISC |
| animas — onetouch_ping_firmware | Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake. | 2016-10-05 | 7.8 | CVE-2016-5085 CERT-VN MISC MISC(link is external) |
| animas — onetouch_ping_firmware | Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks. | 2016-10-05 | 9.3 | CVE-2016-5086 CERT-VN MISC MISC(link is external) |
| animas — onetouch_ping_firmware | Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol. | 2016-10-05 | 9.3 | CVE-2016-5686 CERT-VN MISC MISC(link is external) |
| apache — tomcat | The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out. | 2016-10-03 | 7.2 | CVE-2016-1240 MISC(link is external) DEBIAN DEBIAN BUGTRAQ(link is external) SECTRACK(link is external) UBUNTU(link is external) |
| apache — struts | Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up. | 2016-10-03 | 7.5 | CVE-2016-4436 CONFIRM(link is external) CONFIRM(link is external) BID(link is external) CONFIRM |
| apache — myfaces | CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string. | 2016-10-03 | 7.5 | CVE-2016-5019 MLIST MISC(link is external) BID(link is external) CONFIRM |
| beckhoff — embedded_pc_images | Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | 2016-10-05 | 9.4 | CVE-2014-5414 MISC |
| beckhoff — embedded_pc_images | Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service. | 2016-10-05 | 9.4 | CVE-2014-5415 MISC |
| c-ares_project — c-ares | Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot. | 2016-10-03 | 7.5 | CVE-2016-5180 DEBIAN CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
| cisco — nx-os | Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via malformed IPv4 DHCP packets to the DHCPv4 relay agent, aka Bug IDs CSCuq39250, CSCus21733, CSCus21739, CSCut76171, and CSCux67182. | 2016-10-06 | 7.8 | CVE-2015-6393 CISCO(link is external) |
| cisco — nx-os | Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long parameters in a packet header, aka Bug ID CSCuy95701. | 2016-10-06 | 10.0 | CVE-2016-1453 CISCO(link is external) |
| cisco — ios_xe | Cisco IOS XE 3.1 through 3.17 and 16.1 through 16.2 allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets that require NAT, aka Bug ID CSCuw85853. | 2016-10-05 | 7.8 | CVE-2016-6378 CISCO(link is external) |
| cisco — ios | Cisco IOS 12.2 and IOS XE 3.14 through 3.16 and 16.1 allow remote attackers to cause a denial of service (device reload) via crafted IP Detail Record (IPDR) packets, aka Bug ID CSCuu35089. | 2016-10-05 | 7.8 | CVE-2016-6379 CISCO(link is external) |
| cisco — ios | The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.15 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (data corruption or device reload) via a crafted DNS response, aka Bug ID CSCup90532. | 2016-10-05 | 8.3 | CVE-2016-6380 CISCO(link is external) |
| cisco — ios | Cisco IOS 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.18 and 16.1 allow remote attackers to cause a denial of service (memory consumption or device reload) via fragmented IKEv1 packets, aka Bug ID CSCuy47382. | 2016-10-05 | 7.1 | CVE-2016-6381 CISCO(link is external) |
| cisco — ios | Cisco IOS 15.2 through 15.6 and IOS XE 3.6 through 3.17 and 16.1 allow remote attackers to cause a denial of service (device restart) via a malformed IPv6 Protocol Independent Multicast (PIM) register packet, aka Bug ID CSCuy16399. | 2016-10-05 | 7.8 | CVE-2016-6382 CISCO(link is external) |
| cisco — ios | Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257. | 2016-10-05 | 7.8 | CVE-2016-6384 CISCO(link is external) |
| cisco — ios | Memory leak in the Smart Install client implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.2 through 3.8 allows remote attackers to cause a denial of service (memory consumption) via crafted image-list parameters, aka Bug ID CSCuy82367. | 2016-10-05 | 7.8 | CVE-2016-6385 CISCO(link is external) |
| cisco — ios_xe | Cisco IOS XE 3.1 through 3.17 and 16.1 on 64-bit platforms allows remote attackers to cause a denial of service (data-structure corruption and device reload) via fragmented IPv4 packets, aka Bug ID CSCux66005. | 2016-10-05 | 7.8 | CVE-2016-6386 CISCO(link is external) |
| cisco — ios | Cisco IOS 12.2 and 15.0 through 15.3 allows remote attackers to cause a denial of service (traffic-processing outage) via a crafted series of Common Industrial Protocol (CIP) requests, aka Bug ID CSCur69036. | 2016-10-05 | 7.8 | CVE-2016-6391 CISCO(link is external) |
| cisco — ios | Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.1 through 3.9 allow remote attackers to cause a denial of service (device restart) via a crafted IPv4 Multicast Source Discovery Protocol (MSDP) Source-Active (SA) message, aka Bug ID CSCud36767. | 2016-10-05 | 7.8 | CVE-2016-6392 CISCO(link is external) |
| cisco — ios | The AAA service in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.1 through 3.18 and 16.2 allows remote attackers to cause a denial of service (device reload) via a failed SSH connection attempt that is mishandled during generation of an error-log message, aka Bug ID CSCuy87667. | 2016-10-05 | 7.1 | CVE-2016-6393 CISCO(link is external) |
| cisco — ios_xr | Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands as root by leveraging admin privileges, aka Bug ID CSCva38349. | 2016-10-06 | 7.2 | CVE-2016-6428 CISCO(link is external) |
| cisco — firepower_management_center | The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872. | 2016-10-06 | 9.0 | CVE-2016-6433 CISCO(link is external) |
| contus-video-comments_project — contus-video-comments | Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin | 2016-10-06 | 9.4 | CVE-2016-1000112 MISC(link is external) |
| dukapress_project — dukapress | Blind SQL Injection in wordpress plugin dukapress v2.5.9 | 2016-10-06 | 7.5 | CVE-2015-1000011 MISC MISC(link is external) |
| emc — networker_module_for_microsoft_applications | The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6 allows remote RM servers to execute arbitrary commands by placing a crafted script in an SMB share. | 2016-10-04 | 7.5 | CVE-2016-0913 BUGTRAQ |
| emc — solutions_enabler | The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the (1) GeneralCmdRequest, (2) PersistantDataRequest, or (3) GetCommandExecRequest class. | 2016-10-04 | 9.0 | CVE-2016-6645 BUGTRAQ |
| emc — solutions_enabler | The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary code via crafted input to the (1) GetSymmCmdRequest or (2) RemoteServiceHandler class. | 2016-10-04 | 10.0 | CVE-2016-6646 BUGTRAQ |
| f5 — big-ip_access_policy_manager | Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit Proxy functionality or SOCKS profile, allow remote attackers to modify the system configuration, read system files, and possibly execute arbitrary code via unspecified vectors. | 2016-10-03 | 9.3 | CVE-2016-5700 SECTRACK(link is external) CONFIRM(link is external) |
| f5 — big-ip_local_traffic_manager | F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF11, 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2 allow remote attackers to modify or extract system configuration files via vectors involving NAT64. | 2016-10-05 | 10.0 | CVE-2016-5745 SECTRACK(link is external) CONFIRM(link is external) |
| fortinet — fortiwlc | The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors. | 2016-10-05 | 10.0 | CVE-2016-7560 CONFIRM(link is external) |
| huawei — usg2100 | Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication. | 2016-10-03 | 9.3 | CVE-2016-8276 CONFIRM(link is external) BID(link is external) |
| huawei — usg9520 | Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote attackers to cause a denial of service (device restart) via an unspecified URL. | 2016-10-03 | 7.8 | CVE-2016-8278 CONFIRM(link is external) BID(link is external) |
| huge-it — huge-it_image_gallery | XSS and SQLi in huge IT gallery v1.1.5 for Joomla | 2016-10-06 | 7.5 | CVE-2016-1000113 MISC MISC(link is external) |
| huge-it — video_gallery | Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla | 2016-10-06 | 7.5 | CVE-2016-1000123 MISC(link is external) MISC(link is external) |
| huge-it — portfolio_gallery | Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6 | 2016-10-06 | 7.5 | CVE-2016-1000124 MISC(link is external) MISC(link is external) |
| huge-it — huge-it_catalog | Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla | 2016-10-06 | 7.5 | CVE-2016-1000125 MISC(link is external) MISC(link is external) |
| qemu — qemu | Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet. | 2016-10-05 | 10.0 | CVE-2016-7161 CONFIRM MLIST(link is external) MLIST(link is external) BID(link is external) MLIST MLIST |
| redhat — jboss_enterprise_application_platform | Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL. | 2016-10-03 | 7.1 | CVE-2016-7046 BID(link is external) CONFIRM(link is external) |
| sap — netweaver | The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL ‘SYSTEM’ statement, aka SAP Security Note 2260344. | 2016-10-05 | 9.0 | CVE-2016-7435 FULLDISC FULLDISC FULLDISC MISC(link is external) MISC(link is external) MISC(link is external) MISC(link is external) |
| unadf_project — unadf | Stack-based buffer overflow in the extractTree function in unADF allows remote attackers to execute arbitrary code via a long pathname. | 2016-10-03 | 7.5 | CVE-2016-1243 MISC(link is external) DEBIAN CONFIRM |
| unadf_project — unadf | The extractTree function in unADF allows remote attackers to execute arbitrary code via shell metacharacters in a directory name in an adf file. | 2016-10-03 | 9.3 | CVE-2016-1244 MISC(link is external) DEBIAN CONFIRM |
| zotpress_project — zotpress | Zotpress plugin for WordPress SQLi in zp_get_account() | 2016-10-06 | 7.5 | CVE-2016-1000217 MISC MISC |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| american_auto-matrix — aspect-matrix_building_automation_front-end_solutions_application | American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application allow remote attackers to read arbitrary files via unspecified vectors, as demonstrated by the configuration file. | 2016-10-05 | 5.0 | CVE-2016-2307 MISC |
| animas — onetouch_ping_firmware | Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network. | 2016-10-05 | 5.0 | CVE-2016-5084 CERT-VN MISC MISC(link is external) |
| apache — derby | XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype. | 2016-10-03 | 6.4 | CVE-2015-1832 CONFIRM(link is external) BID(link is external) CONFIRM CONFIRM |
| bb&t — the_u | The U by BB&T app 1.5.4 and earlier for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2016-10-04 | 4.3 | CVE-2016-6550 CERT-VN |
| candidate-application-form_project — candidate-application-form | Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin | 2016-10-06 | 5.0 | CVE-2015-1000005 MISC(link is external) |
| ceph_project — ceph | The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL. | 2016-10-03 | 4.3 | CVE-2016-7031 CONFIRM(link is external) REDHAT(link is external) REDHAT(link is external) CONFIRM(link is external) CONFIRM(link is external) |
| cisco — nx-os | Cisco NX-OS before 7.0(3)I2(2e) and 7.0(3)I4 before 7.0(3)I4(1) has an incorrect iptables local-interface configuration, which allows remote attackers to obtain sensitive information via TCP or UDP traffic, aka Bug ID CSCuz05365. | 2016-10-05 | 5.0 | CVE-2016-1455 CISCO(link is external) |
| cisco — content_security_management_appliance | The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065. | 2016-10-05 | 4.3 | CVE-2016-6416 CISCO(link is external) |
| cisco — firesight_system_software | Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636. | 2016-10-05 | 6.8 | CVE-2016-6417 CISCO(link is external) |
| cisco — videoscape_distribution_suite_service_manager | Cross-site scripting (XSS) vulnerability in Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.0 through 3.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCva14552. | 2016-10-05 | 4.3 | CVE-2016-6418 CISCO(link is external) |
| cisco — firepower_management_center | SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485. | 2016-10-05 | 6.0 | CVE-2016-6419 CISCO(link is external) |
| cisco — firesight_system_software | Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467. | 2016-10-05 | 6.8 | CVE-2016-6420 CISCO(link is external) |
| cisco — ios_xr | Cisco IOS XR 5.2.2 allows remote attackers to cause a denial of service (process restart) via a crafted OSPF Link State Advertisement (LSA) update, aka Bug ID CSCvb05643. | 2016-10-05 | 5.0 | CVE-2016-6421 CISCO(link is external) |
| cisco — ios | Cisco IOS 12.2(33)SXJ9 on Supervisor Engine 32 and 720 modules for 6500 and 7600 devices mishandles certain operators, flags, and keywords in TCAM share ACLs, which allows remote attackers to bypass intended access restrictions by sending packets that should have been recognized by a filter, aka Bug ID CSCuy64806. | 2016-10-06 | 4.3 | CVE-2016-6422 CISCO(link is external) |
| cisco — ios | The IKEv2 client and initiator implementations in Cisco IOS 15.5(3)M and IOS XE allow remote IKEv2 servers to cause a denial of service (device reload) via crafted IKEv2 packets, aka Bug ID CSCux97540. | 2016-10-05 | 6.3 | CVE-2016-6423 CISCO(link is external) |
| cisco — adaptive_security_appliance | The DHCP Relay implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4.7.29 and 9.1.7.4 allows remote attackers to cause a denial of service (interface wedge) via a crafted rate of DHCP packet transmission, aka Bug ID CSCuy66942. | 2016-10-06 | 6.1 | CVE-2016-6424 CISCO(link is external) |
| cisco — unified_contact_center_express | Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652. | 2016-10-06 | 4.3 | CVE-2016-6425 CISCO(link is external) |
| cisco — unified_contact_center_express | The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653. | 2016-10-05 | 4.3 | CVE-2016-6426 CISCO(link is external) |
| cisco — unified_contact_center_express | Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654. | 2016-10-06 | 6.8 | CVE-2016-6427 CISCO(link is external) |
| cisco — firepower_management_center | Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370. | 2016-10-06 | 4.6 | CVE-2016-6434 CISCO(link is external) |
| cisco — firepower_management_center | The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376. | 2016-10-06 | 4.0 | CVE-2016-6435 CISCO(link is external) |
| cisco — hostscan_engine | Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz14682. | 2016-10-06 | 4.3 | CVE-2016-6436 CISCO(link is external) |
| clamav — clamav | ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable. | 2016-10-03 | 4.3 | CVE-2016-1371 CONFIRM(link is external) BID(link is external) UBUNTU(link is external) CONFIRM(link is external) MISC(link is external) |
| clamav — clamav | ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file. | 2016-10-03 | 4.3 | CVE-2016-1372 CONFIRM(link is external) BID(link is external) UBUNTU(link is external) CONFIRM(link is external) MISC(link is external) |
| csv2wpec-coupon_project — csv2wpec-coupon | Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1 | 2016-10-06 | 5.0 | CVE-2015-1000013 MISC(link is external) MISC |
| djangoproject — django | The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies. | 2016-10-03 | 5.0 | CVE-2016-7401 DEBIAN BID(link is external) SECTRACK(link is external) UBUNTU(link is external) CONFIRM(link is external) |
| drupal — drupal | Drupal 8.x before 8.1.10 does not properly check for “Administer comments” permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes. | 2016-10-03 | 4.0 | CVE-2016-7570 BID(link is external) SECTRACK(link is external) CONFIRM |
| drupal — drupal | Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an HTTP exception. | 2016-10-03 | 4.3 | CVE-2016-7571 BID(link is external) SECTRACK(link is external) CONFIRM |
| drupal — drupal | The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for “Export configuration” permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors. | 2016-10-03 | 4.0 | CVE-2016-7572 BID(link is external) SECTRACK(link is external) CONFIRM |
| fast-image-adder_project — fast-image-adder | Remote file upload vulnerability in fast-image-adder v1.1 WordPress plugin | 2016-10-06 | 5.0 | CVE-2015-1000001 MISC(link is external) Miscellaneous(link is external) |
| fortinet — fortiwlc | Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file. | 2016-10-05 | 4.0 | CVE-2016-7561 CONFIRM(link is external) |
| freerdp_project — freerdp | FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. | 2016-10-03 | 5.0 | CVE-2013-4118 SUSE SUSE MLIST(link is external) MLIST(link is external) BID(link is external) CONFIRM(link is external) |
| freerdp_project — freerdp | FreeRDP before 1.1.0-beta+2013071101 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by disconnecting before authentication has finished. | 2016-10-03 | 5.0 | CVE-2013-4119 MLIST(link is external) MLIST(link is external) BID(link is external) CONFIRM(link is external) |
| gnome — gdk-pixbuf | The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. | 2016-10-03 | 5.0 | CVE-2016-6352 SUSE MLIST(link is external) MLIST(link is external) UBUNTU(link is external) CONFIRM CONFIRM CONFIRM |
| haxx — libcurl | curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420. | 2016-10-03 | 5.0 | CVE-2016-7141 SUSE BID(link is external) SECTRACK(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
| hp — keyview | The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4388, CVE-2016-4389, and CVE-2016-4390. | 2016-10-05 | 6.8 | CVE-2016-4387 CONFIRM(link is external) |
| hp — keyview | The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4389, and CVE-2016-4390. | 2016-10-05 | 6.8 | CVE-2016-4388 CONFIRM(link is external) |
| hp — keyview | The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4390. | 2016-10-05 | 6.8 | CVE-2016-4389 CONFIRM(link is external) |
| hp — keyview | The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4389. | 2016-10-05 | 6.8 | CVE-2016-4390 CONFIRM(link is external) |
| huawei — ar_firmware | Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 make it easier for remote authenticated administrators to obtain and decrypt passwords by leveraging selection of a reversible encryption algorithm. | 2016-10-03 | 4.0 | CVE-2015-8085 CONFIRM(link is external) |
| huawei — ar_firmware | Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 makes it easier for remote authenticated administrators to obtain encryption keys and ciphertext passwords via vectors related to key storage. | 2016-10-03 | 4.0 | CVE-2015-8086 CONFIRM(link is external) |
| huawei — usg9520 | Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote authenticated users to cause a denial of service (device restart) via an unspecified command parameter. | 2016-10-03 | 6.8 | CVE-2016-8277 CONFIRM(link is external) BID(link is external) |
| huawei — esight | Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors. | 2016-10-03 | 4.0 | CVE-2016-8280 CONFIRM(link is external) BID(link is external) |
| huge-it — huge-it_image_gallery | XSS in huge IT gallery v1.1.5 for Joomla | 2016-10-06 | 4.3 | CVE-2016-1000114 MISC MISC(link is external) |
| ibm — websphere_application_server | IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object. | 2016-10-05 | 6.5 | CVE-2016-5983 AIXAPAR(link is external) CONFIRM(link is external) |
| ibm — websphere_application_server | IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors. | 2016-09-30 | 5.0 | CVE-2016-5986 AIXAPAR(link is external) CONFIRM(link is external) |
| ibm — db2 | Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program. | 2016-09-30 | 6.9 | CVE-2016-5995 AIXAPAR(link is external) AIXAPAR(link is external) AIXAPAR(link is external) AIXAPAR(link is external) CONFIRM(link is external) |
| ibm — sterling_secure_proxy | Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL. | 2016-10-06 | 5.0 | CVE-2016-6023 CONFIRM(link is external) |
| ibm — sterling_secure_proxy | The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL. | 2016-10-06 | 4.6 | CVE-2016-6025 CONFIRM(link is external) |
| ibm — sterling_secure_proxy | The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP. | 2016-10-06 | 5.8 | CVE-2016-6027 CONFIRM(link is external) |
| indasengineering — web_scada | Directory traversal vulnerability in INDAS Web SCADA before 3 allows remote attackers to read arbitrary files via unspecified vectors. | 2016-10-05 | 5.0 | CVE-2016-8343 MISC |
| ipswitch — whatsup_gold | Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection | 2016-10-06 | 6.5 | CVE-2016-1000000 MISC(link is external) |
| libgd — libgd | The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image. | 2016-10-03 | 4.3 | CVE-2016-6905 SUSE SUSE MLIST(link is external) BID(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
| libtiff — libtiff | The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the “-c none” option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. | 2016-10-03 | 4.3 | CVE-2016-3619 MISC MLIST(link is external) |
| libtiff — libtiff | The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the “-c zip” option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. | 2016-10-03 | 5.0 | CVE-2016-3620 MISC MLIST(link is external) |
| libtiff — libtiff | The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the “-c lzw” option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. | 2016-10-03 | 6.8 | CVE-2016-3621 MISC MLIST(link is external) |
| libtiff — libtiff | The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image. | 2016-10-03 | 4.3 | CVE-2016-3622 MLIST(link is external) |
| libtiff — libtiff | The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0. | 2016-10-03 | 5.0 | CVE-2016-3623 CONFIRM SUSE MLIST(link is external) |
| libtiff — libtiff | The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the “-v” option to -1. | 2016-10-03 | 5.0 | CVE-2016-3624 MISC MLIST(link is external) |
| libtiff_project — libtiff | tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image. | 2016-10-03 | 4.3 | CVE-2016-3625 MISC MLIST(link is external) |
| libtiff_project — libtiff | The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable. | 2016-10-03 | 5.0 | CVE-2016-3631 MLIST(link is external) |
| libtiff_project — libtiff | The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable. | 2016-10-03 | 5.0 | CVE-2016-3633 MISC MLIST(link is external) |
| libtiff_project — libtiff | The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching. | 2016-10-03 | 5.0 | CVE-2016-3634 MISC MLIST(link is external) |
| libtiff_project — libtiff | The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable. | 2016-10-03 | 5.0 | CVE-2016-3658 MISC MLIST(link is external) |
| mailcwp_project — mailcwp | Remote file upload vulnerability in mailcwp v1.99 wordpress plugin | 2016-10-06 | 5.0 | CVE-2015-1000000 MISC(link is external) MISC |
| mypixs_project — mypixs | Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin | 2016-10-06 | 5.0 | CVE-2015-1000012 MISC(link is external) MISC |
| openjpeg — openjpeg | convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s. | 2016-10-03 | 5.0 | CVE-2016-7445 SUSE MLIST(link is external) MLIST(link is external) CONFIRM(link is external) CONFIRM(link is external) |
| perl — perl | Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message. | 2016-10-05 | 5.0 | CVE-2016-1246 CONFIRM DEBIAN CONFIRM(link is external) |
| pivotal_software — spring_data_jpa | SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call. | 2016-10-05 | 6.8 | CVE-2016-6652 CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
| pivotal_software — cloud_foundry_cf_mysql | The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) cf-mysql-release 27 and 28 allows remote attackers to obtain sensitive information by reading syslog messages, as demonstrated by cleartext credentials. | 2016-10-06 | 5.0 | CVE-2016-6653 CONFIRM(link is external) |
| qemu — qemu | The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0. | 2016-10-05 | 4.9 | CVE-2016-7909 MLIST(link is external) MLIST(link is external) MLIST |
| recent-backups_project — recent-backups | Remote file download vulnerability in recent-backups v0.7 wordpress plugin | 2016-10-06 | 5.0 | CVE-2015-1000006 MISC(link is external) |
| sap — netweaver | The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621. | 2016-10-05 | 5.0 | CVE-2016-4551 FULLDISC MISC(link is external) |
| simple-image-manipulator_project — simple-image-manipulator | Remote file download in simple-image-manipulator v1.0 wordpress plugin | 2016-10-06 | 5.0 | CVE-2015-1000010 MISC(link is external) MISC |
| wptf-image-gallery_project — wptf-image-gallery | Remote file download vulnerability in wptf-image-gallery v1.03 | 2016-10-06 | 5.0 | CVE-2015-1000007 MISC(link is external) |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| ibm — websphere_application_server | Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving OpenID Connect clients. | 2016-09-30 | 3.5 | CVE-2016-3042 AIXAPAR(link is external) CONFIRM(link is external) |
| ibm — b2b_advanced_communications | Cross-site scripting (XSS) vulnerability in IBM 10x, as used in Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications before 1.0.0.5_2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2016-10-05 | 3.5 | CVE-2016-5892 CONFIRM(link is external) |
| ibm — business_process_manager | Cross-site scripting (XSS) vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative fix 2016.09 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2016-10-05 | 3.5 | CVE-2016-5901 AIXAPAR(link is external) CONFIRM(link is external) |
| ibm — sterling_secure_proxy | The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST. | 2016-10-06 | 2.9 | CVE-2016-6026 CONFIRM(link is external) |
| mongodb — mongodb | The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files. | 2016-10-03 | 2.1 | CVE-2016-6494 MLIST(link is external) MLIST(link is external) BID(link is external) CONFIRM CONFIRM(link is external) CONFIRM(link is external) CONFIRM FEDORA |
| qemu — qemu | The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags. | 2016-10-05 | 2.1 | CVE-2016-7907 MLIST(link is external) MLIST(link is external) MLIST |
| qemu — qemu | The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags. | 2016-10-05 | 2.1 | CVE-2016-7908 CONFIRM MLIST(link is external) MLIST(link is external) MLIST |
| redhat — jboss_bpm_suite | Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes. | 2016-10-03 | 3.5 | CVE-2016-5398 REDHAT(link is external) REDHAT(link is external) BID(link is external) CONFIRM(link is external) |
| redhat — enterprise_virtualization | The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files. | 2016-10-03 | 2.1 | CVE-2016-5432 REDHAT(link is external) CONFIRM(link is external) CONFIRM |
| sophos — unified_threat_management_software | The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the “value” field of the SMTP user settings in the notifications configuration tab. | 2016-10-03 | 2.1 | CVE-2016-7397 BUGTRAQ(link is external) MISC.(link is external) |
| sophos — unified_threat_management_software | The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the “value” field of the proxy user settings in “system settings / scan settings / anti spam” configuration tab. | 2016-10-03 | 2.1 | CVE-2016-7442 BUGTRAQ(link is external) MISC.(link is external) |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cisco — nx-os | Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access via crafted parameters in an SSH connection negotiation, aka Bug IDs CSCum35502, CSCuw78669, CSCuw79754, and CSCux88492. | 2016-10-06 | not yet calculated | CVE-2015-0721 CISCO(link is external) |
| cisco — nx-os | Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted IPv4 DHCP packets to the (1) DHCPv4 relay agent or (2) smart relay agent, aka Bug IDs CSCuq24603, CSCur93159, CSCus21693, and CSCut76171. | 2016-10-05 | not yet calculated | CVE-2015-6392 CISCO(link is external) |
| cisco — nx-os | Cisco NX-OS 4.0 through 7.3 and 11.0 through 11.2 on 1000v, 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device reload) by leveraging a peer relationship to send a crafted BGP UPDATE message, aka Bug IDs CSCuq77105 and CSCux11417. | 2016-10-06 | not yet calculated | CVE-2016-1454 CISCO(link is external) |
| citrix — license_server | Citrix License Server for Windows before 11.14.0.1 and License Server VPX before 11.14.0.1 allow remote attackers to cause a denial of service (server crash) via unspecified vectors. | 2016-10-07 | not yet calculated | CVE-2016-6273 CONFIRM(link is external) |
| curl — curl_escape | Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow. | 2016-10-07 | not yet calculated | CVE-2016-7167 BID(link is external) SECTRACK(link is external) SLACKWARE(link is external) CONFIRM(link is external) FEDORA FEDORA FEDORA |
| eclipse — jetty | The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak. | 2016-10-07 | not yet calculated | CVE-2015-2080 MLIST MLIST FEDORA MISC(link is external) FULLDISC BUGTRAQ(link is external) BID(link is external) SECTRACK(link is external) MISC(link is external) CONFIRM(link is external) |
| fedora_project — mirror_manager | Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code | 2016-10-07 | not yet calculated | CVE-2016-1000003 MISC(link is external) MISC(link is external) |
| fedora_project — pagure | Pagure 2.2.1 XSS in raw file endpoint | 2016-10-07 | not yet calculated | CVE-2016-1000007 MISC(link is external) |
| flask — flask_oxide | flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect | 2016-10-07 | not yet calculated | CVE-2016-1000001 MISC(link is external) |
| fortinet — fortimanager | Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters. | 2016-10-07 | not yet calculated | CVE-2015-7363 CONFIRM(link is external) |
| gnu — c_library | The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. | 2016-10-07 | not yet calculated | CVE-2016-6323 SUSE MLIST(link is external) FEDORA FEDORA FEDORA CONFIRM CONFIRM |
| libav — put_no_rnd_pixels8_xy2_mmx | The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file. | 2016-10-07 | not yet calculated | CVE-2016-7424 DEBIAN MLIST(link is external) MLIST(link is external) MLIST(link is external) BID(link is external) MISC CONFIRM CONFIRM |
| openstack — cinder | The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image. | 2016-10-07 | not yet calculated | CVE-2015-5162 MLIST(link is external) CONFIRM(link is external) |
| red_hat — cloudforms_management | Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections. | 2016-10-07 | not yet calculated | CVE-2016-7040 REDHAT(link is external) |
| red_hat — linux_kernel | The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd. | 2016-10-07 | not yet calculated | CVE-2016-3699 MLIST(link is external) BID(link is external) CONFIRM(link is external) MISC(link is external) |
| tp_link — tplinklogin_and_tplinkextender | TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Please note that these domains are | 2016-10-06 | not yet calculated | CVE-2016-1000009 BUGTRAQ MISC(link is external) MISC(link is external) |
| wordpress — google-adsense-and-hotel-booking | Open proxy in WordPress plugin google-adsense-and-hotel-booking v1.05 | 2016-10-06 | not yet calculated | CVE-2015-1000009 MISC(link is external) MISC |
| wordpress — mp3-jplayer | Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2 | 2016-10-06 | not yet calculated | CVE-2015-1000008 MISC(link is external) MISC |
| wordpress — open_proxy | Open Proxy in filedownload v1.4 wordpress plugin | 2016-10-06 | not yet calculated | CVE-2015-1000003 MISC(link is external) MISC |
| wordpress — open_proxy | Open Proxy in filedownload v1.4 wordpress plugin | 2016-10-06 | not yet calculated | CVE-2015-1000002 MISC(link is external) MISC |
| wordpress — open_proxy | Open Proxy in filedownload v1.4 wordpress plugin | 2016-10-06 | not yet calculated | CVE-2015-1000004 MISC(link is external) MISC |
| xen — cro_ts | Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it. | 2016-10-07 | not yet calculated | CVE-2016-7777 BID(link is external) SECTRACK(link is external) CONFIRM |
Recent posts
-
-
I have been playing with the free version of... Full Story
-
In my day job, I am on a lot... Full Story