U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

Bulletin (SB16-011)

Vulnerability Summary for the Week of January 4, 2016

Original release date: January 11, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
google -- androidmediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 25070493 and 24686670.2016-01-0610.0CVE-2015-6636
CONFIRM
google -- androidThe MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013.2016-01-069.3CVE-2015-6637
CONFIRM
google -- androidThe Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908.2016-01-069.3CVE-2015-6638
CONFIRM
google -- androidThe Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.2016-01-069.3CVE-2015-6639
CONFIRM
google -- androidThe prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service (vma list corruption) via a crafted application, aka internal bug 20017123.2016-01-069.3CVE-2015-6640
CONFIRM
CONFIRM
google -- androidThe kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24157888.2016-01-067.8CVE-2015-6642
CONFIRM
google -- androidSetup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka internal bug 25290269.2016-01-067.2CVE-2015-6643
CONFIRM
google -- androidSyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205.2016-01-067.1CVE-2015-6645
CONFIRM
google -- androidThe System V IPC implementation in the kernel in Android before 6.0 2016-01-01 allows attackers to cause a denial of service (global kernel resource consumption) by leveraging improper interaction between IPC resource allocation and the memory manager, aka internal bug 22300191, a different vulnerability than CVE-2015-7613.2016-01-067.8CVE-2015-6646
CONFIRM
google -- androidThe Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554.2016-01-069.3CVE-2015-6647
CONFIRM
hp -- j8692aHPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859.2016-01-057.2CVE-2015-6860
HP
hp -- ucmdb_browserHPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors.2016-01-077.2CVE-2015-6862
HP
ibm -- i_accessBuffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified vectors.2016-01-027.2CVE-2015-2023
AIXAPAR
CONFIRM
ibm -- tivoli_monitoringThe portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input.2016-01-038.5CVE-2015-5003
CONFIRM
AIXAPAR
ibm -- security_access_manager_9.0_firmwareIBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands by leveraging Local Management Interface (LMI) access.2016-01-028.5CVE-2015-5018
CONFIRM
AIXAPAR
AIXAPAR
ibm -- connectionsIBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 does not properly detect recursion during XML entity expansion, which allows remote attackers to cause a denial of service (CPU consumption and application crash) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.2016-01-037.8CVE-2015-5038
CONFIRM
AIXAPAR
ibm -- spectrum_protect_for_virtual_environmentsThe Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.2016-01-0210.0CVE-2015-7426
CONFIRM
ibm -- tivoli_common_reportingIBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.2016-01-0210.0CVE-2015-7450
CONFIRM
ipswitch -- whatsup_goldThe DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request.2016-01-077.5CVE-2015-8261
CERT-VN
pcre -- perl_compatible_regular_expression_libraryThe pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.2016-01-027.5CVE-2016-1283
CONFIRM
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- hadoopThe Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via unspecified vectors.2016-01-024.6CVE-2015-7430
CONFIRM
cisco -- ios_xrCisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service (device reload) via a crafted update, aka Bug ID CSCuw83486.2016-01-045.0CVE-2015-6432
CISCO
cisco -- unified_communications_managerSQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767.2016-01-074.0CVE-2015-6433
CISCO
cisco -- prime_infrastructureCisco Prime Infrastructure does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCux64856.2016-01-074.3CVE-2015-6434
CISCO
dx_library_project -- dx_libraryBuffer overflow in the CL_vsprintf function in Takumi Yamada DX Library before 3.16 allows remote attackers to execute arbitrary code via a crafted string.2016-01-076.8CVE-2016-1131
JVNDB
JVN
CONFIRM
eucalyptus -- eucalyptusHP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass intended access restrictions and modify arbitrary (1) access key credentials by leveraging knowledge of a key ID or (2) signing certificates by leveraging knowledge of a certificate ID.2016-01-044.6CVE-2014-5040
CONFIRM
HP
eucalyptus -- eucalyptusHPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission requirement and assume an IAM role by leveraging a policy setting for a user's account.2016-01-054.6CVE-2015-6861
HP
google -- androidBouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.2016-01-064.3CVE-2015-6644
CONFIRM
hp -- jg786a_hp_flexfabric_12500_4-port_100gbe_cfp_fdHP H3C Comware 5 and 7 devices allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping."2016-01-056.4CVE-2015-5434
HP
hp -- storeonce_backup_system_softwareCross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.2016-01-056.8CVE-2015-5445
HP
hp -- storeonce_backup_system_softwareHP StoreOnce Backup system software before 3.13.1 allows remote attackers to execute arbitrary code via unspecified vectors.2016-01-055.8CVE-2015-5446
HP
hp -- insight_managementHP Insight Control server provisioning before 7.5.0 RabbitMQ allows remote attackers to obtain sensitive information via unspecified vectors.2016-01-054.3CVE-2015-6858
HP
hp -- network_switch_softwareHPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860.2016-01-054.6CVE-2015-6859
HP
ibm -- qradar_security_information_and_event_managerDirectory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.5 Patch 6 allows remote authenticated users to read arbitrary files via a crafted URL.2016-01-024.0CVE-2015-2007
CONFIRM
ibm -- websphere_mq_lightIBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service (MQXR service crash) via unspecified vectors.2016-01-015.0CVE-2015-4941
CONFIRM
ibm -- websphere_mq_lightIBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions.2016-01-015.0CVE-2015-4943
CONFIRM
ibm -- tealeaf_customer_experienceThe portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary charts by specifying an internal chart name.2016-01-025.0CVE-2015-4989
CONFIRM
ibm -- change_and_configuration_management_databaseIBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password.2016-01-035.5CVE-2015-5017
CONFIRM
ibm -- infosphere_biginsightsThe Big SQL component in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0 allows remote authenticated users to bypass intended access restrictions and truncate arbitrary tables via unspecified vectors.2016-01-024.0CVE-2015-5020
CONFIRM
ibm -- curam_social_program_managementSQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.2016-01-036.5CVE-2015-5023
CONFIRM
ibm -- connectionsCross-site request forgery (CSRF) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.2016-01-036.8CVE-2015-5037
CONFIRM
AIXAPAR
ibm -- openpages_grc_platformSQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.2016-01-016.5CVE-2015-5049
CONFIRM
ibm -- maximo_asset_managementIBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors.2016-01-034.0CVE-2015-5051
CONFIRM
ibm -- maximo_asset_managementThe Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors.2016-01-025.5CVE-2015-7396
CONFIRM
ibm -- mashups_centerThe Lotus Mashups component in IBM Mashup Center 3.0.0.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.2016-01-026.8CVE-2015-7400
CONFIRM
AIXAPAR
ibm -- mashups_centerCross-site request forgery (CSRF) vulnerability in Lotus Mashups in IBM Mashup Center 3.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.2016-01-026.8CVE-2015-7407
CONFIRM
AIXAPAR
ibm -- sterling_b2b_integratorThe Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.2016-01-015.8CVE-2015-7410
CONFIRM
ibm -- mq_appliance_m2000Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7421.2016-01-015.0CVE-2015-7420
CONFIRM
ibm -- mq_appliance_m2000Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7420.2016-01-015.0CVE-2015-7421
CONFIRM
ibm -- spectrum_protect_for_virtual_environmentsThe Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.4 allows remote authenticated users to restore arbitrary virtual machines and consequently obtain sensitive information by visiting the vSphere inventory.2016-01-024.0CVE-2015-7429
CONFIRM
ibm -- sterling_b2b_integratorCross-site scripting (XSS) vulnerability in Queue Watcher in IBM Sterling B2B Integrator 5.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.2016-01-024.3CVE-2015-7431
CONFIRM
AIXAPAR
ibm -- installation_managerconsoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows local users to gain privileges via a Trojan horse program that is located in /tmp with a name based on a predicted PID value.2016-01-026.2CVE-2015-7442
CONFIRM
ibm -- maximo_asset_managementIBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API.2016-01-024.0CVE-2015-7452
CONFIRM
ibm -- spectrum_scaleIBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors.2016-01-014.0CVE-2015-7456
AIXAPAR
CONFIRM
mozilla -- bugzillaTemplate.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain sensitive information by leveraging a web browser that interprets CSV data as JavaScript code.2016-01-034.3CVE-2015-8509
CONFIRM
BUGTRAQ
nodejs -- node.jsNode.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP request.2016-01-025.0CVE-2015-8027
CONFIRM
CONFIRM
CONFIRM
AIXAPAR
wireshark -- wiresharkepan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.2016-01-044.3CVE-2015-3182
CONFIRM
CONFIRM
wireshark -- wiresharkepan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.2016-01-044.3CVE-2015-8711
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkThe dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.2016-01-044.3CVE-2015-8712
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkepan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet.2016-01-044.3CVE-2015-8713
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkThe dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.2016-01-044.3CVE-2015-8714
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkepan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.2016-01-044.3CVE-2015-8715
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkThe init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.2016-01-044.3CVE-2015-8716
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkThe dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.2016-01-044.3CVE-2015-8717
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkDouble free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the "Match MSG/RES packets for async NLM" option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet.2016-01-044.3CVE-2015-8718
CONFIRM
CONFIRM
wireshark -- wiresharkThe dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.2016-01-044.3CVE-2015-8719
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkThe dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.2016-01-044.3CVE-2015-8720
CONFIRM
CONFIRM
wireshark -- wiresharkBuffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression.2016-01-044.3CVE-2015-8721
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkepan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.2016-01-044.3CVE-2015-8722
CONFIRM
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkThe AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.2016-01-044.3CVE-2015-8723
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkThe AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.2016-01-044.3CVE-2015-8724
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkThe dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.2016-01-044.3CVE-2015-8725
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkwiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.2016-01-044.3CVE-2015-8726
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkThe dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.2016-01-044.3CVE-2015-8727
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkThe Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet.2016-01-044.3CVE-2015-8728
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkThe ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.2016-01-044.3CVE-2015-8729
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkepan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet.2016-01-044.3CVE-2015-8730
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkThe dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.2016-01-044.3CVE-2015-8731
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkThe dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.2016-01-044.3CVE-2015-8732
CONFIRM
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkThe ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.2016-01-044.3CVE-2015-8733
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkThe dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP dissector in Wireshark 2.0.x before 2.0.1 mishandles the packet type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.2016-01-044.3CVE-2015-8734
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkThe get_value function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (invalid write operation and application crash) via a crafted packet.2016-01-044.3CVE-2015-8735
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkThe mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not reserve memory for a trailer, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file.2016-01-044.3CVE-2015-8736
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkThe mp2t_open function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not validate the bit rate, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.2016-01-044.3CVE-2015-8737
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkThe s7comm_decode_ud_cpu_szl_subfunc function in epan/dissectors/packet-s7comm_szl_ids.c in the S7COMM dissector in Wireshark 2.0.x before 2.0.1 does not validate the list count in an SZL response, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.2016-01-044.3CVE-2015-8738
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkThe ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the IPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to access a packet scope, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet.2016-01-044.3CVE-2015-8739
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkThe dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x before 2.0.1 does not validate the number of columns, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.2016-01-044.3CVE-2015-8740
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkThe dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI dissector in Wireshark 2.0.x before 2.0.1 does not initialize a packet-header data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.2016-01-044.3CVE-2015-8741
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkThe dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.2016-01-044.3CVE-2015-8742
CONFIRM
CONFIRM
CONFIRM
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
google -- androidWi-Fi in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Wi-Fi information by leveraging access to the local physical environment, aka internal bug 25266660.2016-01-063.3CVE-2015-5310
CONFIRM
google -- androidBluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427.2016-01-062.9CVE-2015-6641
CONFIRM
hp -- storeonce_backup_system_softwareCross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2016-01-053.5CVE-2015-5447
HP
ibm -- rational_collaborative_lifecycle_managementJazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.x before 6.0.0 IF4; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Engineering Lifecycle Manager (RELM) 4.0.3 through 4.0.7, 5.0 through 5.0.2, and 6.0.0; Rational Rhapsody Design Manager (DM) 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0.0; and Rational Software Architect Design Manager (DM) 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0.0 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.2016-01-023.5CVE-2015-1928
CONFIRM
ibm -- rational_collaborative_lifecycle_managementUnspecified vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Quality Manager (RQM) 2.x and 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF8, and 5.x before 5.0.2 IF10; Rational Team Concert (RTC) 2.x and 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF8, and 5.x before 5.0.2 IF10; Rational Requirements Composer (RRC) 2.x and 3.x before 3.0.1.6 IF7 and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0; and Rational Software Architect Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote attackers to cause a denial of service via unknown vectors.2016-01-023.3CVE-2015-1971
CONFIRM
ibm -- mq_appliance_m2000The queue manager on IBM MQ M2000 appliances before 8.0.0.4 allows local users to bypass an intended password requirement and read private keys by leveraging the existence of a stash file.2016-01-021.9CVE-2015-1985
CONFIRM
ibm -- rational_collaborative_lifecycle_managementRational LifeCycle Project Administration in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Engineering Lifecycle Manager (RELM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; Rational Rhapsody Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; and Rational Software Architect Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1 allows local users to bypass intended access restrictions via unspecified vectors.2016-01-032.1CVE-2015-4946
CONFIRM
ibm -- rational_collaborative_lifecycle_managementJazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Engineering Lifecycle Manager (RELM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; Rational Rhapsody Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; and Rational Software Architect Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1 uses weak permissions for unspecified project areas, which allows remote authenticated users to obtain sensitive information via unknown vectors.2016-01-032.7CVE-2015-4962
CONFIRM
ibm -- tealeaf_customer_experienceThe portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows local users to discover credentials by leveraging privileges during an unspecified connection type.2016-01-021.9CVE-2015-4990
CONFIRM
ibm -- rational_clearquestIBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors.2016-01-023.6CVE-2015-4996
CONFIRM
ibm -- connectionsCross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-5036.2016-01-033.5CVE-2015-5035
CONFIRM
AIXAPAR
ibm -- connectionsCross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-5035.2016-01-033.5CVE-2015-5036
CONFIRM
AIXAPAR
ibm -- curam_social_program_managementCross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.2016-01-023.5CVE-2015-7402
CONFIRM
ibm -- general_parallel_file_systemIBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel File System (GPFS) 3.5.x before 3.5.0.29 and 4.1.x through 4.1.0.8 on AIX allow local users to cause a denial of service (incorrect pointer dereference and node crash) via unspecified vectors.2016-01-022.1CVE-2015-7403
CONFIRM
ibm -- qradar_security_information_and_event_managerCross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.6 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified field.2016-01-013.5CVE-2015-7409
CONFIRM
ibm -- urbancode_deployMultiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode Deploy 6.0 before 6.0.1.12, 6.1 before 6.1.3.2, and 6.2 before 6.2.0.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.2016-01-013.5CVE-2015-7415
CONFIRM
ibm -- i_accessAFP Workbench Viewer in IBM i Access 7.1 on Windows allows remote attackers to cause a denial of service (viewer crash) via a crafted workbench file.2016-01-022.1CVE-2015-7416
AIXAPAR
CONFIRM
ibm -- i_accessBuffer overflow in IBM i Access 7.1 on Windows allows local users to cause a denial of service (application crash) via unspecified vectors.2016-01-022.1CVE-2015-7422
AIXAPAR
CONFIRM
ibm -- tivoli_common_reportingIBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 allows local users to bypass the Cognos Application Firewall (CAF) protection mechanism via leading whitespace in the BackURL field.2016-01-021.9CVE-2015-7435
CONFIRM
ibm -- tivoli_common_reportingIBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 preserves user permissions across group-add and group-remove operations, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging administrative changes to group membership.2016-01-021.9CVE-2015-7436
CONFIRM
ibm -- sterling_b2b_integratorQueue Watcher in IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive information via unspecified vectors.2016-01-022.1CVE-2015-7437
CONFIRM
AIXAPAR
ibm -- sterling_b2b_integratorIBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive cleartext web-services information by leveraging database access.2016-01-021.9CVE-2015-7438
CONFIRM
AIXAPAR
ibm -- b2b_advanced_communicationsIBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive information by reading error messages in responses.2016-01-013.5CVE-2015-7445
CONFIRM
AIXAPAR
ibm -- maximo_asset_managementCross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.2016-01-023.5CVE-2015-7451
CONFIRM
mozilla -- bugzillaCross-site scripting (XSS) vulnerability in showdependencygraph.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2, when a local dot configuration is used, allows remote attackers to inject arbitrary web script or HTML via a crafted bug summary.2016-01-032.6CVE-2015-8508
CONFIRM
BUGTRAQ
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top