U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

Bulletin (SB16-179)

Vulnerability Summary for the Week of June 20, 2016

Original release date: June 27, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apple -- mac_os_xThe NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846.2016-06-199.3CVE-2016-1861
CONFIRM
APPLE
cisco -- rv110w_wireless-n_vpn_firewall_firmwareThe web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428.2016-06-1810.0CVE-2016-1395
CISCO
dx_library_project -- dx_libraryThe printfDx function in Takumi Yamada DX Library for Borland C++ 3.13f through 3.16b, DX Library for Gnu C++ 3.13f through 3.16b, and DX Library for Visual C++ 3.13f through 3.16b allows remote attackers to execute arbitrary code via a crafted string.2016-06-187.5CVE-2016-4819
JVNDB
JVN
CONFIRM
emc -- data_domainEMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 has a default no_root_squash option for NFS exports, which makes it easier for remote attackers to obtain filesystem access by leveraging client root privileges.2016-06-197.2CVE-2016-0911
BUGTRAQ
emc -- data_domainEMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote authenticated users to bypass intended password-change restrictions by leveraging access to (1) a different account with the same role as a target account or (2) an account's session at an unattended workstation.2016-06-199.0CVE-2016-0912
BUGTRAQ
fonality -- fonalityFonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a (1) FTP or (2) SSH connection.2016-06-1910.0CVE-2016-2362
CERT-VN
fonality -- fonalityFonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 uses weak permissions for the /var/www/rpc/surun script, which allows local users to obtain root access for unspecified command execution by leveraging access to the nobody account.2016-06-197.2CVE-2016-2363
CERT-VN
netcommons -- netcommonsNetCommons 2.4.2.1 and earlier allows remote authenticated secretariat (aka CLERK) users to gain privileges by creating a SYSTEM_ADMIN account.2016-06-189.0CVE-2016-4813
CONFIRM
JVNDB
JVN
openssl -- opensslOpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.2016-06-197.5CVE-2016-2177
CONFIRM
CONFIRM
solarwinds -- virtualization_managerThe RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.2016-06-1710.0CVE-2016-3642
FULLDISC
FULLDISC
MISC
solarwinds -- virtualization_managerSolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd."2016-06-177.2CVE-2016-3643
FULLDISC
MISC
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apple -- mac_os_xIntel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1862.2016-06-194.3CVE-2016-1860
CONFIRM
APPLE
apple -- mac_os_xIntel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860.2016-06-194.3CVE-2016-1862
CONFIRM
APPLE
apple -- safariThe XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.2016-06-195.0CVE-2016-1864
CONFIRM
CONFIRM
APPLE
APPLE
buffalo -- wzr-600dhp2_firmwareDirectory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors.2016-06-185.0CVE-2016-4815
CONFIRM
JVNDB
JVN
buffalo -- wzr-600dhp2_firmwareBUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices allow remote attackers to discover credentials and other sensitive information via unspecified vectors.2016-06-184.3CVE-2016-4816
CONFIRM
JVNDB
JVN
cisco -- iosCisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476.2016-06-225.0CVE-2015-6289
CISCO
cisco -- rv110w_wireless-n_vpn_firewall_firmwareCross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583.2016-06-184.3CVE-2016-1396
CISCO
cisco -- rv110w_wireless-n_vpn_firewall_firmwareBuffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523.2016-06-186.8CVE-2016-1397
CISCO
cisco -- iosCisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun63132.2016-06-186.1CVE-2016-1424
CISCO
cisco -- prime_network_registrarThe System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694.2016-06-175.0CVE-2016-1427
CISCO
cisco -- ios_xeDouble free vulnerability in Cisco IOS XE 3.15S, 3.16S, and 3.17S allows remote authenticated users to cause a denial of service (device restart) via a sequence of crafted SNMP read requests, aka Bug ID CSCux13174.2016-06-226.8CVE-2016-1428
CISCO
cisco -- firepower_management_centerCross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur25516.2016-06-174.3CVE-2016-1431
CISCO
cisco -- ios_xeCisco IOS XE 3.15S and 3.16S on cBR-8 Converged Broadband Router devices allows remote authenticated users to cause a denial of service (NULL pointer dereference and card restart) via a crafted SNMP request, aka Bug ID CSCuu68862.2016-06-176.8CVE-2016-1432
CISCO
cisco -- ip_phone_8800_series_firmwareThe license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010.2016-06-224.0CVE-2016-1434
CISCO
cisco -- ip_phone_8800_series_firmwareCisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014.2016-06-226.2CVE-2016-1435
CISCO
cisco -- asr_5000_softwareThe General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1 packet, aka Bug ID CSCuz46198.2016-06-225.0CVE-2016-1436
CISCO
cisco -- prime_collaboration_deploymentSQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy92549.2016-06-224.0CVE-2016-1437
CISCO
cisco -- asyncosCisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210.2016-06-225.0CVE-2016-1438
CISCO
cisco -- unified_contact_center_enterpriseCross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center Enterprise through 10.5(2) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux59650.2016-06-224.3CVE-2016-1439
CISCO
citrix -- ios_receiverCitrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors.2016-06-175.8CVE-2016-5433
CONFIRM
cybozu -- garoonCybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196.2016-06-194.3CVE-2015-7776
CONFIRM
CONFIRM
CONFIRM
CONFIRM
JVNDB
JVN
cybozu -- garoonDirectory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors.2016-06-195.0CVE-2016-1191
CONFIRM
JVNDB
JVN
cybozu -- garoonDirectory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors.2016-06-194.0CVE-2016-1192
CONFIRM
JVNDB
JVN
cybozu -- garoonOpen redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.2016-06-195.8CVE-2016-1195
CONFIRM
JVNDB
JVN
cybozu -- garoonCybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.2016-06-194.0CVE-2016-1196
CONFIRM
JVNDB
JVN
cybozu -- garoonCross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775.2016-06-194.3CVE-2016-1197
CONFIRM
JVNDB
JVN
emc -- documentum_administratorEMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface.2016-06-226.5CVE-2016-0914
BUGTRAQ
fonality -- fonalityThe Chrome HUDweb plugin before 2016-05-05 for Fonality (previously trixbox Pro) 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.2016-06-195.0CVE-2016-2364
CERT-VN
gsi -- old_gsi_mapsDirectory traversal vulnerability in kml2jsonp.php in Geospatial Information Authority of Japan (aka GSI) Old_GSI_Maps before January 2015 on Windows allows remote attackers to read arbitrary files via unspecified vectors.2016-06-185.0CVE-2016-4814
CONFIRM
JVNDB
JVN
h2o_project -- h2olib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 mishandles HTTP/2 disconnection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted packet.2016-06-185.0CVE-2016-4817
CONFIRM
CONFIRM
JVNDB
JVN
hp -- service_managerHP Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client, Windows Client, and Service Request components.2016-06-186.0CVE-2016-4371
CONFIRM
ibm -- elastic_storage_serverIBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum Scale RAID, allows local users to gain privileges via a crafted parameter to a setuid program.2016-06-194.6CVE-2016-0392
AIXAPAR
CONFIRM
iodata -- etx-r_firmwareCross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users.2016-06-186.8CVE-2016-4820
CONFIRM
JVNDB
JVN
iodata -- etx-r_firmwareI-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial of service (web-server crash) via unspecified vectors.2016-06-185.0CVE-2016-4821
CONFIRM
JVNDB
JVN
moxa -- pt-7728_firmwareMoxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy.2016-06-194.6CVE-2016-4514
MISC
netgear -- d3600_firmwareNETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.2016-06-194.3CVE-2015-8288
CERT-VN
CONFIRM
netgear -- d3600_firmwareThe password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code.2016-06-194.3CVE-2015-8289
CERT-VN
CONFIRM
ntt-bp -- japan_connected-free_wi-fiThe NTT Broadband Platform Japan Connected-free Wi-Fi application 1.15.1 and earlier for Android and 1.13.0 and earlier for iOS allows man-in-the-middle attackers to obtain API access via unspecified vectors.2016-06-195.1CVE-2016-4811
CONFIRM
CONFIRM
JVNDB
JVN
CONFIRM
nttdata -- terasoluna_server_framework_for_java_webNTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname.2016-06-184.3CVE-2016-1183
CONFIRM
JVNDB
JVN
openstack -- neutronThe IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address.2016-06-176.4CVE-2015-8914
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
openstack -- neutronThe IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message.2016-06-176.4CVE-2016-5362
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
openstack -- neutronThe IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) crafted non-IP traffic.2016-06-176.4CVE-2016-5363
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
osisoft -- pi_af_server_2016OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated users to cause a denial of service (service outage) via a message.2016-06-194.0CVE-2016-4518
MISC
CONFIRM
oslsoft -- pi_sql_data_access_server_2016OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote authenticated users to cause a denial of service (service outage and data loss) via a message.2016-06-194.0CVE-2016-4530
MISC
CONFIRM
trend_micro -- business_securityDirectory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors.2016-06-185.0CVE-2016-1223
JVNDB
JVN
CONFIRM
trend_micro -- business_securityCRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors.2016-06-184.3CVE-2016-1224
JVNDB
JVN
CONFIRM
trendmicro -- internet_securityTrend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors.2016-06-195.0CVE-2016-1225
CONFIRM
JVNDB
JVN
trendmicro -- internet_securityCross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2016-06-194.3CVE-2016-1226
CONFIRM
JVNDB
JVN
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
cybozu -- garoonCross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-1197.2016-06-193.5CVE-2015-7775
CONFIRM
JVNDB
JVN
ibm -- websphere_mqIBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program.2016-06-192.1CVE-2015-7462
CONFIRM
openssl -- opensslThe dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.2016-06-192.1CVE-2016-2178
CONFIRM
CONFIRM
MLIST
MLIST
MISC
Back to top

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
advantech -- webaccessBuffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file.2016-06-24not yet calculatedCVE-2016-4528
MISC
advantech -- webaccessUnspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag.2016-06-24not yet calculatedCVE-2016-4525
MISC
alertus -- desktop_notificationAlertus Desktop Notification before 2.9.31.1710 on OS X uses weak permissions for configuration files and unspecified other files, which allows local users to suppress emergency notifications or change content via standard filesystem operations.2016-06-25not yet calculatedCVE-2016-5087
CONFIRM
CERT-VN
apple -- mdnsresponderMultiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function.2016-06-25not yet calculatedCVE-2015-7987
CERT-VN
CONFIRM
apple -- mdnsresponderThe handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors.2016-06-25 CVE-2015-7988
CERT-VN
CONFIRM
corega -- cg_wlbaragmCorega CG-WLBARAGM devices allow remote attackers to cause a denial of service (reboot) via unspecified vectors.2016-06-25not yet calculatedCVE-2016-4823
JVNDB
JVN
CONFIRM
corega -- cg_wlbarglCorega CG-WLBARGL devices allow remote authenticated users to execute arbitrary commands via unspecified vectors.2016-06-25not yet calculatedCVE-2016-4822
JVNDB
JVN
CONFIRM
corega -- wifiThe Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack.2016-06-25not yet calculatedCVE-2016-4824
JVNDB
JVN
CONFIRM
curl -- libcurlMultiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory.2016-06-24not yet calculatedCVE-2016-4802
CONFIRM
SECTRACK
cybozu -- garoonCybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors.2016-06-25not yet calculatedCVE-2016-1190
CONFIRM
CONFIRM
JVNDB
JVN
cybozu -- garoonCybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.2016-06-25not yet calculatedCVE-2016-1193
CONFIRM
JVNDB
JVN
cybozu -- garoonCybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.2016-06-25not yet calculatedCVE-2016-1189
CONFIRM
CONFIRM
JVNDB
JVN
cybozu -- garoonCybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors.2016-06-25not yet calculatednot yet calculatedCVE-2016-1188
CONFIRM
CONFIRM
JVNDB
JVN
f5 -- icontrol_restThe iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sensitive information via unspecified vectors.2016-06-24not yet calculatedCVE-2016-5021
CONFIRM
huawei -- fusioninsightHuawei FusionInsight HD before V100R002C60SPC200 allows local users to gain root privileges via unspecified vectors.2016-06-24not yet calculatedCVE-2016-5723
CONFIRM
huawei -- ips_moduleMemory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows remote attackers to cause a denial of service (memory consumption and reboot) via a crafted packet.2016-06-24not yet calculatedCVE-2016-5435
CONFIRM
ibm -- websphere_portalCross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.2016-06-25not yet calculatedCVE-2016-2901
CONFIRM
AIXAPAR
oceanstor -- oceanstorOceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network.2016-06-24not yet calculatedCVE-2016-5722
CONFIRM
schneider -- powerlogicCross-site scripting (XSS) vulnerability in the Schneider Electric PowerLogic PM8ECC module before 2.651 for PowerMeter 800 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2016-06-25not yet calculatedCVE-2016-4513
MISC
solarwinds -- virtualization_ managerSolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack.2016-06-24not yet calculatedCVE-2016-5709
FULLDISC
unitronics -- visilogicStack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers to execute arbitrary code via a crafted filename field in a ZIP archive in a vlp file.2016-06-24not yet calculatedCVE-2016-4519
MISC
MISC
wordpress -- e-commerce_pluginCross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826.2016-06-25not yet calculatedCVE-2016-4827
CONFIRM
JVNDB
JVN
wordpress -- e-commerce_pluginCross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827.2016-06-25not yet calculatedCVE-2016-4826
CONFIRM
JVNDB
JVN
wordpress -- e_commerce_pluginThe Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data.2016-06-25not yet calculatedCVE-2016-4825
CONFIRM
JVNDB
JVN
wordpress -- e-commerce_pluginThe Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account.2016-06-25not yet calculatedCVE-2016-4828
CONFIRM
JVNDB
JVN
Back to top

 

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top