U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

Bulletin (SB16-193)

Vulnerability Summary for the Week of July 4, 2016

Original release date: July 11, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- commons_fileuploadThe MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.2016-07-047.8CVE-2016-3092
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
JVNDB
JVN
apache -- strutsThe REST plugin in Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.2016-07-047.5CVE-2016-4438
CONFIRM
CONFIRM
JVNDB
JVN
apple -- airport_base_station_firmwareApple AirPort Base Station Firmware before 7.6.7 and 7.7.x before 7.7.7 misparses DNS data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.2016-07-0210.0CVE-2015-7029
CONFIRM
APPLE
cisco -- evolved_programmable_network_managerThe API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device credentials, aka Bug ID CSCuy10231.2016-07-0210.0CVE-2016-1289
CISCO
cisco -- epc3928_firmwaregoform/WClientMACList on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long h_sortWireless parameter, related to a "Gateway Client List Denial of Service" issue, aka Bug ID CSCux24948.2016-07-037.8CVE-2016-1328
BUGTRAQ
MISC
cisco -- epc3928_firmwaregoform/Docsis_system on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long LanguageSelect parameter, related to a "Gateway HTTP Corruption Denial of Service" issue, aka Bug ID CSCuy28100.2016-07-037.8CVE-2016-1336
BUGTRAQ
MISC
cisco -- firesight_system_softwareCisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238.2016-07-027.5CVE-2016-1394
CISCO
cisco -- prime_collaboration_provisioningCisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513.2016-07-0210.0CVE-2016-1416
CISCO
cisco -- prime_infrastructureThe administrative web interface in Cisco Prime Infrastructure (PI) before 3.1.1 allows remote authenticated users to execute arbitrary commands via crafted field values, aka Bug ID CSCuy96280.2016-07-079.0CVE-2016-1442
CISCO
eaton -- elcsoftStack-based buffer overflow in ELCSimulator in Eaton ELCSoft 2.4.01 and earlier allows remote attackers to execute arbitrary code via a long packet.2016-07-037.5CVE-2016-4512
MISC
ibm -- power_hardware_management_consoleIBM Power Hardware Management Console (HMC) 7.3 through 7.3.0 SP7, 7.9 through 7.9.0 SP3, 8.1 through 8.1.0 SP3, 8.2 through 8.2.0 SP2, 8.3 through 8.3.0 SP2, 8.4 through 8.4.0 SP1, and 8.5.0 allows physically proximate attackers to obtain root access via unspecified vectors.2016-07-077.2CVE-2016-0230
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ibm -- urbancode_deployThe agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not verify a server's identity in a JMS session or an HTTP session, which allows local users to obtain root access to arbitrary agents via unspecified vectors.2016-07-077.2CVE-2016-0271
CONFIRM
ibm -- watson_developer_cloudThe IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random numbers for service-instance credentials, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.2016-07-027.5CVE-2016-0391
CONFIRM
linux -- linux_kernelThe usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet.2016-07-0310.0CVE-2016-3955
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernelThe compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.2016-07-037.2CVE-2016-4997
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
meinberg -- ims-lantime_m1000Stack-based buffer overflow in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via a crafted parameter in a POST request.2016-07-037.5CVE-2016-3962
MISC
meinberg -- ims-lantime_m1000Multiple stack-based buffer overflows in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via a crafted parameter in a POST request.2016-07-037.5CVE-2016-3988
MISC
meinberg -- ims-lantime_m1000The NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote authenticated users to obtain root privileges for writing to unspecified scripts, and consequently obtain sensitive information or modify data, by leveraging access to the nobody account.2016-07-038.5CVE-2016-3989
MISC
microfocus -- rumbaMultiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (3) the PrinterName property value to ProfileEditor.PrintPasteControl in ProfEdit.dll, (4) the Data argument to the WriteRecords function in FTXBIFFLib.AS400FtxBIFF in FtxBIFF.dll, (5) the Serialized property value to NMSECCOMPARAMSLib.SSL3 in NMSecComParams.dll, (6) the UserName property value to NMSECCOMPARAMSLib.FirewallProxy in NMSecComParams.dll, (7) the LUName property value to ProfileEditor.MFSNAControl in ProfEdit.dll, (8) the newVal argument to the Load function in FTPSFTPLib.SFtpSession in FTPSFtp.dll, or (9) a long Host field in the FTP Client.2016-07-0210.0CVE-2016-1606
MISC
MISC
CONFIRM
microfocus -- rumbaStack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument. NOTE: some references mention CVE-2016-5226 but that is not a correct ID for any Rumba vulnerability.2016-07-0210.0CVE-2016-5228
MISC
MISC
CONFIRM
openvswitch -- openvswitchBuffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.2016-07-037.5CVE-2016-2074
MLIST
CONFIRM
CONFIRM
MLIST
phpmyadmin -- phpmyadminSQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query.2016-07-027.5CVE-2016-5703
CONFIRM
CONFIRM
phpmyadmin -- phpmyadminphpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.2016-07-027.5CVE-2016-5734
CONFIRM
CONFIRM
CONFIRM
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- strutsThe MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.2016-07-045.0CVE-2015-0899
CONFIRM
JVNDB
JVN
apache -- strutsActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.2016-07-046.8CVE-2016-1181
CONFIRM
CONFIRM
CONFIRM
JVNDB
JVN
apache -- strutsActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.2016-07-046.4CVE-2016-1182
CONFIRM
CONFIRM
CONFIRM
JVNDB
JVN
apache -- http_serverThe Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service (stream-processing outage) via modified flow-control windows.2016-07-064.3CVE-2016-1546
CONFIRM
CONFIRM
CONFIRM
apache -- strutsApache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.2016-07-046.8CVE-2016-4430
CONFIRM
CONFIRM
JVNDB
JVN
apache -- strutsApache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method.2016-07-045.0CVE-2016-4431
CONFIRM
CONFIRM
JVNDB
JVN
apache -- strutsApache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request.2016-07-045.0CVE-2016-4433
CONFIRM
CONFIRM
JVNDB
JVN
apache -- xerces-c++Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD.2016-07-085.0CVE-2016-4463
DEBIAN
CONFIRM
CONFIRM
CONFIRM
SECTRACK
BID
BUGTRAQ
MISC
apache -- strutsThe URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.2016-07-045.0CVE-2016-4465
CONFIRM
CONFIRM
JVNDB
JVN
apache -- http_serverThe Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple requests over a single connection and aborting a renegotiation.2016-07-065.0CVE-2016-4979
CONFIRM
CONFIRM
MLIST
CONFIRM
cisco -- epc3928_firmwareCisco EPC3928 devices allow remote attackers to obtain sensitive configuration and credential information by making requests during the early part of the boot process, related to a "Boot Information Disclosure" issue, aka Bug ID CSCux17178.2016-07-034.3CVE-2016-1337
BUGTRAQ
MISC
cisco -- rv110w_firmwareBuffer overflow in the web-based management interface on Cisco RV110W devices with firmware through 1.2.1.4, RV130W devices with firmware through 1.0.2.7, and RV215W devices with firmware through 1.3.0.7 allows remote authenticated users to cause a denial of service (device reload) via a crafted HTTP request, aka Bug ID CSCux86669.2016-07-036.8CVE-2016-1398
CISCO
cisco -- evolved_programmable_network_managerCisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488.2016-07-026.5CVE-2016-1408
CISCO
cisco -- iosCisco IOS 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, and 15.4(1.13)S allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun66735.2016-07-036.1CVE-2016-1425
CISCO
cisco -- web_security_applianceThe proxy process on Cisco Web Security Appliance (WSA) devices through 9.1.0-070 allows remote attackers to cause a denial of service (CPU consumption) by establishing an FTP session and then improperly terminating the control connection after a file transfer, aka Bug ID CSCuy43468.2016-07-025.0CVE-2016-1440
CISCO
cisco -- cloud_network_automation_provisionerCisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET API calls, aka Bug ID CSCuy77145.2016-07-026.4CVE-2016-1441
CISCO
cisco -- amp_threat_grid_applianceThe virtual network stack on Cisco AMP Threat Grid Appliance devices before 2.1.1 allows remote attackers to bypass a sandbox protection mechanism, and consequently obtain sensitive interprocess information or modify interprocess data, via a crafted malware sample.2016-07-076.8CVE-2016-1443
CISCO
cisco -- telepresence_video_communication_serverThe Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601.2016-07-075.8CVE-2016-1444
CISCO
eaton -- elcsoftHeap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and earlier allows remote authenticated users to execute arbitrary code via a crafted file.2016-07-036.0CVE-2016-4509
MISC
emc -- avamarThe web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation.2016-07-066.5CVE-2016-0906
BUGTRAQ
google -- chromeMultiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.2016-07-036.8CVE-2016-1704
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
ibm -- jazz_reporting_serviceThe Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allow remote authenticated users to conduct clickjacking attacks via unspecified vectors.2016-07-074.0CVE-2016-0314
CONFIRM
ibm -- jazz_reporting_serviceThe Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 maintain session ID validity after a logout action, which allows remote authenticated users to hijack sessions by leveraging an unattended workstation.2016-07-076.5CVE-2016-0315
CONFIRM
ibm -- websphere_application_serverCRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.2016-07-034.3CVE-2016-0359
CONFIRM
AIXAPAR
ibm -- tririga_application_platformCross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees.2016-07-026.0CVE-2016-0386
AIXAPAR
ibm -- websphere_application_serverAdmin Center in IBM WebSphere Application Server (WAS) 8.5.5.2 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to obtain sensitive information via unspecified vectors.2016-07-075.0CVE-2016-0389
CONFIRM
AIXAPAR
ibm -- cognos_analyticsIBM Cognos Analytics (CA) 11.0 before 11.0.2 allows remote attackers to conduct content-spoofing attacks via a crafted URL.2016-07-024.3CVE-2016-0398
CONFIRM
ibm -- websphere_extreme_scaleCRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.2016-07-024.3CVE-2016-0400
CONFIRM
AIXAPAR
AIXAPAR
ibm -- websphere_extreme_scaleIBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.2016-07-024.3CVE-2016-2861
CONFIRM
AIXAPAR
AIXAPAR
ibm -- websphere_commerceCross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 before 7.0.0.9 cumulative iFix 3, and 8.0 before 8.0.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.2016-07-034.3CVE-2016-2862
CONFIRM
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ibm -- websphere_commerceCross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.2016-07-036.0CVE-2016-2863
CONFIRM
AIXAPAR
ibm -- infosphere_streamsIBM InfoSphere Streams before 4.0.1.2 and IBM Streams before 4.1.1.1 do not properly implement the runAsUser feature, which allows local users to obtain root group privileges via unspecified vectors.2016-07-026.9CVE-2016-2867
CONFIRM
ibm -- qradar_security_information_and_event_managerIBM Security QRadar SIEM 7.2.x before 7.2.7 allows remote authenticated administrators to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.2016-07-024.0CVE-2016-2868
CONFIRM
ibm -- websphere_datapower_xc10_appliance_firmwareBuffer overflow in the CLI on IBM WebSphere DataPower XC10 appliances 2.1 and 2.5 allows remote authenticated users to cause a denial of service via unspecified vectors.2016-07-025.0CVE-2016-2870
CONFIRM
AIXAPAR
ibm -- qradar_security_information_and_event_managerDirectory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.7 and QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to read arbitrary files via a crafted URL.2016-07-025.0CVE-2016-2872
CONFIRM
ibm -- tririga_application_platformIBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to obtain sensitive information by reading HTTP responses.2016-07-024.0CVE-2016-2882
CONFIRM
ibm -- jazz_reporting_serviceCross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0313 and CVE-2016-0350.2016-07-074.3CVE-2016-2888
CONFIRM
ibm -- jazz_reporting_serviceCross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016, 6.0 and 6.0.1 before 6.0.1 ifix005, and 6.0.2 before ifix002 allows remote authenticated users to hijack the authentication of arbitrary users.2016-07-076.8CVE-2016-2889
CONFIRM
ibm -- websphere_application_serverIBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.2016-07-075.0CVE-2016-2923
CONFIRM
AIXAPAR
ibm -- websphere_application_serverThe API Discovery implementation in IBM WebSphere Application Server (WAS) 8.5.5.8 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authenticated users to gain privileges via an external reference in a Swagger document.2016-07-076.0CVE-2016-2945
CONFIRM
AIXAPAR
ibm -- integration_busThe integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace.2016-07-025.0CVE-2016-2961
CONFIRM
AIXAPAR
ibm -- security_qradar_incident_forensicsIBM Security QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unspecified vectors.2016-07-025.5CVE-2016-2968
CONFIRM
ibm -- sdkThe CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.2016-07-025.0CVE-2016-3956
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
isc -- bindISC BIND through 9.10.4-P1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.2016-07-064.0CVE-2016-6170
MLIST
MLIST
MLIST
MISC
CONFIRM
MLIST
libreoffice -- libreofficeUse-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and supercript tokens.2016-07-086.8CVE-2016-4324
UBUNTU
MISC
SECTRACK
BID
CONFIRM
DEBIAN
linux -- linux_kernelThe IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary.2016-07-035.6CVE-2016-4998
CONFIRM
CONFIRM
MLIST
CONFIRM
ntp -- ntpntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.2016-07-044.3CVE-2016-4953
CERT-VN
CONFIRM
CONFIRM
CONFIRM
ntp -- ntpThe process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.2016-07-044.3CVE-2016-4954
CERT-VN
CONFIRM
CONFIRM
CONFIRM
ntp -- ntpntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.2016-07-045.0CVE-2016-4956
CERT-VN
CONFIRM
CONFIRM
CONFIRM
ntp -- ntpntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.2016-07-045.0CVE-2016-4957
CERT-VN
CONFIRM
CONFIRM
CONFIRM
ntt_east -- pr-400mi_firmwareNTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.2016-07-036.5CVE-2016-1227
CONFIRM
CONFIRM
JVNDB
JVN
ntt_west -- pr-400miCross-site request forgery (CSRF) vulnerability on NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allows remote attackers to hijack the authentication of arbitrary users.2016-07-036.8CVE-2016-1228
CONFIRM
CONFIRM
JVNDB
JVN
phpmyadmin -- phpmyadminphpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.2016-07-045.0CVE-2016-5097
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
phpmyadmin -- phpmyadminDirectory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error.2016-07-045.0CVE-2016-5098
CONFIRM
CONFIRM
phpmyadmin -- phpmyadminCross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.2016-07-044.3CVE-2016-5099
CONFIRM
CONFIRM
phpmyadmin -- phpmyadminsetup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI.2016-07-024.3CVE-2016-5701
CONFIRM
CONFIRM
phpmyadmin -- phpmyadminphpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI.2016-07-024.3CVE-2016-5702
CONFIRM
CONFIRM
phpmyadmin -- phpmyadminCross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment.2016-07-024.3CVE-2016-5704
CONFIRM
CONFIRM
phpmyadmin -- phpmyadminMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation.2016-07-024.3CVE-2016-5705
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
phpmyadmin -- phpmyadminjs/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter.2016-07-025.0CVE-2016-5706
CONFIRM
CONFIRM
phpmyadmin -- phpmyadminphpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message.2016-07-025.0CVE-2016-5730
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
phpmyadmin -- phpmyadminCross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.2016-07-024.3CVE-2016-5731
CONFIRM
CONFIRM
CONFIRM
phpmyadmin -- phpmyadminMultiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters.2016-07-024.3CVE-2016-5732
CONFIRM
CONFIRM
CONFIRM
phpmyadmin -- phpmyadminMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml.2016-07-024.3CVE-2016-5733
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
phpmyadmin -- phpmyadminThe Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php.2016-07-025.0CVE-2016-5739
CONFIRM
CONFIRM
CONFIRM
qnap -- qtsCross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2016-07-034.3CVE-2015-5664
CONFIRM
JVNDB
JVN
rexroth -- bladecontrol-webvisSQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.2016-07-065.5CVE-2016-4507
MISC
rexroth -- bladecontrol-webvisCross-site scripting (XSS) vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2016-07-064.3CVE-2016-4508
MISC
samba -- sambalibcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag.2016-07-076.8CVE-2016-2119
CONFIRM
vmware -- vcenter_serverCross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL.2016-07-024.3CVE-2015-6931
CONFIRM
vmware -- nsx_edgeVMware NSX Edge 6.1 before 6.1.7 and 6.2 before 6.2.3 and vCNS Edge 5.5 before 5.5.4.3, when the SSL-VPN feature is configured, allow remote attackers to obtain sensitive information via unspecified vectors.2016-07-024.3CVE-2016-2079
CONFIRM
vmware -- vrealize_log_insightCross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2016-07-024.3CVE-2016-2081
CONFIRM
vmware -- vrealize_log_insightCross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.2016-07-026.8CVE-2016-2082
CONFIRM
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
emc -- rsa_archer_egrcEMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files.2016-07-043.5CVE-2016-0899
BUGTRAQ
flexerasoftware -- installanywhereUntrusted search path vulnerability in Flexera InstallAnywhere allows local users to gain privileges via a Trojan horse DLL in the current working directory of a setup-launcher executable file.2016-07-023.7CVE-2016-4560
CONFIRM
ibm -- cognos_business_intelligenceCross-site scripting (XSS) vulnerability in IBM Cognos TM1, as used in IBM Cognos Business Intelligence 10.2 before IF20, 10.2.1 before IF17, 10.2.1.1 before IF16, 10.2.2 before IF12, and 10.1.1 before IF19, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.2016-07-033.5CVE-2016-0221
CONFIRM
ibm -- control_centerIBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors.2016-07-071.9CVE-2016-0252
CONFIRM
ibm -- i_accessIBM i Access 7.1 on Windows allows local users to discover registry passwords via unspecified vectors.2016-07-072.1CVE-2016-0287
AIXAPAR
CONFIRM
ibm -- jazz_reporting_serviceCross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2888 and CVE-2016-0350.2016-07-073.5CVE-2016-0313
CONFIRM
ibm -- cognos_business_intelligenceCross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence 10.2 before IF20, 10.2.1 before IF17, 10.2.1.1 before IF16, 10.2.2 before IF12, and 10.1.1 before IF19 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.2016-07-033.5CVE-2016-0346
CONFIRM
ibm -- jazz_reporting_serviceCross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2888 and CVE-2016-0313.2016-07-073.5CVE-2016-0350
CONFIRM
ibm -- tririga_application_platformCross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.2016-07-023.5CVE-2016-0387
CONFIRM
ibm -- maximo_asset_managementCross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.9 IFIX007, and 7.6 before 7.6.0.5 FP005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.2016-07-023.5CVE-2016-0399
CONFIRM
ibm -- tririga_application_platformCross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.2016-07-023.5CVE-2016-2883
CONFIRM
ibm -- tivoli_storage_managerIBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging previous use of a symlink during archive and retrieve actions.2016-07-032.1CVE-2016-2894
CONFIRM
AIXAPAR
linux -- linux_kernelRace condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability.2016-07-031.9CVE-2016-6130
CONFIRM
CONFIRM
BUGTRAQ
CONFIRM
ntp -- ntpntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.2016-07-042.6CVE-2016-4955
CERT-VN
CONFIRM
CONFIRM
CONFIRM
siemens -- sicam_pasSiemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges.2016-07-041.7CVE-2016-5848
CONFIRM
siemens -- sicam_pasSiemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage.2016-07-041.9CVE-2016-5849
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top