U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

Bulletin (SB16-249)

Vulnerability Summary for the Week of August 29, 2016

Original release date: September 05, 2016 | Last revised: September 06, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
accellion -- kiteworks_applianceAccellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors.2016-08-267.2CVE-2016-5662
CERT-VN
adobe -- acrobatAdobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.2016-08-2610.0CVE-2016-4119
CONFIRM
adobe -- acrobatAdobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, CVE-2016-4269, and CVE-2016-4270.2016-08-2610.0CVE-2016-4265
CONFIRM
adobe -- acrobatAdobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4267, CVE-2016-4268, CVE-2016-4269, and CVE-2016-4270.2016-08-2610.0CVE-2016-4266
CONFIRM
adobe -- acrobatAdobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4268, CVE-2016-4269, and CVE-2016-4270.2016-08-2610.0CVE-2016-4267
CONFIRM
adobe -- acrobatAdobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4269, and CVE-2016-4270.2016-08-2610.0CVE-2016-4268
CONFIRM
adobe -- acrobatAdobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, and CVE-2016-4270.2016-08-2610.0CVE-2016-4269
CONFIRM
adobe -- acrobatAdobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, and CVE-2016-4269.2016-08-2610.0CVE-2016-4270
CONFIRM
cisco -- small_business_220_series_smart_plus_switchesCisco Small Business 220 devices with firmware before 1.0.1.1 have a hardcoded SNMP community, which allows remote attackers to read or modify SNMP objects by leveraging knowledge of this community, aka Bug ID CSCuz76216.2016-09-0110.0CVE-2016-1473
CISCO
linux -- linux_kernelHeap-based buffer overflow in the wcnss_wlan_write function in drivers/net/wireless/wcnss/wcnss_wlan.c in the wcnss_wlan device driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service or possibly have unspecified other impact by writing to /dev/wcnss_wlan with an unexpected amount of data.2016-08-3010.0CVE-2016-5342
CONFIRM
CONFIRM
linux -- linux_kernelMultiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size value, related to mdss_compat_utils.c, mdss_fb.c, and mdss_rotator.c.2016-08-3010.0CVE-2016-5344
CONFIRM
CONFIRM
mac-telnet_project -- mac-telnetBuffer overflow in the handle_packet function in mactelnet.c in the client in MAC-Telnet 0.4.3 and earlier allows remote TELNET servers to execute arbitrary code via a long string in an MT_CPTYPE_PASSSALT control packet.2016-08-307.5CVE-2016-7115
CONFIRM
CONFIRM
netgear -- readynas_surveillance__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.2016-08-3110.0CVE-2016-5674
CERT-VN
netgear -- readynas_surveillancehandle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.2016-08-3110.0CVE-2016-5675
CERT-VN
netgear -- readynas_surveillancecgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.2016-08-319.0CVE-2016-5679
CERT-VN
netgear -- readynas_surveillanceStack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.2016-08-319.0CVE-2016-5680
CERT-VN
nuuo -- nvrmini_2NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors.2016-08-3110.0CVE-2016-5678
CERT-VN
python -- pythonInteger overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.2016-09-0210.0CVE-2016-5636
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
readydesk -- readydeskSQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary SQL commands via the user name field.2016-08-267.5CVE-2016-5048
CERT-VN
readydesk -- readydeskUnrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary code by uploading and requesting a .aspx file.2016-08-267.5CVE-2016-5050
CERT-VN
vbulletin -- vbulletinSQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016.2016-08-307.5CVE-2016-6195
CONFIRM
MISC
vmware -- photon_osVMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.2016-08-309.3CVE-2016-5333
MISC
CONFIRM
VMWARE
vmware -- identity_mangerVMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors.2016-08-307.2CVE-2016-5335
CONFIRM
vmware -- vrealize_automationVMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors.2016-08-307.5CVE-2016-5336
CONFIRM
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
N/A -- N/AAKABEi SOFT2 games allow remote attackers to execute arbitrary OS commands via crafted saved data, as demonstrated by Happy Wardrobe.2016-09-016.8CVE-2016-4853
CONFIRM
JVN
JVNDB
accellion -- kiteworks_applianceMultiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the (1) code, (2) error, or (3) error_description parameter.2016-08-264.3CVE-2016-5663
CERT-VN
accellion -- kiteworks_applianceDirectory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI.2016-08-265.0CVE-2016-5664
CERT-VN
adobe -- coldfusionThe Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a crafted OOXML spreadsheet containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.2016-09-016.4CVE-2016-4264
MISC
CONFIRM
cisco -- small_business_220_series_smart_plus_switchesCross-site request forgery (CSRF) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuz76230.2016-09-016.8CVE-2016-1470
CISCO
cisco -- small_business_220_series_smart_plus_switchesCross-site scripting (XSS) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz76232.2016-09-014.3CVE-2016-1471
CISCO
cisco -- small_business_220_series_smart_plus_switchesThe web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to cause a denial of service (interface outage) via a crafted HTTP request, aka Bug ID CSCuz76238.2016-09-015.0CVE-2016-1472
CISCO
cisco -- content_security_management_applianceThe DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.2016-08-315.0CVE-2016-2183
CONFIRM
CONFIRM
MISC
CONFIRM
MISC
MISC
MISC
MLIST
MISC
CONFIRM
MISC
MISC
cisco -- wireless_lan_controllerThe Adaptive Wireless Intrusion Prevention System (wIPS) feature on Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device restart) via a malformed wIPS packet, aka Bug ID CSCuz40263.2016-09-016.1CVE-2016-6376
CISCO
clipbucket_project -- clipbucketCross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2016-09-014.3CVE-2016-4848
JVN
JVNDB
CONFIRM
debian -- debian_linuxfs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls on directories, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via standard filesystem operations, as demonstrated by scp from an AUFS filesystem.2016-08-314.9CVE-2016-7118
MLIST
gnu -- mailmanCross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.2016-09-026.8CVE-2016-6893
CONFIRM
gnu -- mailmanCross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators.2016-09-026.8CVE-2016-7123
CONFIRM
hp -- xp7_command_viewThe (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before 8.4.1-00 allow remote attackers to obtain sensitive information via unspecified vectors.2016-08-265.0CVE-2016-4378
CONFIRM
ibm -- bigfix_platformCross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.1.8 and 9.2.x before 9.2.8 allows remote attackers to inject arbitrary web script or HTML via a modified .beswrpt file.2016-08-314.3CVE-2016-0293
CONFIRM
ibm -- bigfix_webreportsWebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.2016-08-304.3CVE-2016-0397
CONFIRM
ibm -- mq_appliance_firmwareMQCLI on IBM MQ Appliance M2000 and M2001 devices allows local users to execute arbitrary shell commands via a crafted (1) Disaster Recovery or (2) High Availability command.2016-09-024.6CVE-2016-5879
AIXAPAR
CONFIRM
jwcrypto_project -- jwcryptoThe _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).2016-09-014.3CVE-2016-6298
CONFIRM
CONFIRM
CONFIRM
CONFIRM
let's_php! -- simple_chatCross-site scripting (XSS) vulnerability in Let's PHP! simple chat before 2016-08-15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2016-09-014.3CVE-2016-4851
JVN
JVNDB
netapp -- clustered_data_ontapNetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors.2016-08-314.0CVE-2016-3064
CONFIRM
netapp -- oncommand_system_managerNetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecified vectors.2016-09-014.0CVE-2016-5047
CONFIRM
netgear -- readynas_surveillancecgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.2016-08-315.0CVE-2016-5676
CERT-VN
netgear -- readynas_surveillanceNUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request.2016-08-315.0CVE-2016-5677
CERT-VN
python -- pythonThe smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."2016-09-025.8CVE-2016-0772
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
python -- pythonCRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.2016-09-024.3CVE-2016-5699
MISC
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
readydesk -- readydeskDirectory traversal vulnerability in chat/openattach.aspx in ReadyDesk 9.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the SESID parameter in conjunction with a filename in the FNAME parameter.2016-08-265.0CVE-2016-5049
CERT-VN
readydesk -- readydeskReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQL_Config.aspx file and decrypting data with a hardcoded key in the ReadyDesk.dll file.2016-08-264.6CVE-2016-5683
CERT-VN
vbulletin -- vbulletinThe media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote attackers to conduct SSRF attacks via a crafted URL that results in a Redirection HTTP status code.2016-09-015.0CVE-2016-6483
MISC
CONFIRM
CONFIRM
CONFIRM
vmware -- vrealize_log_insightDirectory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors.2016-08-305.0CVE-2016-5332
CONFIRM
zimbra -- zimbra_collaboration_serverMultiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2016-08-294.3CVE-2016-5721
CONFIRM
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
dotnetnuke -- dotnetnukeCross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element.2016-08-313.5CVE-2016-7119
CONFIRM
ibm -- bigfix_webreportsWebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows local users to discover the cleartext system password by reading a report.2016-08-302.1CVE-2016-0292
CONFIRM
ibm -- forms_experience_builderCross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an application that was built with this product.2016-08-313.5CVE-2016-0370
AIXAPAR
AIXAPAR
CONFIRM
ibm -- websphere_application_serverBuffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors.2016-09-013.5CVE-2016-0385
AIXAPAR
CONFIRM
ibm -- connectionsCross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2956 and CVE-2016-3008.2016-09-013.5CVE-2016-2954
CONFIRM
ibm -- connectionsCross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2954 and CVE-2016-3008.2016-09-013.5CVE-2016-2956
CONFIRM
ibm -- connectionsCross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2997, CVE-2016-3005, and CVE-2016-3010.2016-09-013.5CVE-2016-2995
AIXAPAR
CONFIRM
ibm -- connectionsCross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-3005, and CVE-2016-3010.2016-09-013.5CVE-2016-2997
AIXAPAR
CONFIRM
ibm -- connectionsCross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update data.2016-09-013.5CVE-2016-2998
AIXAPAR
CONFIRM
ibm -- connectionsCross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-2997, and CVE-2016-3010.2016-09-013.5CVE-2016-3005
AIXAPAR
CONFIRM
ibm -- connectionsCross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2954 and CVE-2016-2956.2016-09-013.5CVE-2016-3008
CONFIRM
ibm -- connectionsCross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-2997, and CVE-2016-3005.2016-09-013.5CVE-2016-3010
AIXAPAR
CONFIRM
phpvibe -- phpvibeCross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows remote authenticated users to inject arbitrary web script or HTML via a comment.2016-08-263.5CVE-2015-5399
MISC
EXPLOIT-DB
qemu -- qemuQEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command.2016-09-021.5CVE-2016-4952
MLIST
MLIST
CONFIRM
MLIST
qemu -- qemuThe megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command.2016-09-021.9CVE-2016-5105
MLIST
MLIST
CONFIRM
MLIST
qemu -- qemuThe megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command.2016-09-021.5CVE-2016-5106
MLIST
MLIST
CONFIRM
MLIST
qemu -- qemuThe megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors.2016-09-021.5CVE-2016-5107
MLIST
MLIST
CONFIRM
MLIST
Back to top

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
cisco -- virtual_media_packagerMedia Origination System Suite Software 2.6 and earlier in Cisco Virtual Media Packager (VMP) allows remote attackers to bypass authentication and make arbitrary Platform and Applications Manager (PAM) API calls via unspecified vectors, aka Bug ID CSCuz52110.2016-09-03not yet calculatedCVE-2016-6377
CISCO
cisco -- webex_meetings_playerCisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375.2016-09-03not yet calculatedCVE-2016-1464
CISCO
cisco -- webex_mettings_playerCisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455.2016-09-03not yet cakculatedCVE-2016-1415
CISCO
jose_jwe -- jose_jweThe RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).2016-09-03not yet calculatedCVE-2016-5430
CONFIRM
jose_php -- jose_phpjose-php before 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easier for remote attackers to obtain sensitive information via a timing attack, related to JWE.php and JWS.php.2016-09-03not yet calculatedCVE-2016-5429
CONFIRM
CONFIRM
misp -- mispapp/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors.2016-09-03not yet calculatedCVE-2015-5719
CONFIRM
CONFIRM
misp -- mispMalware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.2016-09-03not yet calculatedCVE-2015-5721
CONFIRM
CONFIRM
misp -- mispMultiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js.2016-09-03not yet calculatedCVE-2015-5720
CONFIRM
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top