Vulnerability ☼ Summary for the Week of September 26, 2016
https://www.us-cert.gov/ncas/bulletins/SB16-277
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology(NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit theNVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
- Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
- Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe — digital_editions | Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4263. | 2016-09-26 | 10.0 | CVE-2016-6980 BID(link is external) CONFIRM(link is external) |
apple — apple_tv | libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. | 2016-09-25 | 10.0 | CVE-2016-4658 APPLE(link is external) APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — mac_os_x | The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application’s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an “httpoxy” issue, a related issue to CVE-2016-5387. | 2016-09-25 | 7.5 | CVE-2016-4694 APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — mac_os_x | AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | 2016-09-25 | 9.3 | CVE-2016-4696 APPLE(link is external) CONFIRM(link is external) |
apple — mac_os_x | Apple HSSPI Support in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2016-09-25 | 9.3 | CVE-2016-4697 APPLE(link is external) CONFIRM(link is external) |
apple — iphone_os | AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | 2016-09-25 | 9.3 | CVE-2016-4698 APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — mac_os_x | AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4700. | 2016-09-25 | 9.3 | CVE-2016-4699 APPLE(link is external) CONFIRM(link is external) |
apple — mac_os_x | AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4699. | 2016-09-25 | 9.3 | CVE-2016-4700 APPLE(link is external) CONFIRM(link is external) |
apple — apple_tv | Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 2016-09-25 | 10.0 | CVE-2016-4702 APPLE(link is external) APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — mac_os_x | Bluetooth in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2016-09-25 | 9.3 | CVE-2016-4703 APPLE(link is external) CONFIRM(link is external) |
apple — mac_os_x | WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage “type confusion,” a different vulnerability than CVE-2016-4710. | 2016-09-25 | 7.2 | CVE-2016-4709 APPLE(link is external) CONFIRM(link is external) |
apple — mac_os_x | WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage “type confusion,” a different vulnerability than CVE-2016-4709. | 2016-09-25 | 7.2 | CVE-2016-4710 APPLE(link is external) CONFIRM(link is external) |
apple — apple_tv | CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app. | 2016-09-25 | 9.3 | CVE-2016-4712 APPLE(link is external) APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — mac_os_x | diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors. | 2016-09-25 | 7.2 | CVE-2016-4716 APPLE(link is external) CONFIRM(link is external) |
apple — mac_os_x | Intel Graphics Driver in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2016-09-25 | 9.3 | CVE-2016-4723 APPLE(link is external) CONFIRM(link is external) |
apple — iphone_os | IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | 2016-09-25 | 9.3 | CVE-2016-4724 APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — apple_tv | IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2016-09-25 | 9.3 | CVE-2016-4726 APPLE(link is external) APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — mac_os_x | IOThunderboltFamily in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2016-09-25 | 9.3 | CVE-2016-4727 APPLE(link is external) CONFIRM(link is external) |
apple — safari | WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4731. | 2016-09-25 | 9.3 | CVE-2016-4729 APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — safari | WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735. | 2016-09-25 | 9.3 | CVE-2016-4730 APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — safari | WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4729. | 2016-09-25 | 9.3 | CVE-2016-4731 APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — safari | WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4734, and CVE-2016-4735. | 2016-09-25 | 9.3 | CVE-2016-4733 APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — safari | WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4735. | 2016-09-25 | 9.3 | CVE-2016-4734 APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — safari | WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4734. | 2016-09-25 | 9.3 | CVE-2016-4735 APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — mac_os_x | libarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted file. | 2016-09-25 | 9.3 | CVE-2016-4736 APPLE(link is external) CONFIRM(link is external) |
apple — safari | WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 2016-09-25 | 9.3 | CVE-2016-4737 APPLE(link is external) APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — apple_tv | libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 2016-09-25 | 9.3 | CVE-2016-4738 APPLE(link is external) APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — iphone_os | S2 Camera in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2016-09-25 | 9.3 | CVE-2016-4750 APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — apple_tv | Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk images, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | 2016-09-25 | 9.3 | CVE-2016-4753 APPLE(link is external) APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — apple_tv | The kernel in Apple OS X before 10.12, tvOS before 10, and watchOS before 3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | 2016-09-25 | 7.2 | CVE-2016-4775 APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — apple_tv | The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app. | 2016-09-25 | 9.3 | CVE-2016-4777 APPLE(link is external) APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — apple_tv | The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2016-09-25 | 9.3 | CVE-2016-4778 APPLE(link is external) APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
aternity — aternity | The web server in Aternity 9 and earlier does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans. | 2016-09-29 | 9.3 | CVE-2016-5062 CERT-VN |
citrix — linux_virtual_delivery_agent | Citrix Linux Virtual Delivery Agent (aka VDA, formerly Linux Virtual Desktop) before 1.4.0 allows local users to gain root privileges via unspecified vectors. | 2016-09-26 | 7.2 | CVE-2016-6276 CONFIRM(link is external) BID(link is external) |
dexis — imaging_suite | DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXIS_DATA SQL Server session. | 2016-09-24 | 10.0 | CVE-2016-6532 CERT-VN |
hp — network_automation | HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | 2016-09-29 | 7.5 | CVE-2016-4385 CONFIRM(link is external) |
huawei — anyoffice_secureapp | Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a denial of service (application crash) via a crafted compressed email attachment. | 2016-09-26 | 7.1 | CVE-2016-6826 CONFIRM(link is external) |
huawei — honor6_firmware | The video driver in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B362, CRR-UL20 before CRR-UL20C00B362, CRR-CL00 before CRR-CL00C92B362, and CRR-CL20 before CRR-CL20C92B362; P8 smartphones with software GRA-TL00 before GRA-TL00C01B366, GRA-UL00 before GRA-UL00C00B366, GRA-UL10 before GRA-UL10C00B366, and GRA-CL00 before GRA-CL00C92B366; and Honor 6 and Honor 6 Plus smartphones with software before 6.9.16 allows attackers to cause a denial of service (device reboot) via a crafted application. | 2016-09-26 | 7.1 | CVE-2016-8279 CONFIRM(link is external) |
iperf_project — iperf | The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow. | 2016-09-26 | 7.5 | CVE-2016-4303 MISC(link is external) SUSE SUSE CONFIRM(link is external) MISC(link is external) CONFIRM(link is external) CONFIRM(link is external) |
isc — bind | buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. | 2016-09-28 | 7.8 | CVE-2016-2776 CONFIRM |
libgd — libgd | Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls. | 2016-09-28 | 7.5 | CVE-2016-7568 CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
moxa — active_opc_server | Unquoted Windows search path vulnerability in Moxa Active OPC Server before 2.4.19 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory. | 2016-09-24 | 7.2 | CVE-2016-5793 MISC |
opendental — opendental | ** DISPUTED ** Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the “vulnerability note … is factually false … there is indeed a default blank password, but it can be changed … We recommend that users change it, each customer receives direction.” | 2016-09-24 | 7.5 | CVE-2016-6531 CERT-VN MISC |
openssl — openssl | Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. | 2016-09-26 | 7.8 | CVE-2016-6304 CONFIRM CONFIRM |
openssl — openssl | statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages. | 2016-09-26 | 7.1 | CVE-2016-6308 CONFIRM CONFIRM |
openssl — openssl | statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session. | 2016-09-26 | 10.0 | CVE-2016-6309 CONFIRM CONFIRM |
openstack — mitaka-murano | OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files, which allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages. | 2016-09-26 | 7.5 | CVE-2016-4972 MLIST(link is external) CONFIRM(link is external) CONFIRM(link is external) |
powerdns — authoritative_server | PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response. | 2016-09-26 | 7.1 | CVE-2016-6172 SUSE MLIST(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) MISC(link is external) MLIST(link is external) |
redhat — jboss_operations_network | The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3737. | 2016-09-27 | 9.0 | CVE-2016-6330 BID(link is external) CONFIRM(link is external) |
sap — trex | An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591. | 2016-09-27 | 10.0 | CVE-2016-6137 MISC(link is external) MISC(link is external) FULLDISC FULLDISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache — activemq_artemis | The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath. | 2016-09-27 | 6.0 | CVE-2016-4978 MLIST BID(link is external) MISC(link is external) |
apple — safari | WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4730, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735. | 2016-09-25 | 6.8 | CVE-2016-4611 APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — safari | Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka “Universal XSS (UXSS).” | 2016-09-25 | 4.3 | CVE-2016-4618 APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — mac_os_x | cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors. | 2016-09-25 | 4.9 | CVE-2016-4706 APPLE(link is external) CONFIRM(link is external) |
apple — apple_tv | CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response. | 2016-09-25 | 4.3 | CVE-2016-4708 APPLE(link is external) APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — iphone_os | CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output. | 2016-09-25 | 5.0 | CVE-2016-4711 APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — mac_os_x | CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users’ screens by leveraging screen-sharing access. | 2016-09-25 | 4.3 | CVE-2016-4713 APPLE(link is external) CONFIRM(link is external) |
apple — mac_os_x | The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user’s location via a crafted app. | 2016-09-25 | 4.3 | CVE-2016-4715 APPLE(link is external) CONFIRM(link is external) |
apple — mac_os_x | The File Bookmark component in Apple OS X before 10.12 mishandles scoped-bookmark file descriptors, which allows attackers to cause a denial of service via a crafted app. | 2016-09-25 | 5.0 | CVE-2016-4717 APPLE(link is external) CONFIRM(link is external) |
apple — apple_tv | Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file. | 2016-09-25 | 4.3 | CVE-2016-4718 APPLE(link is external) APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — iphone_os | The IDS – Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and obtain sensitive information via unspecified vectors. | 2016-09-25 | 4.3 | CVE-2016-4722 APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — apple_tv | IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted web site. | 2016-09-25 | 5.8 | CVE-2016-4725 APPLE(link is external) APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — itunes | WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site. | 2016-09-25 | 6.8 | CVE-2016-4728 APPLE(link is external) APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — mac_os_x | mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface. | 2016-09-25 | 4.3 | CVE-2016-4739 APPLE(link is external) CONFIRM(link is external) |
apple — mac_os_x | NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app. | 2016-09-25 | 4.3 | CVE-2016-4742 APPLE(link is external) CONFIRM(link is external) |
apple — mac_os_x | The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack. | 2016-09-25 | 5.0 | CVE-2016-4745 APPLE(link is external) CONFIRM(link is external) |
apple — mac_os_x | Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable. | 2016-09-25 | 4.6 | CVE-2016-4748 APPLE(link is external) CONFIRM(link is external) |
apple — safari | The Safari Tabs component in Apple Safari before 10 allows remote attackers to spoof the address bar of a tab via a crafted web site. | 2016-09-25 | 4.3 | CVE-2016-4751 APPLE(link is external) CONFIRM(link is external) |
apple — mac_os_x | The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering key derivation. | 2016-09-25 | 4.3 | CVE-2016-4752 APPLE(link is external) CONFIRM(link is external) |
apple — os_x_server | ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | 2016-09-25 | 5.0 | CVE-2016-4754 APPLE(link is external) CONFIRM(link is external) |
apple — itunes | WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site. | 2016-09-25 | 4.3 | CVE-2016-4758 APPLE(link is external) APPLE(link is external) APPLE(link is external) MISC(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — itunes | WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4765, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768. | 2016-09-25 | 6.8 | CVE-2016-4759 APPLE(link is external) APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — itunes | WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support. | 2016-09-25 | 4.3 | CVE-2016-4760 APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — icloud | WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, iCloud before 6.0 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 2016-09-25 | 6.8 | CVE-2016-4762 APPLE(link is external) APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — itunes | WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2016-09-25 | 4.9 | CVE-2016-4763 APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — itunes | WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768. | 2016-09-25 | 6.8 | CVE-2016-4765 APPLE(link is external) APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — itunes | WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767, and CVE-2016-4768. | 2016-09-25 | 6.8 | CVE-2016-4766 APPLE(link is external) APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — itunes | WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4768. | 2016-09-25 | 6.8 | CVE-2016-4767 APPLE(link is external) APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — itunes | WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4767. | 2016-09-25 | 6.8 | CVE-2016-4768 APPLE(link is external) APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — itunes | WebKit in Apple iTunes before 12.5.1 on Windows and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2016-09-25 | 6.8 | CVE-2016-4769 APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — iphone_os | The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname. | 2016-09-25 | 4.3 | CVE-2016-4771 APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — apple_tv | The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors. | 2016-09-25 | 5.0 | CVE-2016-4772 APPLE(link is external) APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — apple_tv | The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4774 and CVE-2016-4776. | 2016-09-25 | 5.8 | CVE-2016-4773 APPLE(link is external) APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — apple_tv | The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4776. | 2016-09-25 | 5.8 | CVE-2016-4774 APPLE(link is external) APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — apple_tv | The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4774. | 2016-09-25 | 4.3 | CVE-2016-4776 APPLE(link is external) APPLE(link is external) APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — mac_os_x | Apple Type Services (ATS) in Apple OS X before 10.12 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. | 2016-09-25 | 6.8 | CVE-2016-4779 APPLE(link is external) CONFIRM(link is external) |
aternity — aternity | Multiple cross-site scripting (XSS) vulnerabilities in the web server in Aternity 9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) HTTPAgent, (2) MacAgent, (3) getExternalURL, or (4) retrieveTrustedUrl page. | 2016-09-29 | 4.3 | CVE-2016-5061 CERT-VN |
cisco — prime_home | Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCvb17814. | 2016-09-23 | 4.3 | CVE-2016-6408 CISCO(link is external) |
cisco — ios | The Data in Motion (DMo) component in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service (out-of-bounds access) via crafted traffic, aka Bug ID CSCuy54015. | 2016-09-23 | 4.3 | CVE-2016-6409 CISCO(link is external) |
cisco — ios | The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuy19856. | 2016-09-23 | 6.8 | CVE-2016-6410 CISCO(link is external) |
cisco — firesight_system_software | Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585. | 2016-09-23 | 5.0 | CVE-2016-6411 CISCO(link is external) |
cisco — ios | The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows man-in-the-middle attackers to trigger arbitrary downloads via crafted HTTP headers, aka Bug ID CSCuz84773. | 2016-09-23 | 4.3 | CVE-2016-6412 CISCO(link is external) |
cisco — application_policy_infrastructure_controller | The installation procedure on Cisco Application Policy Infrastructure Controller (APIC) devices 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCva50496. | 2016-09-23 | 6.8 | CVE-2016-6413 CISCO(link is external) |
emc — rsa_identity_management_and_governance | EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Popup information via a modified URL. | 2016-09-24 | 4.0 | CVE-2016-0918 BUGTRAQ |
gnu — wget | Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open. | 2016-09-26 | 6.8 | CVE-2016-7098 MLIST MLIST SUSE MLIST(link is external) |
gnu — gnutls | The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc. | 2016-09-27 | 5.0 | CVE-2016-7444 CONFIRM(link is external) MLIST CONFIRM |
google — chrome_os | Format string vulnerability in Google Chrome OS before 53.0.2785.103 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2016-09-25 | 6.8 | CVE-2016-5169 CONFIRM CONFIRM(link is external) |
google — chrome | WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls. | 2016-09-25 | 6.8 | CVE-2016-5170 CONFIRM CONFIRM(link is external) CONFIRM(link is external) |
google — chrome | WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code. | 2016-09-25 | 6.8 | CVE-2016-5171 CONFIRM CONFIRM(link is external) CONFIRM(link is external) |
google — chrome | The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code. | 2016-09-25 | 4.3 | CVE-2016-5172 CONFIRM CONFIRM(link is external) CONFIRM(link is external) |
google — chrome | The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack. | 2016-09-25 | 6.8 | CVE-2016-5173 CONFIRM CONFIRM(link is external) MISC(link is external) MISC(link is external) CONFIRM(link is external) |
google — chrome | browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site. | 2016-09-25 | 4.3 | CVE-2016-5174 CONFIRM CONFIRM(link is external) CONFIRM(link is external) |
google — chrome | Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 2016-09-25 | 6.8 | CVE-2016-5175 CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
google — chrome | Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors. | 2016-09-29 | 4.3 | CVE-2016-5176 CONFIRM(link is external) CONFIRM(link is external) |
google — chrome | Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message. | 2016-09-25 | 6.8 | CVE-2016-7549 BID(link is external) CONFIRM CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
hp — network_automation | HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors. | 2016-09-29 | 6.9 | CVE-2016-4386 CONFIRM(link is external) |
huawei — s12700_firmware | Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, and S12700 devices allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of malformed packets. | 2016-09-26 | 5.0 | CVE-2016-6518 CONFIRM(link is external) BID(link is external) |
huawei — fusioncompute | Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 2016-09-26 | 4.0 | CVE-2016-6827 CONFIRM(link is external) BID(link is external) |
huawei — oceanstor_ism | Cross-site scripting (XSS) vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName parameter to cgi-bin/doLogin_CgiEntry and possibly other unspecified vectors. | 2016-09-26 | 4.3 | CVE-2016-6840 MISC(link is external) CONFIRM(link is external) BID(link is external) |
huawei — ar_firmware | Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of service via format string specifiers in vectors involving partial commands. | 2016-09-26 | 6.8 | CVE-2016-6901 CONFIRM(link is external) BID(link is external) |
ibm — security_guardium | IBM Security Guardium 9.0 before p700 and 10.0 before p100 allows man-in-the-middle attackers to obtain sensitive query-string information from SSL sessions via unspecified vectors. | 2016-09-26 | 4.3 | CVE-2016-0248 CONFIRM(link is external) |
ibm — connections | IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to obtain sensitive information via an unspecified brute-force attack. | 2016-09-26 | 4.0 | CVE-2016-2999 AIXAPAR(link is external) CONFIRM(link is external) |
ibm — connections | The help service in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to cause a denial of service (service degradation) via a crafted URL. | 2016-09-26 | 4.0 | CVE-2016-3000 AIXAPAR(link is external) CONFIRM(link is external) |
ibm — connections | Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users. | 2016-09-26 | 6.8 | CVE-2016-3007 AIXAPAR(link is external) CONFIRM(link is external) |
ibm — security_privileged_identity_manager_virtual_appliance | IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 2016-09-26 | 4.9 | CVE-2016-3040 CONFIRM(link is external) |
ibm — spectrum_control | IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to bypass intended access restrictions, and read task details or edit properties, via unspecified vectors. | 2016-09-26 | 5.5 | CVE-2016-5943 AIXAPAR(link is external) CONFIRM(link is external) |
ibm — spectrum_control | IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to upload non-executable files via a crafted HTTP request. | 2016-09-26 | 4.0 | CVE-2016-5945 AIXAPAR(link is external) CONFIRM(link is external) |
ibm — spectrum_control | Directory traversal vulnerability in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL. | 2016-09-26 | 4.0 | CVE-2016-5946 AIXAPAR(link is external) CONFIRM(link is external) |
ibm — security_privileged_identity_manager_virtual_appliance | IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by leveraging a weak algorithm. | 2016-09-26 | 5.0 | CVE-2016-5957 CONFIRM(link is external) |
ibm — security_privileged_identity_manager_virtual_appliance | IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 does not properly validate updates, which allows remote authenticated users to execute arbitrary code via unspecified vectors. | 2016-09-26 | 6.5 | CVE-2016-5963 CONFIRM(link is external) |
ibm — security_privileged_identity_manager_virtual_appliance | Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL. | 2016-09-26 | 4.0 | CVE-2016-5970 CONFIRM(link is external) |
ibm — security_privileged_identity_manager_virtual_appliance | IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2016-09-26 | 5.5 | CVE-2016-5971 CONFIRM(link is external) |
ibm — security_privileged_identity_manager_virtual_appliance | IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | 2016-09-26 | 4.9 | CVE-2016-5972 CONFIRM(link is external) |
ibm — tealeaf_customer_experience | Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 2016-09-26 | 4.9 | CVE-2016-5977 CONFIRM(link is external) |
ibm — tealeaf_customer_experience | The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not enforce password-length restrictions, which makes it easier for remote attackers to obtain access via a brute-force attack. | 2016-09-26 | 5.0 | CVE-2016-5996 CONFIRM(link is external) |
ibm — tealeaf_customer_experience | The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not apply password-quality rules to password changes, which makes it easier for remote attackers to obtain access via a brute-force attack. | 2016-09-26 | 4.0 | CVE-2016-5997 CONFIRM(link is external) |
ibm — aix | Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL. | 2016-09-26 | 4.0 | CVE-2016-6038 CONFIRM(link is external) |
inspire_ircd — inspircd | The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message. | 2016-09-26 | 4.3 | CVE-2016-7142 DEBIAN CONFIRM MLIST(link is external) MLIST(link is external) CONFIRM(link is external) |
iodata — hvl-a2.0_firmware | Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of arbitrary users for requests that delete content. | 2016-09-24 | 6.8 | CVE-2016-4845 JVN(link is external) JVNDB(link is external) CONFIRM(link is external) miscellaneous(link is external) |
irssi — irssi | The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code. | 2016-09-27 | 5.0 | CVE-2016-7044 DEBIAN UBUNTU(link is external) CONFIRM |
irssi — irssi | The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string. | 2016-09-27 | 5.0 | CVE-2016-7045 DEBIAN UBUNTU(link is external) CONFIRM |
microsoft — azure_active_directory_passport | The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD) library 1.x before 1.4.6 and 2.x before 2.0.1 for Node.js does not recognize the validateIssuer setting, which allows remote attackers to bypass authentication via a crafted token. | 2016-09-28 | 4.3 | CVE-2016-7191 BID(link is external) CONFIRM(link is external) MSKB(link is external) |
openssl — openssl | The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call. | 2016-09-26 | 5.0 | CVE-2016-6305 CONFIRM CONFIRM(link is external) CONFIRM |
openssl — openssl | The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. | 2016-09-26 | 4.3 | CVE-2016-6306 CONFIRM CONFIRM |
openssl — openssl | The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c. | 2016-09-26 | 4.3 | CVE-2016-6307 CONFIRM CONFIRM |
openssl — openssl | crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. | 2016-09-26 | 5.0 | CVE-2016-7052 BID(link is external) CONFIRM CONFIRM |
openstack — compute_(nova) | OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. NOTE: this vulnerability exists because of a CVE-2015-3280 regression. | 2016-09-27 | 6.8 | CVE-2016-7498 MLIST(link is external) MLIST(link is external) BID(link is external) CONFIRM |
oracle — linux | Unspecified vulnerability in the kernel-uek component in Oracle Linux 6 allows local users to affect availability via unknown vectors. | 2016-09-30 | 4.6 | CVE-2016-0617 CONFIRM(link is external) |
paolo_bacchilega — file_roller | The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive. | 2016-09-26 | 5.0 | CVE-2016-7162 CONFIRM CONFIRM MLIST(link is external) BID(link is external) UBUNTU(link is external) CONFIRM CONFIRM |
pivotal_software — cloud_foundry | The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain. | 2016-09-29 | 5.0 | CVE-2016-6636 CONFIRM(link is external) |
pivotal_software — cloud_foundry | Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page. | 2016-09-29 | 6.8 | CVE-2016-6637 CONFIRM(link is external) |
pivotal_software — cloud_foundry | The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allows remote authenticated users to gain privileges by leveraging possession of a token. | 2016-09-29 | 6.5 | CVE-2016-6651 CONFIRM(link is external) |
redhat — jboss_enterprise_web_server | mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element. | 2016-09-26 | 5.0 | CVE-2016-3110 REDHAT(link is external) REDHAT(link is external) REDHAT(link is external) BID(link is external) CONFIRM(link is external) |
redhat — jboss_enterprise_application_platform | CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 2016-09-26 | 4.3 | CVE-2016-4993 REDHAT(link is external) REDHAT(link is external) REDHAT(link is external) REDHAT(link is external) SECTRACK(link is external) CONFIRM(link is external) |
redhat — jboss_enterprise_application_platform | The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves. | 2016-09-26 | 6.5 | CVE-2016-5406 REDHAT(link is external) REDHAT(link is external) REDHAT(link is external) REDHAT(link is external) CONFIRM(link is external) |
sap — hana_db | SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128. | 2016-09-26 | 5.0 | CVE-2016-3639 MISC(link is external) MISC(link is external) FULLDISC BID(link is external) |
sap — hana | SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459. | 2016-09-26 | 5.0 | CVE-2016-6142 MISC(link is external) MISC(link is external) FULLDISC BID(link is external) |
sap — trex | The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to obtain sensitive TNS information via an unspecified query, aka SAP Security Note 2234226. | 2016-09-27 | 5.0 | CVE-2016-6146 MISC(link is external) MISC(link is external) MISC(link is external) FULLDISC MISC(link is external) |
siemens — scalance_m-800_firmware | The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 2016-09-29 | 4.3 | CVE-2016-7090 CONFIRM(link is external) MISC |
sqlite — sqlite | os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files. | 2016-09-26 | 4.6 | CVE-2016-6153 SUSE MLIST(link is external) MLIST(link is external) BID(link is external) CONFIRM FEDORA MISC(link is external) CONFIRM |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
alienvault — open_source_security_information_and_event_management | Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before 5.3 and USM before 5.3 allows remote attackers to inject arbitrary web script or HTML via the back parameter to ossim/conf/reload.php. | 2016-09-26 | 3.5 | CVE-2016-6913 FULLDISC BID(link is external) CONFIRM(link is external) |
apache — ranger | Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies. | 2016-09-26 | 3.5 | CVE-2016-5395 BID(link is external) CONFIRM |
apple — mac_os_x | Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable. | 2016-09-25 | 2.1 | CVE-2016-4701 APPLE(link is external) CONFIRM(link is external) |
apple — iphone_os | CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors. | 2016-09-25 | 2.1 | CVE-2016-4707 APPLE(link is external) APPLE(link is external) CONFIRM(link is external) CONFIRM(link is external) |
apple — mac_os_x | Terminal in Apple OS X before 10.12 uses weak permissions for the .bash_history and .bash_session files, which allows local users to obtain sensitive information via unspecified vectors. | 2016-09-25 | 2.1 | CVE-2016-4755 APPLE(link is external) CONFIRM(link is external) |
emc — vipr_srm | Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2016-09-29 | 3.5 | CVE-2016-6647 BUGTRAQ |
huawei — policy_center | Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to “special characters on pages.” | 2016-09-27 | 3.5 | CVE-2016-4058 CONFIRM(link is external) |
ibm — websphere_mq | IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a denial of service (channel outage) by leveraging queue-manager rights. | 2016-09-26 | 3.5 | CVE-2016-0379 CONFIRM(link is external) |
ibm — connections | Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3003 and CVE-2016-3006. | 2016-09-26 | 3.5 | CVE-2016-3001 AIXAPAR(link is external) CONFIRM(link is external) |
ibm — connections | Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3001 and CVE-2016-3006. | 2016-09-26 | 3.5 | CVE-2016-3003 AIXAPAR(link is external) CONFIRM(link is external) |
ibm — connections | Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3001 and CVE-2016-3003. | 2016-09-26 | 3.5 | CVE-2016-3006 AIXAPAR(link is external) CONFIRM(link is external) |
ibm — spectrum_control | Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string. | 2016-09-26 | 3.5 | CVE-2016-5944 AIXAPAR(link is external) CONFIRM(link is external) |
ibm — spectrum_control | IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. | 2016-09-26 | 3.5 | CVE-2016-5947 AIXAPAR(link is external) CONFIRM(link is external) |
ibm — security_privileged_identity_manager_virtual_appliance | Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string. | 2016-09-26 | 3.5 | CVE-2016-5974 CONFIRM(link is external) |
ibm — tealeaf_customer_experience | Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-5978. | 2016-09-26 | 3.5 | CVE-2016-5975 CONFIRM(link is external) |
ibm — tealeaf_customer_experience | The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to discover component passwords via unspecified vectors. | 2016-09-26 | 2.6 | CVE-2016-5976 CONFIRM(link is external) |
ibm — tealeaf_customer_experience | Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-5975. | 2016-09-26 | 3.5 | CVE-2016-5978 CONFIRM(link is external) |
opensuse — libstorage | libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf. | 2016-09-26 | 1.2 | CVE-2016-5746 SUSE CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external) |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
ibm — db2 | Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program. | 2016-09-30 | not yet calculated | CVE-2016-5995 AIXAPAR(link is external) AIXAPAR(link is external) AIXAPAR(link is external) AIXAPAR(link is external) CONFIRM(link is external) |
ibm — websphere_application_server | Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving OpenID Connect clients. | 2016-09-30 | not yet calculated | CVE-2016-3042 AIXAPAR(link is external) CONFIRM(link is external) |
ibm — websphere_appliction_server | IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors. | 2016-09-30 | not yet calculated | CVE-2016-5986 AIXAPAR(link is external) CONFIRM |