SB16-130: Vulnerability Summary for the Week of May 2, 2016

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Title: SB16-130: Vulnerability Summary for the Week of May 2, 2016

U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

05/09/2016 06:54 AM EDT

Original release date: May 09, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
canonical -- ubuntu_core The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory. 2016-05-02 7.2 CVE-2016-1575
CONFIRM
MLIST
MISC
CONFIRM
MISC
canonical -- ubuntu_core The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program. 2016-05-02 7.2 CVE-2016-1576
MISC
MISC
CONFIRM
MLIST
MISC
CONFIRM
MISC
cisco -- telepresence_tc_software The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935. 2016-05-05 9.0 CVE-2016-1387
CISCO
imagemagick -- imagemagick The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." 2016-05-05 10.0 CVE-2016-3714
CERT-VN
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
CONFIRM
SECTRACK
MLIST
MLIST
imagemagick -- imagemagick The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. 2016-05-05 7.1 CVE-2016-3717
CONFIRM
CONFIRM
CONFIRM
MLIST
linux -- linux_kernel The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in the Linux kernel before 2.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending packets to an interface that has a 0.0.0.0 IP address, a related issue to CVE-2015-8787. 2016-05-02 7.8 CVE-2003-1604
CONFIRM
MLIST
MLIST
linux -- linux_kernel The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages. 2016-05-02 7.2 CVE-2012-6689
CONFIRM
CONFIRM
MLIST
CONFIRM
MLIST
MLIST
CONFIRM
linux -- linux_kernel Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. 2016-05-02 7.2 CVE-2012-6701
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernel net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copy_from_iter function in the iov_iter interface, as demonstrated by the Bluetooth subsystem. 2016-05-02 7.2 CVE-2015-2686
CONFIRM
CONFIRM
MLIST
CONFIRM
MISC
CONFIRM
linux -- linux_kernel The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call. 2016-05-02 7.2 CVE-2015-8019
CONFIRM
MLIST
MISC
linux -- linux_kernel Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression. 2016-05-02 7.2 CVE-2015-8830
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernel The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c. 2016-05-02 7.1 CVE-2016-2053
CONFIRM
CONFIRM
MLIST
CONFIRM
linux -- linux_kernel The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux kernel before 4.3.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via crafted TCP traffic. 2016-05-02 7.8 CVE-2016-2070
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
mozilla -- firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2016-04-30 10.0 CVE-2016-2804
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox_esr Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2016-04-30 10.0 CVE-2016-2805
CONFIRM
CONFIRM
mozilla -- firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2016-04-30 10.0 CVE-2016-2806
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2016-04-30 10.0 CVE-2016-2807
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
openssh -- openbsd The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable. 2016-04-30 7.2 CVE-2015-8325
CONFIRM
CONFIRM
CONFIRM
CONFIRM
openssl -- openssl The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue. 2016-05-04 10.0 CVE-2016-2108
CONFIRM
CONFIRM
CONFIRM
openssl -- openssl The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. 2016-05-04 7.8 CVE-2016-2109
CONFIRM
CONFIRM
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- subversion The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. 2016-05-05 4.9 CVE-2016-2167
SECTRACK
DEBIAN
CONFIRM
MLIST
MLIST
cisco -- information_server The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059. 2016-04-30 6.4 CVE-2016-1343
CISCO
cisco -- prime_collaboration_assurance Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuu34121. 2016-05-05 5.8 CVE-2016-1392
CISCO
emc -- rsa_data_loss_prevention Cross-site scripting (XSS) vulnerability in EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-05-03 4.3 CVE-2016-0892
BUGTRAQ
emc -- rsa_data_loss_prevention EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages. 2016-05-03 4.0 CVE-2016-0893
BUGTRAQ
emc -- rsa_data_loss_prevention EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to bypass intended object access restrictions via a modified parameter. 2016-05-03 6.5 CVE-2016-0894
BUGTRAQ
emc -- rsa_data_loss_prevention EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity. 2016-05-03 4.3 CVE-2016-0895
BUGTRAQ
imagemagick -- imagemagick The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. 2016-05-05 5.8 CVE-2016-3715
CONFIRM
CONFIRM
CONFIRM
MLIST
linux -- linux_kernel The tty_open function in drivers/tty/tty_io.c in the Linux kernel before 3.1.1 mishandles a driver-lookup failure, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted access to a device file under the /dev/pts directory. 2016-05-02 4.9 CVE-2011-5321
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernel The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability. 2016-05-02 4.9 CVE-2015-1573
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernel The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection against instruction faulting, which allows local users to cause a denial of service (panic) by triggering a fault, as demonstrated by an unaligned memory operand or a non-canonical address memory operand. 2016-05-02 4.9 CVE-2015-2672
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernel The collect_mounts function in fs/namespace.c in the Linux kernel before 4.0.5 does not properly consider that it may execute after a path has been unmounted, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call. 2016-05-02 4.9 CVE-2015-4177
CONFIRM
CONFIRM
MLIST
CONFIRM
MLIST
MLIST
CONFIRM
linux -- linux_kernel The fs_pin implementation in the Linux kernel before 4.0.5 does not ensure the internal consistency of a certain list data structure, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call, related to fs/fs_pin.c and include/linux/fs_pin.h. 2016-05-02 4.9 CVE-2015-4178
CONFIRM
MLIST
CONFIRM
MLIST
CONFIRM
MLIST
CONFIRM
linux -- linux_kernel The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of service (NULL pointer dereference and panic) via a crafted USB device, related to the ext4_fill_super function. 2016-05-02 4.9 CVE-2015-8324
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernel fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) via crafted network traffic. 2016-05-02 5.0 CVE-2015-8746
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernel The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data. 2016-05-02 5.0 CVE-2016-2117
CONFIRM
CONFIRM
MLIST
CONFIRM
linux -- linux_kernel The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. 2016-05-02 4.9 CVE-2016-2185
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
BUGTRAQ
BUGTRAQ
CONFIRM
linux -- linux_kernel The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. 2016-05-02 4.9 CVE-2016-2186
CONFIRM
CONFIRM
CONFIRM
BUGTRAQ
BUGTRAQ
CONFIRM
linux -- linux_kernel The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. 2016-05-02 4.9 CVE-2016-2187
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernel The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. 2016-05-02 4.9 CVE-2016-2188
CONFIRM
CONFIRM
CONFIRM
BUGTRAQ
BUGTRAQ
CONFIRM
linux -- linux_kernel The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program. 2016-05-02 4.4 CVE-2016-2853
MLIST
MLIST
MISC
linux -- linux_kernel The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory. 2016-05-02 4.6 CVE-2016-2854
MLIST
MLIST
MISC
linux -- linux_kernel The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors. 2016-05-02 4.9 CVE-2016-3136
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernel drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions. 2016-05-02 4.9 CVE-2016-3137
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernel The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor. 2016-05-02 4.9 CVE-2016-3138
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernel The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. 2016-05-02 4.9 CVE-2016-3140
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernel The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface. 2016-05-02 4.9 CVE-2016-3689
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernel Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor. 2016-05-02 4.9 CVE-2016-3951
MLIST
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
lockon -- ec_cube The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200. 2016-04-30 5.0 CVE-2016-1199
CONFIRM
CONFIRM
JVNDB
JVN
lockon -- ec_cube The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199. 2016-04-30 6.5 CVE-2016-1200
CONFIRM
CONFIRM
JVNDB
JVN
lockon -- ec_cube Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators. 2016-04-30 6.8 CVE-2016-1201
CONFIRM
CONFIRM
JVNDB
JVN
mozilla -- firefox The watch implementation in the _javascript_ engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site. 2016-04-30 5.1 CVE-2016-2808
CONFIRM
CONFIRM
mozilla -- firefox The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution. 2016-04-30 5.8 CVE-2016-2809
CONFIRM
CONFIRM
mozilla -- firefox Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password. 2016-04-30 4.3 CVE-2016-2810
CONFIRM
CONFIRM
mozilla -- firefox Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the BeginReading method. 2016-04-30 6.8 CVE-2016-2811
CONFIRM
CONFIRM
mozilla -- firefox Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site. 2016-04-30 5.1 CVE-2016-2812
CONFIRM
CONFIRM
mozilla -- firefox Mozilla Firefox before 46.0 on Android does not properly restrict _javascript_ access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780. 2016-04-30 4.3 CVE-2016-2813
CONFIRM
CONFIRM
MISC
mozilla -- firefox Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table. 2016-04-30 6.8 CVE-2016-2814
CONFIRM
CONFIRM
mozilla -- firefox Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type. 2016-04-30 4.3 CVE-2016-2816
CONFIRM
CONFIRM
mozilla -- firefox The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted extension that accesses a (1) _javascript_: or (2) data: URL. 2016-04-30 4.3 CVE-2016-2817
CONFIRM
CONFIRM
mozilla -- firefox The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element. 2016-04-30 4.3 CVE-2016-2820
CONFIRM
CONFIRM
openssl -- openssl crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an _expression_, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms. 2016-05-04 5.0 CVE-2000-1254
CONFIRM
MLIST
MLIST
openssl -- openssl Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. 2016-05-04 5.0 CVE-2016-2105
CONFIRM
CONFIRM
openssl -- openssl Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. 2016-05-04 5.0 CVE-2016-2106
CONFIRM
CONFIRM
openssl -- openssl The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data. 2016-05-04 6.4 CVE-2016-2176
CONFIRM
CONFIRM
wireshark -- wireshark wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted file. 2016-04-30 4.3 CVE-2016-4415
CONFIRM
MISC
CONFIRM
wireshark -- wireshark epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. 2016-04-30 4.3 CVE-2016-4416
CONFIRM
CONFIRM
wireshark -- wireshark Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a 0xff tag value. 2016-04-30 4.3 CVE-2016-4417
CONFIRM
CONFIRM
wireshark -- wireshark epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set. 2016-04-30 4.3 CVE-2016-4418
CONFIRM
CONFIRM
wireshark -- wireshark epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted packet. 2016-04-30 4.3 CVE-2016-4419
CONFIRM
CONFIRM
wireshark -- wireshark The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-04-30 4.3 CVE-2016-4420
CONFIRM
wireshark -- wireshark epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data. 2016-04-30 4.3 CVE-2016-4421
CONFIRM
CONFIRM
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
linux -- linux_kernel mm/filemap.c in the Linux kernel before 2.6.25 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers an iovec of zero length, followed by a page fault for an iovec of nonzero length. 2016-05-02 2.1 CVE-2008-7316
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernel fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace. 2016-05-02 3.6 CVE-2014-9717
MLIST
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM
CONFIRM
linux -- linux_kernel The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program. 2016-05-02 2.1 CVE-2015-1350
CONFIRM
MISC
MLIST
MLIST
linux -- linux_kernel fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of a file or directory. 2016-05-02 2.1 CVE-2015-4176
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernel Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling. 2016-05-02 1.9 CVE-2015-8839
CONFIRM
CONFIRM
MLIST
CONFIRM
openssl -- openssl The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session, NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. 2016-05-04 2.6 CVE-2016-2107
CONFIRM
CONFIRM
Back to top

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
accellion -- file_transfer_appliance Multiple cross-site scripting (XSS) vulnerabilities on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) getimageajax.php, (2) move_partition_frame.html, or (3) wmInfo.html. 2016-05-07 not yet calculated CVE-2016-2350
CERT-VN
MISC
accellion -- file_transfer_appliance SQL injection vulnerability in home/seos/courier/security_key2.api on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote attackers to execute arbitrary SQL commands via the client_id parameter. 2016-05-07 not yet calculated CVE-2016-2351
CERT-VN
MISC
accellion -- file_transfer_appliance The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows local users to add an SSH key to an arbitrary group, and consequently gain privileges, via unspecified vectors. 2016-05-07 not yet calculated CVE-2016-2353
CERT-VN
MISC
accellion -- file_transfer_appliance The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote authenticated users to execute arbitrary commands by leveraging the YUM_CLIENT restricted-user role. 2016-05-07 not yet calculated CVE-2016-2352
CERT-VN
MISC
adobe -- reader_and_acrobat Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via a crafted Graphics State dictionary. 2016-04-30 not yet calculated CVE-2016-1111
CONFIRM
MISC
apache -- subversion The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check. 2016-05-05 not yet calculated CVE-2016-2168
SECTRACK
DEBIAN
CONFIRM
MLIST
MLIST
cisco -- asa_with_firepower The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module for Cisco ASA with FirePOWER Services 5.3.1 through 6.0.0 misconfigures kernel logging, which allows remote attackers to cause a denial of service (resource consumption, and inspection outage or module outage) via a flood of crafted IP traffic, aka Bug ID CSCux19922. 2016-05-05 not yet calculated CVE-2016-1369
CISCO
cisco -- finesse The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623. 2016-05-05 not yet calculated CVE-2016-1373
CISCO
cisco -- firepower_system Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these appliances, allows remote attackers to cause a denial of service (packet-processing outage) via crafted packets, aka Bug ID CSCuu86214. 2016-05-05 not yet calculated CVE-2016-1368
CISCO
cool_projects -- tardiff Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory. 2016-05-06 not yet calculated CVE-2015-0858
CONFIRM
DEBIAN
cool_projects -- tardiff Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file. 2016-05-06 not yet calculated CVE-2015-0857
CONFIRM
CONFIRM
DEBIAN
emc -- rsa_authentication_manager CRLF injection vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. 2016-05-07 not yet calculated CVE-2016-0902
BUGTRAQ
emc -- rsa_authentication_manager Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0901. 2016-05-07 not yet calculated CVE-2016-0900
BUGTRAQ
emc --rsa_authentication_manager Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0900. 2016-05-07 not yet calculated CVE-2016-0901
BUGTRAQ
gnu -- libtasn1 The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. 2016-05-05 not yet calculated CVE-2016-4008
MLIST
UBUNTU
UBUNTU
MLIST
FEDORA
FEDORA
FEDORA
CONFIRM
CONFIRM
hpe -- network_node_manager Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2010. 2016-05-07 not yet calculated CVE-2016-2011
HP
hpe -- network_node_manager Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2011. 2016-05-07 not yet calculated CVE-2016-2010
HP
hpe -- network_node_manager HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to bypass authentication via unspecified vectors. 2016-05-07 not yet calculated CVE-2016-2012
HP
hpe -- network_node_manager HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. 2016-05-07 not yet calculated CVE-2016-2009
HP
hpe -- network_node_manager HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. 2016-05-07 not yet calculated CVE-2016-2014
HP
hpe -- network_node_manager HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified vectors. 2016-05-07 not yet calculated CVE-2016-2013
HP
imagemagick -- imagemagick The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. 2016-05-05 not yet calculated CVE-2016-3718
CONFIRM
CONFIRM
MLIST
CONFIRM
imagemagick -- imagemagick The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. 2016-05-05 not yet calculated CVE-2016-3716
CONFIRM
CONFIRM
MLIST
CONFIRM
jq -- jv The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. 2016-05-06 not yet calculated CVE-2016-4074
MISC
MLIST
MLIST
jq -- jv_parse.c Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow. 2016-05-06 not yet calculated CVE-2015-8863
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
SUSE
SUSE
libarchive -- libarchive Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive. 2016-05-07 not yet calculated CVE-2016-1541
CERT-VN
CONFIRM
CONFIRM
libpam_sshauth -- pam_sshauth The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account. 2016-05-06 not yet calculated CVE-2016-4422
CONFIRM
DEBIAN
linux -- linux_kernel Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread. 2016-05-02 not yet calculated CVE-2015-4170
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
linux -- linux_kernel The adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, uses an incorrect integer data type, which allows attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and incorrect memory allocation) or possibly have unspecified other impact via a crafted IOCTL_KGSL_PERFCOUNTER_QUERY ioctl call. 2016-05-05 not yet calculated CVE-2016-2062
CONFIRM
CONFIRM
linux -- linux_kernel The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_router_core.c in the IPC router kernel module for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify that a port is a client port, which allows attackers to gain privileges or cause a denial of service (race condition and list corruption) by making many BIND_CONTROL_PORT ioctl calls. 2016-05-05 not yet calculated CVE-2016-2059
CONFIRM
CONFIRM
linux -- security_response The HTTPS NIO Connector allows remote attackers to cause a denial of service (thread consumption) by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability. 2016-05-06 not yet calculated CVE-2016-2094
CONFIRM
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
little_cms_2 -- liblcms2 Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler. 2016-05-07 not yet calculated CVE-2013-7455
CERT-VN
MISC
CONFIRM
mcafee -- livesafe Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted packed executable. 2016-05-05 not yet calculated CVE-2016-4535
EXPLOIT-DB
MISC
MISC
mcafee -- virusscan_enterprise The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry handles. 2016-05-05 not yet calculated CVE-2016-4534
EXPLOIT-DB
MISC
CONFIRM
CONFIRM
FULLDISC
MISC
poppler -- exponentialfunction Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document. 2016-05-06 not yet calculated CVE-2015-8868
CONFIRM
CONFIRM
CONFIRM
UBUNTU
MLIST
DEBIAN
FEDORA
FEDORA
trend_micro -- email_encryption_gateway SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2016-05-05 not yet calculated CVE-2016-4351
CONFIRM
MISC
veritas -- netbackup bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input. 2016-05-07 not yet calculated CVE-2015-6550
CONFIRM
veritas -- netbackup The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors. 2016-05-07 not yet calculated CVE-2015-6552
CONFIRM
veritas -- netbackup Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets. 2016-05-07 not yet calculated CVE-2015-6551
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.


This email was sent to linux-security@xxxxxxxxxxx using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (888) 282-0870 Powered by GovDelivery

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux