Weekly Vulnerabilities Reports > January 25 to 31, 2016

Overview

89 new vulnerabilities reported during this period, including 12 critical vulnerabilities and 21 high severity vulnerabilities. This weekly summary report vulnerabilities in 184 products from 43 vendors including Mozilla, Opensuse, Google, Cisco, and Kddi. Vulnerabilities are notably categorized as "Cross-site Scripting", "Information Exposure", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", and "7PK - Security Features".

  • 82 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 23 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 82 reported vulnerabilities are exploitable by an anonymous user.
  • Mozilla has the most reported vulnerabilities, with 16 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

12 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-01-31 CVE-2016-1946 Opensuse
Mozilla
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a denial of service (integer overflow and buffer overflow) or possibly have unspecified other impact via crafted metadata.

10.0
2016-01-31 CVE-2016-1944 Mozilla
Opensuse
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozilla Firefox before 44.0, might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

10.0
2016-01-31 CVE-2016-1931 Mozilla
Opensuse
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors.

10.0
2016-01-30 CVE-2016-1985 HP
Microsoft
Code Injection vulnerability in HP Operations Manager

HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

10.0
2016-01-28 CVE-2016-0868 Rockwellautomation Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation products

Stack-based buffer overflow on Rockwell Automation Allen-Bradley MicroLogix 1100 devices A through 15.000 and B before 15.002 allows remote attackers to execute arbitrary code via a crafted web request.

10.0
2016-01-27 CVE-2015-6319 Cisco SQL Injection vulnerability in Cisco RV Series Router Firmware

SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574.

10.0
2016-01-27 CVE-2016-1896 Lexmark Permissions, Privileges, and Access Controls vulnerability in Lexmark Printer Firmware

Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status.

10.0
2016-01-31 CVE-2016-1930 Mozilla
Oracle
Opensuse
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.8
2016-01-25 CVE-2016-2051 Google
Redhat
Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
9.8
2016-01-31 CVE-2016-1945 Mozilla
Opensuse
Memory Corruption and Integer Overflow vulnerability in Mozilla Firefox

The nsZipArchive function in Mozilla Firefox before 44.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect use of a pointer during processing of a ZIP archive.

9.3
2016-01-30 CVE-2015-7923 Westermo Cryptographic Issues vulnerability in Westermo Weos 4.18.0

Westermo WeOS before 4.19.0 uses the same SSL private key across different customers' installations, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key.

9.3
2016-01-29 CVE-2015-8789 Matroska Unspecified vulnerability in Matroska Libebml 1.3.2

Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document.

9.3

21 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-01-31 CVE-2016-1935 Opensuse
Oracle
Mozilla
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.

8.8
2016-01-25 CVE-2016-1620 Google Unspecified vulnerability in Google Chrome

Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

8.8
2016-01-29 CVE-2015-8772 Mcafee Data Processing Errors vulnerability in Mcafee File Lock 5.0

McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a large VERIFY_INFORMATION.Length value in an IOCTL_DISK_VERIFY ioctl call.

8.5
2016-01-30 CVE-2016-1145 NEC Path Traversal vulnerability in NEC Expresscluster X 3.3

Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors.

7.8
2016-01-30 CVE-2016-0867 Carel Information Exposure vulnerability in Carel Plantvisor Enhanced

CAREL PlantVisorEnhanced allows remote attackers to bypass intended access restrictions via a direct file request.

7.8
2016-01-30 CVE-2016-1303 Cisco Improper Input Validation vulnerability in Cisco 500 Series Switch Firmware 1.2.0.92

The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330.

7.8
2016-01-29 CVE-2015-8773 Mcafee Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mcafee File Lock 5.0

Stack-based buffer overflow in McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows attackers to cause a denial of service (system crash) via a long vault GUID in an ioctl call.

7.8
2016-01-29 CVE-2016-1882 Freebsd Data Processing Errors vulnerability in Freebsd 10.1/10.2/9.3

FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remote attackers to cause a denial of service (kernel crash) via vectors related to creating a TCP connection with the TCP_MD5SIG and TCP_NOOPT socket options.

7.8
2016-01-29 CVE-2016-1879 Freebsd Denial of Service vulnerability in Freebsd 10.1/10.2/9.3

The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service (assertion failure or NULL pointer dereference and kernel panic) via a crafted ICMPv6 packet.

7.8
2016-01-27 CVE-2015-6421 Cisco Resource Management Errors vulnerability in Cisco Wide Area Application Services

cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) devices 5.x before 5.3.5d and 5.4 and 5.5 before 5.5.3 allows remote attackers to cause a denial of service (resource consumption and device reload) via crafted network traffic, aka Bug ID CSCus85330.

7.8
2016-01-29 CVE-2016-1493 Intel Insufficient Verification of Data Authenticity vulnerability in Intel Driver Update Utility

Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.

7.6
2016-01-25 CVE-2016-2052 Harfbuzz Project
Google
Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947.
7.6
2016-01-25 CVE-2016-1619 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome

Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document.

7.6
2016-01-25 CVE-2016-1613 Google Unspecified vulnerability in Google Chrome

Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects.

7.6
2016-01-25 CVE-2016-1612 Google Improper Input Validation vulnerability in Google Chrome

The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code.

7.6
2016-01-29 CVE-2016-0738 Openstack Resource Management Errors vulnerability in Openstack Swift

OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.

7.5
2016-01-29 CVE-2016-0737 Openstack Resource Management Errors vulnerability in Openstack Swift

OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.

7.5
2016-01-29 CVE-2015-7521 Apache Improper Authentication vulnerability in Apache Hive

The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations.

7.5
2016-01-27 CVE-2015-8618 Opensuse
Golang
Information Exposure vulnerability in multiple products

The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.

7.5
2016-01-26 CVE-2016-1233 Debian Permissions, Privileges, and Access Controls vulnerability in Debian Fuse 2.9.314

An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl.

7.2
2016-01-26 CVE-2016-0869 Microsys Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsys Promotic 8.0.10/8.3.10

Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document.

7.1

51 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-01-30 CVE-2016-1139 Kddi Cross-Site Request Forgery (CSRF) vulnerability in Kddi Home Spot Cube Firmware 2.0

Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2016-01-26 CVE-2016-1567 Tuxfamily 7PK - Security Features vulnerability in Tuxfamily Chrony

chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."

6.8
2016-01-26 CVE-2015-8379 Cakephp Cross-Site Request Forgery (CSRF) vulnerability in Cakephp

CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.

6.8
2016-01-30 CVE-2016-1141 Kddi OS Command Injection vulnerability in Kddi Home Spot Cube Firmware 2.0

KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.

6.5
2016-01-25 CVE-2016-1618 Google Information Exposure vulnerability in Google Chrome

Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.

6.5
2016-01-25 CVE-2016-1615 Google 7PK - Security Features vulnerability in Google Chrome

The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors.

6.5
2016-01-31 CVE-2016-1938 Opensuse
Mozilla
Cryptographic Issues vulnerability in multiple products

The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.

6.4
2016-01-29 CVE-2015-8770 Roundcube Path Traversal vulnerability in Roundcube Webmail

Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a ..

6.0
2016-01-30 CVE-2016-1137 Kddi Unspecified vulnerability in Kddi Home Spot Cube Firmware 2.0

Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

5.8
2016-01-26 CVE-2016-1491 Lenovo Credentials Management vulnerability in Lenovo Shareit 2.5.1.1

The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.

5.4
2016-01-31 CVE-2016-1940 Google
Mozilla
Code vulnerability in multiple products

Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing.

5.0
2016-01-31 CVE-2016-1939 Opensuse
Mozilla
Information Exposure vulnerability in multiple products

Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers.

5.0
2016-01-29 CVE-2016-0756 Prosody Improper Input Validation vulnerability in Prosody

The generate_dialback function in the mod_dialback module in Prosody before 0.9.10 does not properly separate fields when generating dialback keys, which allows remote attackers to spoof XMPP network domains via a crafted stream id and domain name that is included in the target domain as a suffix.

5.0
2016-01-29 CVE-2016-0755 Haxx
Canonical
Debian
Improper Authentication vulnerability in multiple products

The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.

5.0
2016-01-29 CVE-2016-0754 Haxx
Microsoft
Improper Input Validation vulnerability in Haxx Curl

cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name.

5.0
2016-01-29 CVE-2015-8792 Matroska
Opensuse
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access.

5.0
2016-01-29 CVE-2015-7464 IBM Denial of Service vulnerability in IBM Jazz Reporting Service

Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote attackers to cause a denial of service (Report Builder server outage) via a crafted request to a Report Builder instance URL.

5.0
2016-01-27 CVE-2016-1299 Cisco Resource Management Errors vulnerability in Cisco 300 Series Managed Switch Firmware 1.4.1

The web-management GUI implementation on Cisco Small Business SG300 devices 1.4.1.x allows remote attackers to cause a denial of service (HTTPS outage) via crafted HTTPS requests, aka Bug ID CSCuw87174.

5.0
2016-01-27 CVE-2016-1983 Privoxy Improper Input Validation vulnerability in Privoxy

The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header.

5.0
2016-01-27 CVE-2016-1982 Privoxy Improper Input Validation vulnerability in Privoxy

The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content.

5.0
2016-01-27 CVE-2015-7487 IBM Information Exposure vulnerability in IBM products

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files.

4.9
2016-01-31 CVE-2016-1948 Google
Mozilla
Cryptographic Issues vulnerability in multiple products

Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream.

4.3
2016-01-31 CVE-2016-1947 Canonical
Opensuse
Mozilla
Data Processing Errors vulnerability in multiple products

Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data.

4.3
2016-01-31 CVE-2016-1943 Opensuse
Mozilla
Google
Code vulnerability in multiple products

Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.

4.3
2016-01-31 CVE-2016-1942 Opensuse
Mozilla
Improper Input Validation vulnerability in multiple products

Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI.

4.3
2016-01-31 CVE-2016-1941 Apple
Mozilla
Cross-site Scripting vulnerability in multiple products

The file-download dialog in Mozilla Firefox before 44.0 on OS X enables a certain button too quickly, which allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended.

4.3
2016-01-31 CVE-2016-1937 Mozilla
Opensuse
Cross-site Scripting vulnerability in multiple products

The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended.

4.3
2016-01-31 CVE-2016-1933 Opensuse
Mozilla
Numeric Errors vulnerability in multiple products

Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted GIF image.

4.3
2016-01-30 CVE-2016-1143 Vine MV Project Cross-site Scripting vulnerability in Vine MV Project Vine MV 20150909

Cross-site scripting (XSS) vulnerability in main.rb in Vine MV before 2015-11-08 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2016-01-30 CVE-2016-1140 Kddi 7PK - Security Features vulnerability in Kddi Home Spot Cube Firmware 2.0

KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors.

4.3
2016-01-30 CVE-2016-1138 Kddi Unspecified vulnerability in Kddi Home Spot Cube Firmware 2.0

CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.

4.3
2016-01-30 CVE-2016-1488 Siemens Cross-site Scripting vulnerability in Siemens Ozw672 Firmware and Ozw772 Firmware

Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2016-01-30 CVE-2016-1304 Cisco Cross-site Scripting vulnerability in Cisco Unity Connection 10.5(2.3009)

Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596.

4.3
2016-01-29 CVE-2015-8793 Roundcube Cross-site Scripting vulnerability in Roundcube Webmail

Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter in a mail task to the default URL, a different vulnerability than CVE-2011-2937.

4.3
2016-01-29 CVE-2015-8791 Matroska Information Exposure vulnerability in Matroska Libebml 1.3.2

The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access.

4.3
2016-01-29 CVE-2015-8790 Matroska Information Exposure vulnerability in Matroska Libebml 1.3.2

The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access.

4.3
2016-01-27 CVE-2016-1300 Cisco Cross-site Scripting vulnerability in Cisco Unity Connection 10.5(2.3009)

Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582.

4.3
2016-01-27 CVE-2016-2047 Mariadb
Oracle
Opensuse
Redhat
Debian
Canonical
7PK - Security Features vulnerability in multiple products

The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."

4.3
2016-01-27 CVE-2016-1924 Uclouvain Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Uclouvain Openjpeg

The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.

4.3
2016-01-27 CVE-2016-1923 Uclouvain Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Uclouvain Openjpeg 2.1.0

Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.

4.3
2016-01-27 CVE-2016-0209 IBM Cross-site Scripting vulnerability in IBM Websphere Portal 8.5.0.0

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2016-01-27 CVE-2015-7439 IBM Cross-site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in InfoSphere Data Architect (IDA), as distributed in IBM Rational Software Architect 8.5 through 9.5, Rational Software Architect for WebSphere Software (RSA4WS) 8.5 through 9.5, and Rational Software Architect RealTime (RSART) 8.5 through 9.5, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2016-01-26 CVE-2016-1926 Greenbone
Fedoraproject
Cross-site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the charts module in Greenbone Security Assistant (GSA) 6.x before 6.0.8 allows remote attackers to inject arbitrary web script or HTML via the aggregate_type parameter in a get_aggregate command to omp.

4.3
2016-01-26 CVE-2016-1489 Lenovo Information Exposure vulnerability in Lenovo Shareit 2.5.1.1/3.0.18Ww

Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors.

4.3
2016-01-26 CVE-2016-1298 Cisco Cross-site Scripting vulnerability in Cisco Unified Contact Center Express

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via vectors related to permalinks, aka Bug ID CSCux92033.

4.3
2016-01-26 CVE-2015-6337 Cisco Cross-site Scripting vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module 1.0.10/1.0Ga

Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10 allows remote attackers to inject arbitrary web script or HTML via a crafted hostname in an SNMP response, aka Bug ID CSCuw47238.

4.3
2016-01-25 CVE-2016-1617 Google Information Exposure vulnerability in Google Chrome

The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report.

4.3
2016-01-25 CVE-2016-1616 Google 7PK - Security Features vulnerability in Google Chrome

The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button.

4.3
2016-01-25 CVE-2016-1614 Google Information Exposure vulnerability in Google Chrome

The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.

4.3
2016-01-29 CVE-2015-8794 Roundcube Path Traversal vulnerability in Roundcube Webmail 1.1.0/1.1.1

Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter, related to contact photo handling.

4.0
2016-01-26 CVE-2015-7974 NTP
Siemens
Netapp
Debian
Improper Authentication vulnerability in multiple products

NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-01-30 CVE-2016-1144 Websquare Cross-site Scripting vulnerability in Websquare Job-Cube

Cross-site scripting (XSS) vulnerability in JOB-CUBE -JOB WEB SYSTEM before 1.2.2 and -JOB WEB SYSTEM High Income 1.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2016-01-30 CVE-2016-1136 Kddi Cross-site Scripting vulnerability in Kddi Home Spot Cube Firmware 2.0

Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2016-01-26 CVE-2016-1492 Lenovo Improper Access Control vulnerability in Lenovo Shareit 3.0.18Ww

The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.

2.9
2016-01-26 CVE-2016-1490 Lenovo Information Exposure vulnerability in Lenovo Shareit 2.5.1.1

The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list.

2.7
2016-01-27 CVE-2015-7488 IBM Information Exposure vulnerability in IBM Spectrum Scale

IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in certain LDAP File protocol configurations, allows remote attackers to discover an LDAP password via unspecified vectors.

2.1