Weekly Vulnerabilities Reports > February 15 to 21, 2016

Overview

103 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 5 high severity vulnerabilities. This weekly summary report vulnerabilities in 107 products from 39 vendors including IBM, Cybozu, Opensuse, Debian, and Fedoraproject. Vulnerabilities are notably categorized as "Cross-site Scripting", "Information Exposure", "Permissions, Privileges, and Access Controls", "Improper Input Validation", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 96 reported vulnerabilities are remotely exploitables.
  • 8 reported vulnerabilities have public exploit available.
  • 34 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 77 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 18 reported vulnerabilities.
  • Canonical has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

13 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-02-21 CVE-2016-1629 Google
Novell
Opensuse
Debian
Permissions, Privileges, and Access Controls vulnerability in Google Chrome

Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors.

10.0
2016-02-21 CVE-2015-7425 IBM Permissions, Privileges, and Access Controls vulnerability in IBM products

The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.4 allows remote attackers to obtain administrative privileges via a crafted URL that triggers back-end function execution.

10.0
2016-02-21 CVE-2016-2275 Advantech Improper Access Control vulnerability in Advantech Vesp211-232 Firmware and Vesp211-Eu Firmware

The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript code.

10.0
2016-02-18 CVE-2015-8286 Zhuhai 7PK - Security Features vulnerability in Zhuhai Raysharp Firmware

Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000.

10.0
2016-02-17 CVE-2016-2397 Sonicwall Command Injection vulnerability in Sonicwall products

The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data.

10.0
2016-02-17 CVE-2016-2071 Citrix Permissions, Privileges, and Access Controls vulnerability in Citrix Netscaler 10.5/10.5E/11.0

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands.

10.0
2016-02-18 CVE-2016-0069 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0068.

9.3
2016-02-18 CVE-2016-0068 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0069.

9.3
2016-02-18 CVE-2016-0795 Libreoffice
Canonical
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document.

9.3
2016-02-18 CVE-2016-0794 Libreoffice
Canonical
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LotusWordPro (lwp) document.

9.3
2016-02-17 CVE-2016-2396 Sonicwall Command Injection vulnerability in Sonicwall products

The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input.

9.0
2016-02-17 CVE-2016-0766 Postgresql
Canonical
Debian
Permissions, Privileges, and Access Controls vulnerability in multiple products

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.

9.0
2016-02-15 CVE-2016-2231 Huawei Data Processing Errors vulnerability in Huawei Mt882 Firmware

The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the client to send a length field that is consistent with a buffer size, which allows remote attackers to cause a denial of service (device outage) or possibly have unspecified other impact via crafted traffic on TCP port 8701.

9.0

5 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-02-16 CVE-2016-2389 SAP Path Traversal vulnerability in SAP Netweaver 7.40

Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a ..

7.8
2016-02-19 CVE-2016-1154 Cuore SQL Injection vulnerability in Cuore Ec-Cube Help Plugin

SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in Cuore EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2016-02-16 CVE-2016-2386 SAP SQL Injection vulnerability in SAP Netweaver 7.40

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.

7.5
2016-02-15 CVE-2016-0746 F5
Canonical
Debian
Opensuse
Apple
Use After Free vulnerability in multiple products

Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.

7.5
2016-02-19 CVE-2016-1335 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco ASR 5000 Series Software

The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previously used for an administrator's connection, aka Bug ID CSCux22492.

7.1

69 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-02-21 CVE-2016-1628 Google
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome

pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted JPEG 2000 image in a PDF document, related to the opj_pi_next_rpcl, opj_pi_next_pcrl, and opj_pi_next_cprl functions.

6.8
2016-02-18 CVE-2015-7547 Debian
Canonical
HP
Sophos
Suse
Opensuse
Oracle
F5
Redhat
GNU
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

6.8
2016-02-17 CVE-2016-1333 Cisco Resource Management Errors vulnerability in Cisco IOS 15.5(3)M/15.6(1)T0A

Cisco IOS 15.5(3)M and 15.6(1)T0a on Cisco 1000 Connected Grid routers allows remote authenticated users to cause a denial of service (device reload) via an SNMP request for unspecified BRIDGE MIB OIDs, aka Bug ID CSCux89878.

6.8
2016-02-17 CVE-2016-1153 Cybozu Improper Input Validation vulnerability in Cybozu Office 10.3.0/9.9.0

customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service via unspecified vectors, a different vulnerability than CVE-2015-8489.

6.8
2016-02-17 CVE-2016-1151 Cybozu Cross-Site Request Forgery (CSRF) vulnerability in Cybozu Office

Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users.

6.8
2016-02-17 CVE-2015-8489 Cybozu Improper Input Validation vulnerability in Cybozu Office

customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than CVE-2016-1153.

6.8
2016-02-15 CVE-2015-5050 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Emptoris Contract Management

Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

6.8
2016-02-19 CVE-2015-7769 Basercms OS Command Injection vulnerability in Basercms

baserCMS 3.0.2 through 3.0.8 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.

6.5
2016-02-15 CVE-2015-4956 IBM OS Command Injection vulnerability in IBM Qradar Security Information and Event Manager 7.1.0

The Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to execute unspecified OS commands via unknown vectors.

6.5
2016-02-15 CVE-2015-7472 IBM LDAP Injection vulnerability in IBM Webshphere Portal

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP injection attacks, and consequently read or write to repository data, via unspecified vectors.

6.4
2016-02-18 CVE-2015-8150 Symantec Permissions, Privileges, and Access Controls vulnerability in Symantec Encryption Management Server 3.3.2

Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows local users to obtain root access by modifying a batch file.

6.3
2016-02-15 CVE-2016-2314 Huawei Code vulnerability in Huawei Mt882 Firmware V200R002B022Arg

GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices V200R002B022 Arg, allows remote authenticated users to cause a denial of service (device outage) by using the FTP MKD command to create a directory with a long name, and then using certain other commands.

6.3
2016-02-15 CVE-2016-1330 Cisco Resource Management Errors vulnerability in Cisco IOS 15.2(4)E

Cisco IOS 15.2(4)E on Industrial Ethernet 2000 devices allows remote attackers to cause a denial of service (device reload) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuy27746.

6.1
2016-02-18 CVE-2015-8151 Symantec OS Command Injection vulnerability in Symantec Encryption Management Server 3.3.2

Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote authenticated users to execute arbitrary OS commands by leveraging console administrator access.

5.8
2016-02-17 CVE-2015-8483 Cybozu Open Redirection vulnerability in Cybozu Office

Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.

5.8
2016-02-17 CVE-2016-1152 Cybozu Permissions, Privileges, and Access Controls vulnerability in Cybozu Office

Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2015-8486.

5.5
2016-02-17 CVE-2015-8486 Cybozu Permissions, Privileges, and Access Controls vulnerability in Cybozu Office

Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2016-1152.

5.5
2016-02-17 CVE-2015-8485 Cybozu Permissions, Privileges, and Access Controls vulnerability in Cybozu Office

Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8486, and CVE-2016-1152.

5.5
2016-02-17 CVE-2015-8484 Cybozu Permissions, Privileges, and Access Controls vulnerability in Cybozu Office

Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8486, and CVE-2016-1152.

5.5
2016-02-20 CVE-2016-2044 Fedoraproject
Phpmyadmin
Information Exposure vulnerability in multiple products

libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

5.0
2016-02-20 CVE-2016-2042 Opensuse
Fedoraproject
Phpmyadmin
Information Exposure vulnerability in multiple products

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message.

5.0
2016-02-20 CVE-2016-2041 Fedoraproject
Phpmyadmin
Opensuse
7PK - Security Features vulnerability in multiple products

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.

5.0
2016-02-20 CVE-2016-2039 Opensuse
Phpmyadmin
Fedoraproject
Information Exposure vulnerability in multiple products

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.

5.0
2016-02-20 CVE-2016-2038 Phpmyadmin
Fedoraproject
Opensuse
Information Exposure vulnerability in multiple products

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

5.0
2016-02-20 CVE-2016-1927 Phpmyadmin Credentials Management vulnerability in PHPmyadmin

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach.

5.0
2016-02-18 CVE-2015-8149 Symantec Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Symantec Encryption Management Server 3.3.2

The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to cause a denial of service (heap memory corruption and service outage) via crafted requests.

5.0
2016-02-18 CVE-2015-8148 Symantec Information Exposure vulnerability in Symantec Encryption Management Server 3.3.2

The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to obtain sensitive information about administrator accounts via a modified request.

5.0
2016-02-18 CVE-2015-5970 Novell Code Injection vulnerability in Novell Zenworks Configuration Management

The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference.

5.0
2016-02-18 CVE-2015-8287 Swann Authentication Bypass vulnerability in Swann SRNVW-470

Swann SRNVW-470LCD devices with firmware through 0114 and SWNVW-470CAM devices with firmware through 1022 allow remote attackers to watch live video by visiting an unspecified URL.

5.0
2016-02-17 CVE-2016-1334 Cisco Improper Input Validation vulnerability in Cisco Small Business Wireless Access Points Firmware 1.0.4.4

Cisco Small Business 500 Wireless Access Point devices with firmware 1.0.4.4 allow remote attackers to set the system time via a crafted POST request, aka Bug ID CSCuy01457.

5.0
2016-02-17 CVE-2016-0773 Postgresql
Canonical
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.

5.0
2016-02-16 CVE-2016-2388 SAP Information Exposure vulnerability in SAP Netweaver Application Server Java

The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.

5.0
2016-02-16 CVE-2016-0753 Rubyonrails Improper Input Validation vulnerability in Rubyonrails Rails and Ruby ON Rails

Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.

5.0
2016-02-16 CVE-2016-0752 Rubyonrails Path Traversal vulnerability in Rubyonrails Rails and Ruby ON Rails

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a ..

5.0
2016-02-16 CVE-2016-0751 Rubyonrails Resource Management Errors vulnerability in Rubyonrails Rails and Ruby ON Rails

actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.

5.0
2016-02-16 CVE-2015-7581 Rubyonrails Resource Management Errors vulnerability in Rubyonrails Rails

actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application's use of a wildcard controller route.

5.0
2016-02-16 CVE-2015-7577 Rubyonrails Improper Access Control vulnerability in Rubyonrails Rails and Ruby ON Rails

activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes feature.

5.0
2016-02-15 CVE-2016-1321 Cisco Information Exposure vulnerability in Cisco Universal Small Cell Firmware

Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an unspecified Cisco server, aka Bug ID CSCut98082.

5.0
2016-02-15 CVE-2016-0747 F5
Canonical
Debian
Opensuse
Apple
Resource Exhaustion vulnerability in multiple products

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.

5.0
2016-02-15 CVE-2016-0742 F5
Canonical
Debian
Opensuse
Apple
Redhat
NULL Pointer Dereference vulnerability in multiple products

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.

5.0
2016-02-15 CVE-2015-7444 IBM Information Exposure vulnerability in IBM Websphere Commerce 7.0.0.8/7.0.0.9

The Update Installer in IBM WebSphere Commerce Enterprise 7.0.0.8 and 7.0.0.9 does not properly replicate the search index, which allows attackers to obtain sensitive information via unspecified vectors.

5.0
2016-02-15 CVE-2015-5042 IBM Improper Input Validation vulnerability in IBM Emptoris Contract Management

IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote attackers to execute arbitrary code by including a crafted Flash file.

5.0
2016-02-15 CVE-2015-5012 IBM Cryptographic Issues vulnerability in IBM products

The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.

5.0
2016-02-15 CVE-2015-5010 IBM 7PK - Security Features vulnerability in IBM products

IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before 8.0.1.3 IF4, and 9.0 before 9.0.0.1 IF1 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.

5.0
2016-02-15 CVE-2015-2005 IBM Information Exposure vulnerability in IBM Qradar Security Information and Event Manager

IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.5 Patch 6 does not properly expire sessions, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.

5.0
2016-02-19 CVE-2016-2270 Debian
Fedoraproject
XEN
Oracle
Improper Input Validation vulnerability in multiple products

Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.

4.6
2016-02-17 CVE-2016-2072 Citrix 7PK - Security Features vulnerability in Citrix Netscaler

The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

4.3
2016-02-17 CVE-2016-2046 Sophos Cross-site Scripting vulnerability in Sophos Unified Threat Management Software

Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

4.3
2016-02-17 CVE-2013-7447 Canonical
GTK
Integer Overflow vulnerability in GTK+

Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation.

4.3
2016-02-17 CVE-2016-1150 Cybozu Cross-site Scripting vulnerability in Cybozu Office

Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1149.

4.3
2016-02-17 CVE-2016-1149 Cybozu Cross-site Scripting vulnerability in Cybozu Office

Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1150.

4.3
2016-02-17 CVE-2015-8488 Cybozu Information Exposure vulnerability in Cybozu Office 10.3.0

Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487.

4.3
2016-02-17 CVE-2015-7798 Cybozu Cross-site Scripting vulnerability in Cybozu Office

Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2016-1149, and CVE-2016-1150.

4.3
2016-02-17 CVE-2015-7797 Cybozu Cross-site Scripting vulnerability in Cybozu Office

Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.

4.3
2016-02-17 CVE-2015-7796 Cybozu Cross-site Scripting vulnerability in Cybozu Office

Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.

4.3
2016-02-17 CVE-2015-7795 Cybozu Cross-site Scripting vulnerability in Cybozu Office

Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.

4.3
2016-02-16 CVE-2016-2387 SAP Cross-site Scripting vulnerability in SAP Netweaver 7.40

Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) ns or (2) interface parameter to ProxyServer/register, aka SAP Security Note 2220571.

4.3
2016-02-16 CVE-2015-7580 Rubyonrails Cross-site Scripting vulnerability in Rubyonrails Html Sanitizer 1.0.0/1.0.1/1.0.2

Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node.

4.3
2016-02-16 CVE-2015-7579 Rubyonrails Cross-site Scripting vulnerability in Rubyonrails Html Sanitizer 1.0.0/1.0.1/1.0.2

Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class.

4.3
2016-02-16 CVE-2015-7578 Rubyonrails Cross-site Scripting vulnerability in Rubyonrails Html Sanitizer 1.0.0/1.0.1/1.0.2

Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes.

4.3
2016-02-16 CVE-2015-7576 Rubyonrails 7PK - Security Features vulnerability in Rubyonrails Rails and Ruby ON Rails

The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences.

4.3
2016-02-15 CVE-2016-1331 Cisco Cross-site Scripting vulnerability in Cisco Emergency Responder 11.5(0.99833.5)

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 11.5(0.99833.5) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy10766.

4.3
2016-02-15 CVE-2015-8797 Apache Cross-site Scripting vulnerability in Apache Solr

Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI.

4.3
2016-02-15 CVE-2015-8796 Apache Cross-site Scripting vulnerability in Apache Solr

Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL.

4.3
2016-02-15 CVE-2015-8795 Apache Cross-site Scripting vulnerability in Apache Solr

Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js.

4.3
2016-02-15 CVE-2015-8531 IBM Cross-site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Web 8.0 before 8.0.1.3 IF4 and 9.0 before 9.0.0.1 IF1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2016-02-15 CVE-2015-3197 Oracle
Openssl
Information Exposure vulnerability in multiple products

ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.

4.3
2016-02-15 CVE-2016-0232 IBM Information Exposure vulnerability in IBM Financial Transaction Manager

IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading README files.

4.0
2016-02-15 CVE-2016-0231 IBM Information Exposure vulnerability in IBM Financial Transaction Manager 3.0.0.0

IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading exception details in error logs.

4.0

16 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-02-20 CVE-2016-2045 Phpmyadmin
Fedoraproject
Cross-site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.

3.5
2016-02-20 CVE-2016-2043 Fedoraproject
Opensuse
Phpmyadmin
Cross-site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page.

3.5
2016-02-20 CVE-2016-2040 Fedoraproject
Opensuse
Phpmyadmin
Cross-site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header.

3.5
2016-02-19 CVE-2016-1156 Apple
Linecorp
Microsoft
Improper Input Validation vulnerability in Linecorp Line 4.3.0.724/4.3.1

LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X allows remote authenticated users to cause a denial of service (application crash) via a crafted post that is mishandled when displaying a Timeline.

3.5
2016-02-15 CVE-2015-7492 IBM Cross-site Scripting vulnerability in IBM Infosphere Master Data Management Reference Data Management

Cross-site scripting (XSS) vulnerability in Reference Data Management (RDM) in IBM InfoSphere Master Data Management 10.1, 11.0 before FP5, 11.3, 11.4, and 11.5 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2016-02-15 CVE-2015-7398 IBM Cross-site Scripting vulnerability in IBM Emptoris Contract Management

Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2016-02-15 CVE-2015-4957 IBM Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.1.0

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2016-02-15 CVE-2015-2008 IBM Improper Access Control vulnerability in IBM Qradar Security Information and Event Manager

IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.6 includes SSH private keys during backup operations, which allows remote authenticated administrators to obtain sensitive information by reading a backup archive.

3.5
2016-02-17 CVE-2016-2398 Comcast 7PK - Security Features vulnerability in Comcast Xfinity Home Security System

Comcast XFINITY Home Security System does not properly maintain base-station communication, which allows physically proximate attackers to defeat sensor functionality by interfering with ZigBee 2.4 GHz transmissions.

3.3
2016-02-18 CVE-2016-2509 Belden Information Exposure vulnerability in Belden Hirschmann Firmware and Hirschmann L2B

The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network.

2.9
2016-02-18 CVE-2016-1987 HP Improper Input Validation vulnerability in HP Hp-Ux Ipfilter A.11.31.18.21

HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configuration is enabled, allows remote attackers to cause a denial of service via unspecified UDP packets.

2.6
2016-02-17 CVE-2015-8487 Cybozu Information Exposure vulnerability in Cybozu Office

Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488.

2.6
2016-02-15 CVE-2016-0701 Openssl Information Exposure vulnerability in Openssl

The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.

2.6
2016-02-15 CVE-2015-7408 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Storage Manager

The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority.

2.6
2016-02-19 CVE-2016-2271 XEN Denial of Service vulnerability in XEN 4.6.0/4.6.1

VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP.

2.1
2016-02-15 CVE-2015-4991 IBM Information Exposure vulnerability in IBM Spss Modeler

IBM SPSS Modeler 14.2 through FP3 IF027, 15 through FP3 IF015, 16 through FP2 IF012, 17 through FP1 IF018, and 17.1 through IF008 includes unspecified cleartext data in memory dumps, which allows local users to obtain sensitive information by reading a dump file.

2.1