Weekly Vulnerabilities Reports > March 28 to April 3, 2016

Overview

22 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 31 products from 19 vendors including Google, Debian, Opensuse, Canonical, and Apple. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Access Control", "Cross-Site Request Forgery (CSRF)", "Permissions, Privileges, and Access Controls", and "Out-of-bounds Read".

  • 19 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 4 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 21 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-04-01 CVE-2016-2343 Patterson Dental Hard Coded Credentials Authentication Bypass vulnerability in Patterson Dental Eaglesoft 17.0

Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote attackers to obtain sensitive Dental.DB patient information via SQL statements.

10.0
2016-03-31 CVE-2016-3141 Apple
PHP
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.

9.8
2016-03-29 CVE-2016-3679 Google
Canonical
Opensuse
Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
9.3

9 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-03-29 CVE-2016-1650 Opensuse
Debian
Google
The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/page_capture_api.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document.
8.8
2016-03-29 CVE-2016-1649 Debian
Canonical
Opensuse
Google
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted shader stages.

8.8
2016-03-29 CVE-2016-1648 Google
Opensuse
Debian
Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code.
8.8
2016-03-29 CVE-2016-1647 Google
Canonical
Debian
Opensuse
Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
8.8
2016-03-29 CVE-2016-1646 Debian
Canonical
Google
Opensuse
Suse
Redhat
Out-of-bounds Read vulnerability in multiple products

The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.

8.8
2016-03-31 CVE-2016-3142 PHP
Apple
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location.

8.2
2016-03-28 CVE-2016-2344 Autodesk Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Autodesk Backburner 2016.0.0.2150

Stack-based buffer overflow in manager.exe in Backburner Manager in Autodesk Backburner 2016 2016.0.0.2150 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted command.

7.8
2016-03-28 CVE-2014-9769 Pcre Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Pcre 8.35

pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.

7.5
2016-03-29 CVE-2016-2288 Cogentdatahub Permissions, Privileges, and Access Controls vulnerability in Cogentdatahub Cogent Datahub

Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file.

7.2

8 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-03-28 CVE-2016-0226 IBM
Microsoft
Improper Access Control vulnerability in IBM Informix Dynamic Server 11.70.Xcn

The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file.

6.9
2016-04-01 CVE-2016-1168 Aterm Cross-Site Request Forgery (CSRF) vulnerability in Aterm Wf800Hp Firmware 1.0.17

Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users.

6.8
2016-04-01 CVE-2016-1167 Aterm Cross-Site Request Forgery (CSRF) vulnerability in Aterm Wg300Hp Firmware 1.0.8

Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP devices allows remote attackers to hijack the authentication of arbitrary users.

6.8
2016-03-30 CVE-2015-8837 Fuseiso Project
Debian
Fedoraproject
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in the isofs_real_readdir function in isofs.c in FuseISO 20070708 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long pathname in an ISO file.

6.8
2016-03-30 CVE-2015-8836 Fedoraproject
Fuseiso Project
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Integer overflow in the isofs_real_read_zf function in isofs.c in FuseISO 20070708 might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ZF block size in an ISO file, leading to a heap-based buffer overflow.

6.8
2016-04-01 CVE-2016-2289 Iconics Path Traversal vulnerability in Iconics Webhmi 9.0

Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors.

5.0
2016-04-01 CVE-2016-0793 Redhat
Microsoft
Information Exposure vulnerability in Redhat Jboss Wildfly Application Server 10.0.0

Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contains (a) lowercase or (b) "meaningless" characters.

5.0
2016-04-01 CVE-2016-1345 Cisco Improper Input Validation vulnerability in Cisco products

Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726.

5.0

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-03-28 CVE-2016-1314 Cisco Cross-site Scripting vulnerability in Cisco Unified Communications Domain Manager 8.1(.1)

Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (CDM) 8.1(1) allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux80760.

3.5
2016-03-29 CVE-2016-1760 Apple Improper Access Control vulnerability in Apple Iphone OS

The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app.

2.1