Weekly Vulnerabilities Reports > March 28 to April 3, 2016
Overview
22 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 25 products from 18 vendors including Google, Debian, Opensuse, Canonical, and Apple. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Access Control", "Cross-Site Request Forgery (CSRF)", "Permissions, Privileges, and Access Controls", and "Information Exposure".
- 19 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 4 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 21 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 6 reported vulnerabilities.
- Google has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
3 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2016-04-01 | CVE-2016-2343 | Patterson Dental | Hard Coded Credentials Authentication Bypass vulnerability in Patterson Dental Eaglesoft 17.0 Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote attackers to obtain sensitive Dental.DB patient information via SQL statements. | 10.0 |
| 2016-03-31 | CVE-2016-3141 | Apple PHP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element. | 9.8 |
| 2016-03-29 | CVE-2016-3679 | Google Canonical Opensuse | Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 9.3 |
9 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2016-03-29 | CVE-2016-1650 | Opensuse Debian | The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/page_capture_api.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document. | 8.8 |
| 2016-03-29 | CVE-2016-1649 | Debian Canonical Opensuse | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted shader stages. | 8.8 |
| 2016-03-29 | CVE-2016-1648 | Google Opensuse Debian | Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code. | 8.8 |
| 2016-03-29 | CVE-2016-1647 | Google Canonical Debian Opensuse | Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 8.8 |
| 2016-03-29 | CVE-2016-1646 | Debian Canonical Opensuse | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code. | 8.8 |
| 2016-03-31 | CVE-2016-3142 | PHP Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location. | 8.2 |
| 2016-03-28 | CVE-2016-2344 | Autodesk | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Autodesk Backburner 2016.0.0.2150 Stack-based buffer overflow in manager.exe in Backburner Manager in Autodesk Backburner 2016 2016.0.0.2150 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted command. | 7.8 |
| 2016-03-28 | CVE-2014-9769 | Pcre | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Pcre 8.35 pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. | 7.5 |
| 2016-03-29 | CVE-2016-2288 | Cogentdatahub | Permissions, Privileges, and Access Controls vulnerability in Cogentdatahub Cogent Datahub Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file. | 7.2 |
8 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2016-03-28 | CVE-2016-0226 | IBM Microsoft | Improper Access Control vulnerability in IBM Informix Dynamic Server 11.70.Xcn The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file. | 6.9 |
| 2016-04-01 | CVE-2016-1168 | Aterm | Cross-Site Request Forgery (CSRF) vulnerability in Aterm Wf800Hp Firmware 1.0.17 Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2016-04-01 | CVE-2016-1167 | Aterm | Cross-Site Request Forgery (CSRF) vulnerability in Aterm Wg300Hp Firmware 1.0.8 Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP devices allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2016-03-30 | CVE-2015-8837 | Fuseiso Project Debian Fedoraproject | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the isofs_real_readdir function in isofs.c in FuseISO 20070708 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long pathname in an ISO file. | 6.8 |
| 2016-03-30 | CVE-2015-8836 | Fedoraproject Fuseiso Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Integer overflow in the isofs_real_read_zf function in isofs.c in FuseISO 20070708 might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ZF block size in an ISO file, leading to a heap-based buffer overflow. | 6.8 |
| 2016-04-01 | CVE-2016-2289 | Iconics | Path Traversal vulnerability in Iconics Webhmi 9.0 Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors. | 5.0 |
| 2016-04-01 | CVE-2016-0793 | Redhat Microsoft | Information Exposure vulnerability in Redhat Jboss Wildfly Application Server 10.0.0 Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contains (a) lowercase or (b) "meaningless" characters. | 5.0 |
| 2016-04-01 | CVE-2016-1345 | Cisco | Improper Input Validation vulnerability in Cisco products Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726. | 5.0 |
2 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2016-03-28 | CVE-2016-1314 | Cisco | Cross-site Scripting vulnerability in Cisco Unified Communications Domain Manager 8.1(.1) Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (CDM) 8.1(1) allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux80760. | 3.5 |
| 2016-03-29 | CVE-2016-1760 | Apple | Improper Access Control vulnerability in Apple Iphone OS The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app. | 2.1 |