Weekly Vulnerabilities Reports > April 25 to May 1, 2016

Overview

94 new vulnerabilities reported during this period, including 10 critical vulnerabilities and 7 high severity vulnerabilities. This weekly summary report vulnerabilities in 60 products from 29 vendors including Linux, Wireshark, Canonical, Mozilla, and Novell. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Improper Access Control", "Race Condition", and "7PK - Security Features".

  • 63 reported vulnerabilities are remotely exploitables.
  • 7 reported vulnerabilities have public exploit available.
  • 9 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 91 reported vulnerabilities are exploitable by an anonymous user.
  • Linux has the most reported vulnerabilities, with 28 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

10 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-04-30 CVE-2016-2807 Mozilla
Opensuse
Suse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2016-04-30 CVE-2016-2806 Debian
Opensuse
Suse
Mozilla
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2016-04-30 CVE-2016-2805 Mozilla Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox ESR

Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2016-04-30 CVE-2016-2804 Mozilla Buffer Errors vulnerability in Mozilla Firefox and Firefox ESR

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2016-04-27 CVE-2015-8812 Novell
Linux
Local Privilege Escalation vulnerability in Linux Kernel

drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.

10.0
2016-04-26 CVE-2016-3082 Apache Improper Input Validation vulnerability in Apache Struts

XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.

10.0
2016-04-26 CVE-2016-1601 Suse Credentials Management vulnerability in Suse Yast2

yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow attackers to have unspecified impact via unknown vectors.

10.0
2016-04-25 CVE-2016-2331 Systech Credentials Management vulnerability in Systech Syslink Sl-1000 Modular Gateway Firmware

The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors.

10.0
2016-04-26 CVE-2016-3081 Apache
Oracle
Command Injection vulnerability in multiple products

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.

9.3
2016-04-25 CVE-2016-2332 Systech Command Injection vulnerability in Systech Syslink Sl-1000 Modular Gateway Firmware

flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the 5066 (aka dnsmasq) parameter.

9.0

7 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-04-26 CVE-2016-3074 Libgd
Debian
Numeric Errors vulnerability in multiple products

Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.

7.5
2016-05-01 CVE-2015-8325 Debian
Openbsd
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.

7.2
2016-04-28 CVE-2016-4349 Cisco DLL Loading Local Code Execution vulnerability in Cisco Webex Productivity Tools 2.40.5001.10012

Untrusted search path vulnerability in Cisco WebEx Productivity Tools 2.40.5001.10012 allows local users to gain privileges via a Trojan horse cryptsp.dll, dwmapi.dll, msimg32.dll, ntmarta.dll, propsys.dll, riched20.dll, rpcrtremote.dll, secur32.dll, sxs.dll, or uxtheme.dll file in the current working directory, aka Bug ID CSCuy56140.

7.2
2016-04-27 CVE-2016-3135 Linux
Canonical
Local Memory Corruption and Integer Overflow vulnerability in Linux Kernel

Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.

7.2
2016-04-27 CVE-2016-3134 Novell
Linux
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.

7.2
2016-04-27 CVE-2015-8816 Novell
Linux
Denial of Service vulnerability in Linux Kernel 'usb/core/hub.c' NULL Pointer Dereference

The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.

7.2
2016-04-25 CVE-2016-1202 Atom Remote Code Execution vulnerability in Atom Electron 0.33.4

Untrusted search path vulnerability in Atom Electron before 0.33.5 allows local users to gain privileges via a Trojan horse Node.js module in a parent directory of a directory named on a require line.

7.2

72 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-04-27 CVE-2016-2143 Linux
Debian
Improper Input Validation vulnerability in multiple products

The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h.

6.9
2016-04-30 CVE-2016-2814 Mozilla Buffer Errors vulnerability in Mozilla Firefox and Firefox ESR

Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table.

6.8
2016-04-30 CVE-2016-2811 Mozilla Unspecified vulnerability in Mozilla Firefox

Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the BeginReading method.

6.8
2016-04-30 CVE-2016-1201 Lockon Cross-Site Request Forgery (CSRF) vulnerability in Lockon Ec-Cube

Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators.

6.8
2016-04-30 CVE-2016-1111 Adobe
Apple
Microsoft
Double Free Remote Code Execution vulnerability in Adobe Acrobat and Reader

Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via a crafted Graphics State dictionary.

6.8
2016-04-26 CVE-2016-4002 Qemu
Fedoraproject
Canonical
Debian
Classic Buffer Overflow vulnerability in multiple products

Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes.

6.8
2016-04-25 CVE-2016-2346 Allroundautomations Insufficient Verification of Data Authenticity vulnerability in Allroundautomations Pl/Sql Developer

Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream.

6.8
2016-04-25 CVE-2016-4054 Canonical
Squid Cache
Oracle
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.

6.8
2016-04-25 CVE-2016-4052 Canonical
Squid Cache
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.

6.8
2016-04-25 CVE-2016-4051 Canonical
Oracle
Squid Cache
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.

6.8
2016-04-30 CVE-2016-1200 Lockon Improper Access Control vulnerability in Lockon Ec-Cube 3.0.7/3.0.8/3.0.9

The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199.

6.5
2016-04-30 CVE-2016-1343 Cisco XML External Entity Denial of Service vulnerability in Cisco Information Server 6.2Base

The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059.

6.4
2016-04-30 CVE-2016-2809 Microsoft
Mozilla
Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox

The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution.

5.8
2016-04-25 CVE-2016-2113 Samba
Canonical
Cryptographic Issues vulnerability in multiple products

Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate.

5.8
2016-04-27 CVE-2016-0774 Linux
Google
Improper Input Validation vulnerability in multiple products

The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-1805.

5.6
2016-04-30 CVE-2016-2812 Mozilla Race Condition vulnerability in Mozilla Firefox

Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site.

5.1
2016-04-30 CVE-2016-2808 Mozilla Buffer Errors vulnerability in Mozilla Firefox and Firefox ESR

The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site.

5.1
2016-04-30 CVE-2016-1199 Lockon Information Exposure vulnerability in Lockon Ec-Cube

The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200.

5.0
2016-04-28 CVE-2016-1386 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module 1.0.(1)

The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521.

5.0
2016-04-25 CVE-2016-2333 Systech Cryptographic Issues vulnerability in Systech Syslink Sl-1000 Modular Gateway Firmware

SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers' installations, which allows attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.

5.0
2016-04-25 CVE-2015-8852 Varnish Cache
Debian
Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.
5.0
2016-04-27 CVE-2016-3139 Novell
Linux
The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
4.9
2016-04-27 CVE-2016-2847 Linux
Novell
Resource Management Errors vulnerability in Linux Kernel

fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.

4.9
2016-04-27 CVE-2016-2782 Novell
Linux
Null Pointer Dereference Local Denial of Service vulnerability in RETIRED: Linux Kernel

The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.

4.9
2016-04-27 CVE-2016-2550 Linux Resource Management Errors vulnerability in Linux Kernel

The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by leveraging incorrect tracking of descriptor ownership and sending each descriptor over a UNIX socket before closing it.

4.9
2016-04-27 CVE-2016-2548 Linux Improper Input Validation vulnerability in Linux Kernel

sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions.

4.9
2016-04-27 CVE-2016-2543 Linux Null Pointer Deference Local Denial of Service vulnerability in Linux Kernel

The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call.

4.9
2016-04-27 CVE-2016-2384 Linux
Novell
Local Denial of Service vulnerability in Linux Kernel

Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.

4.9
2016-04-27 CVE-2016-2184 Linux
Canonical
Novell
Local Denial of Service vulnerability in Linux Kernel

The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.

4.9
2016-04-27 CVE-2015-8845 Linux
Suse
Novell
Improper Access Control vulnerability in Linux Kernel

The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.

4.9
2016-04-27 CVE-2015-7515 Linux Local Denial of Service vulnerability in Linux Kernel

The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.

4.9
2016-04-27 CVE-2015-1339 Linux
Novell
Resource Management Errors vulnerability in Linux Kernel

Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times.

4.9
2016-04-27 CVE-2016-2547 Linux Race Condition vulnerability in Linux Kernel

sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.

4.7
2016-04-27 CVE-2016-2546 Linux Race Condition vulnerability in Linux Kernel

sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.

4.7
2016-04-27 CVE-2016-2545 Linux Race Condition vulnerability in Linux Kernel

The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call.

4.7
2016-04-27 CVE-2016-2544 Linux Race Condition vulnerability in Linux Kernel

Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time.

4.7
2016-04-27 CVE-2015-8844 Linux Improper Input Validation vulnerability in Linux Kernel

The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.

4.7
2016-04-27 CVE-2016-3672 Canonical
Novell
Linux
7PK - Security Features vulnerability in multiple products

The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.

4.6
2016-04-27 CVE-2016-2069 Canonical
Linux
Race Condition vulnerability in multiple products

Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.

4.4
2016-05-01 CVE-2016-4421 Wireshark Improper Input Validation vulnerability in Wireshark

epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data.

4.3
2016-05-01 CVE-2016-4420 Wireshark Improper Input Validation vulnerability in Wireshark 2.0.0/2.0.1

The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3
2016-05-01 CVE-2016-4419 Wireshark Resource Management Errors vulnerability in Wireshark 2.0.0/2.0.1

epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted packet.

4.3
2016-05-01 CVE-2016-4418 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark

epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set.

4.3
2016-05-01 CVE-2016-4417 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark

Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a 0xff tag value.

4.3
2016-05-01 CVE-2016-4416 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark 2.0.0/2.0.1

epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.

4.3
2016-05-01 CVE-2016-4415 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark 2.0.0/2.0.1

wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted file.

4.3
2016-04-30 CVE-2016-2820 Mozilla Improper Access Control vulnerability in Mozilla Firefox

The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element.

4.3
2016-04-30 CVE-2016-2817 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox

The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted extension that accesses a (1) javascript: or (2) data: URL.

4.3
2016-04-30 CVE-2016-2816 Mozilla Improper Access Control vulnerability in Mozilla Firefox

Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type.

4.3
2016-04-30 CVE-2016-2813 Google
Mozilla
Information Exposure vulnerability in Mozilla Firefox

Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780.

4.3
2016-04-30 CVE-2016-2810 Google
Mozilla
Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox

Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password.

4.3
2016-04-28 CVE-2016-1389 Cisco Open Redirection vulnerability in Cisco Webex Meetings Server 2.6.0

Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuy44695.

4.3
2016-04-28 CVE-2016-1205 Shiro8 Cross-Site Scripting vulnerability in Shiro8 products

Cross-site scripting (XSS) vulnerability in the shiro8 (1) category_freearea_ addition_plugin plugin 1.0 and (2) itemdetail_freearea_ addition_plugin plugin 1.0 for EC-CUBE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2016-04-25 CVE-2016-4053 Squid Cache
Oracle
Canonical
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.

4.3
2016-04-25 CVE-2016-4085 Oracle
Debian
Wireshark
Improper Input Validation vulnerability in multiple products

Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet.

4.3
2016-04-25 CVE-2016-4084 Wireshark Unspecified vulnerability in Wireshark 2.0.0/2.0.1/2.0.2

Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and application crash) via a crafted packet that triggers an unexpected array size.

4.3
2016-04-25 CVE-2016-4083 Wireshark Improper Input Validation vulnerability in Wireshark 2.0.0/2.0.1/2.0.2

epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3
2016-04-25 CVE-2016-4082 Wireshark
Debian
Oracle
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet.

4.3
2016-04-25 CVE-2016-4081 Wireshark Improper Access Control vulnerability in Wireshark

epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

4.3
2016-04-25 CVE-2016-4080 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark

epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.

4.3
2016-04-25 CVE-2016-4079 Debian
Oracle
Wireshark
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet.

4.3
2016-04-25 CVE-2016-4078 Wireshark Improper Input Validation vulnerability in Wireshark

The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c.

4.3
2016-04-25 CVE-2016-4077 Wireshark Unspecified vulnerability in Wireshark 2.0.0/2.0.1/2.0.2

epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.

4.3
2016-04-25 CVE-2016-4076 Wireshark Improper Access Control vulnerability in Wireshark 2.0.0/2.0.1/2.0.2

epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3
2016-04-25 CVE-2016-4006 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark

epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet.

4.3
2016-04-25 CVE-2016-2115 Canonical
Samba
7PK - Security Features vulnerability in multiple products

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.

4.3
2016-04-25 CVE-2016-2114 Samba
Canonical
7PK - Security Features vulnerability in multiple products

The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream.

4.3
2016-04-25 CVE-2016-2112 Samba
Canonical
7PK - Security Features vulnerability in multiple products

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.

4.3
2016-04-25 CVE-2016-2111 Samba
Canonical
7PK - Security Features vulnerability in multiple products

The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.

4.3
2016-04-25 CVE-2016-2110 Samba
Canonical
7PK - Security Features vulnerability in multiple products

The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security.

4.3
2016-04-25 CVE-2015-5370 Samba
Canonical
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors.
4.3
2016-04-28 CVE-2016-0211 IBM Improper Input Validation vulnerability in IBM DB2 and DB2 Connect

IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted DRDA message.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-04-25 CVE-2016-1185 Cybozu Information Exposure vulnerability in Cybozu Kintone

The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application.

2.6
2016-04-27 CVE-2016-3156 Novell
Canonical
Linux
Resource Management Errors vulnerability in multiple products

The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.

2.1
2016-04-27 CVE-2016-2549 Linux Improper Input Validation vulnerability in Linux Kernel

sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call.

2.1
2016-04-27 CVE-2016-2383 Linux Information Exposure vulnerability in Linux Kernel

The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions.

2.1
2016-04-27 CVE-2016-2085 Linux Data Processing Errors vulnerability in Linux Kernel

The evm_verify_hmac function in security/integrity/evm/evm_main.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to forge MAC values via a timing side-channel attack.

2.1