Weekly Vulnerabilities Reports > June 20 to 26, 2016
Overview
47 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 8 high severity vulnerabilities. This weekly summary report vulnerabilities in 91 products from 24 vendors including Cisco, IBM, Cybozu, Collne, and Huawei. Vulnerabilities are notably categorized as "Information Exposure", "Improper Access Control", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Cross-site Scripting".
- 36 reported vulnerabilities are remotely exploitables.
- 12 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 37 reported vulnerabilities are exploitable by an anonymous user.
- Cisco has the most reported vulnerabilities, with 8 reported vulnerabilities.
- Oracle has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
2 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2016-06-20 | CVE-2016-2362 | Fonality | Unspecified vulnerability in Fonality 12.6/12.8/14.1I Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a (1) FTP or (2) SSH connection. | 10.0 |
| 2016-06-20 | CVE-2016-2177 | HP Openssl Oracle | Integer Overflow or Wraparound vulnerability in multiple products OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. | 9.8 |
8 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2016-06-25 | CVE-2016-4823 | Corega | Denial of Service vulnerability in CG-WLBARAGM Corega CG-WLBARAGM devices allow remote attackers to cause a denial of service (reboot) via unspecified vectors. | 7.8 |
| 2016-06-26 | CVE-2015-7988 | Apple | NULL Pointer Dereference Remote Code Execution vulnerability in mDNSResponder The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors. | 7.5 |
| 2016-06-25 | CVE-2016-4519 | Unitronics | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Unitronics Visilogic Oplc IDE 9.8.0.00 Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers to execute arbitrary code via a crafted filename field in a ZIP archive in a vlp file. | 7.5 |
| 2016-06-24 | CVE-2016-5722 | Huawei | Information Exposure vulnerability in Huawei Ocean Stor Firmware Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network. | 7.5 |
| 2016-06-23 | CVE-2015-6289 | Cisco | Resource Management Errors vulnerability in Cisco IOS 15.5(3)M Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476. | 7.5 |
| 2016-06-24 | CVE-2016-5723 | Huawei | Permissions, Privileges, and Access Controls vulnerability in Huawei Fusioninsight HD V100R002C30/V100R002C50 Huawei FusionInsight HD before V100R002C60SPC200 allows local users to gain root privileges via unspecified vectors. | 7.2 |
| 2016-06-20 | CVE-2016-2363 | Fonality | Permissions, Privileges, and Access Controls vulnerability in Fonality 12.6/12.8/14.1I Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 uses weak permissions for the /var/www/rpc/surun script, which allows local users to obtain root access for unspecified command execution by leveraging access to the nobody account. | 7.2 |
| 2016-06-24 | CVE-2016-5435 | Huawei | Resource Management Errors vulnerability in Huawei Firmware V5500R001C00 Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows remote attackers to cause a denial of service (memory consumption and reboot) via a crafted packet. | 7.1 |
32 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2016-06-24 | CVE-2016-4802 | Haxx | Permissions, Privileges, and Access Controls vulnerability in Haxx Curl Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory. | 6.9 |
| 2016-06-26 | CVE-2016-0301 | IBM | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Domino Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0279. | 6.8 |
| 2016-06-26 | CVE-2016-0279 | IBM | Improper Access Control vulnerability in IBM Domino Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0301. | 6.8 |
| 2016-06-26 | CVE-2016-0278 | IBM | Improper Access Control vulnerability in IBM Domino Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0279, and CVE-2016-0301. | 6.8 |
| 2016-06-26 | CVE-2016-0277 | IBM | Improper Access Control vulnerability in IBM Domino Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0278, CVE-2016-0279, and CVE-2016-0301. | 6.8 |
| 2016-06-26 | CVE-2016-2901 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM web Content Manager and Websphere Portal Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 6.8 |
| 2016-06-26 | CVE-2015-7987 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function. | 6.8 |
| 2016-06-25 | CVE-2016-4825 | Collne | Improper Input Validation vulnerability in Collne Welcart E-Commerce The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data. | 6.8 |
| 2016-06-23 | CVE-2016-1428 | Cisco | Denial of Service vulnerability in Cisco IOS XE 3.15.0S/3.16.0S/3.17.0S Double free vulnerability in Cisco IOS XE 3.15S, 3.16S, and 3.17S allows remote authenticated users to cause a denial of service (device restart) via a sequence of crafted SNMP read requests, aka Bug ID CSCux13174. | 6.8 |
| 2016-06-23 | CVE-2016-0914 | EMC | Improper Access Control vulnerability in EMC products EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface. | 6.5 |
| 2016-06-25 | CVE-2016-4828 | Collne | Data Processing Errors vulnerability in Collne Welcart E-Commerce The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account. | 6.4 |
| 2016-06-23 | CVE-2016-1435 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(1) Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014. | 6.2 |
| 2016-06-25 | CVE-2016-1189 | Cybozu | Unspecified vulnerability in Cybozu Garoon Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors. | 5.5 |
| 2016-06-20 | CVE-2016-2178 | Openssl Oracle Suse Nodejs Debian Canonical | Information Exposure Through Discrepancy vulnerability in multiple products The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. | 5.5 |
| 2016-06-25 | CVE-2016-4822 | Corega | Command Injection vulnerability in Corega Cg-Wlbargnl Firmware Corega CG-WLBARGL devices allow remote authenticated users to execute arbitrary commands via unspecified vectors. | 5.2 |
| 2016-06-25 | CVE-2016-4824 | Corega | 7PK - Security Features vulnerability in Corega Cg-Wlr300Gnv-W Firmware and Cg-Wlr300Gnv Firmware The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack. | 5.0 |
| 2016-06-25 | CVE-2016-1193 | Cybozu | Information Exposure vulnerability in Cybozu Garoon Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors. | 5.0 |
| 2016-06-23 | CVE-2016-1438 | Cisco | Improper Input Validation vulnerability in Cisco Asyncos 9.7.0125 Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210. | 5.0 |
| 2016-06-23 | CVE-2016-1436 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco ASR 5000 Software The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1 packet, aka Bug ID CSCuz46198. | 5.0 |
| 2016-06-20 | CVE-2016-2364 | Fonality | Unspecified vulnerability in Fonality and HUD web The Chrome HUDweb plugin before 2016-05-05 for Fonality (previously trixbox Pro) 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | 5.0 |
| 2016-06-26 | CVE-2016-4513 | Schneider Electric | Cross-site Scripting vulnerability in Schneider-Electric Powerlogic Pm8Ecc Firmware Cross-site scripting (XSS) vulnerability in the Schneider Electric PowerLogic PM8ECC module before 2.651 for PowerMeter 800 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2016-06-25 | CVE-2016-4827 | Collne | Cross-site Scripting vulnerability in Collne Welcart E-Commerce Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826. | 4.3 |
| 2016-06-25 | CVE-2016-4826 | Collne | Cross-site Scripting vulnerability in Collne Welcart E-Commerce Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827. | 4.3 |
| 2016-06-25 | CVE-2016-4528 | Advantech | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file. | 4.3 |
| 2016-06-23 | CVE-2016-1439 | Cisco | Cross-site Scripting vulnerability in Cisco Unified Contact Center Enterprise Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center Enterprise through 10.5(2) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux59650. | 4.3 |
| 2016-06-20 | CVE-2015-8289 | Netgear | Information Exposure vulnerability in Netgear D3600 Firmware and D6000 Firmware The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code. | 4.3 |
| 2016-06-20 | CVE-2015-8288 | Netgear | Unspecified vulnerability in Netgear D3600 Firmware and D6000 Firmware NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | 4.3 |
| 2016-06-25 | CVE-2016-1190 | Cybozu | Improper Access Control vulnerability in Cybozu Garoon Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors. | 4.0 |
| 2016-06-25 | CVE-2016-1188 | Cybozu | Unspecified vulnerability in Cybozu Garoon Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors. | 4.0 |
| 2016-06-24 | CVE-2016-5021 | F5 | Information Exposure vulnerability in F5 products The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sensitive information via unspecified vectors. | 4.0 |
| 2016-06-23 | CVE-2016-1437 | Cisco | SQL Injection vulnerability in Cisco Prime Collaboration Deployment SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy92549. | 4.0 |
| 2016-06-23 | CVE-2016-1434 | Cisco | Improper Input Validation vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(1) The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010. | 4.0 |
5 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2016-06-26 | CVE-2016-5087 | Alertus | Permissions, Privileges, and Access Controls vulnerability in Alertus Desktop Notification for OS X Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak permissions for configuration files and unspecified other files, which allows local users to suppress emergency notifications or change content via standard filesystem operations. | 3.6 |
| 2016-06-25 | CVE-2016-4525 | Advantech | Unspecified vulnerability in Advantech Webaccess Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag. | 3.3 |
| 2016-06-26 | CVE-2016-0259 | IBM | Information Exposure vulnerability in IBM Websphere MQ runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass an intended +dsp authority requirement and obtain sensitive information via unspecified display commands. | 2.1 |
| 2016-06-26 | CVE-2015-7473 | IBM | Improper Access Control vulnerability in IBM Websphere MQ runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp. | 2.1 |
| 2016-06-24 | CVE-2016-5709 | Solarwinds | Information Exposure vulnerability in Solarwinds Virtualization Manager SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack. | 1.9 |