Weekly Vulnerabilities Reports > August 15 to 21, 2016

Overview

23 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 4 high severity vulnerabilities. This weekly summary report vulnerabilities in 34 products from 11 vendors including Theforeman, Cisco, Fortinet, Debian, and Apache. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "7PK - Security Features", and "Use After Free".

  • 22 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 8 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 10 reported vulnerabilities are exploitable by an anonymous user.
  • Theforeman has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • Cisco has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

5 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-08-19 CVE-2015-8949 DBD Mysql Project
Debian
Use After Free vulnerability in multiple products

Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.

10.0
2016-08-19 CVE-2014-9906 Debian
DBD Mysql Project
Use After Free vulnerability in multiple products

Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.

10.0
2016-08-18 CVE-2016-4654 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS 9.3.3

IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3
2016-08-18 CVE-2016-1458 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Firepower Management Center

The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 allows remote authenticated users to increase user-account privileges via crafted HTTP requests, aka Bug ID CSCur25483.

9.0
2016-08-18 CVE-2016-1457 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Firepower Management Center

The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute arbitrary commands as root via crafted HTTP requests, aka Bug ID CSCur25513.

9.0

4 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-08-19 CVE-2015-8022 F5 Permissions, Privileges, and Access Controls vulnerability in F5 products

The Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, and Link Controller 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AFM and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF16 and 11.3.0; and BIG-IP PSM 11.x before 11.2.1 HF16, 11.3.x, and 11.4.x before 11.4.1 HF10 allows remote authenticated users with certain permissions to gain privileges by leveraging an Access Policy Manager customization configuration section that allows file uploads.

8.5
2016-08-18 CVE-2016-1365 Cisco Improper Input Validation vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module 1.0.10

The Grapevine update process in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0 allows remote authenticated users to execute arbitrary commands as root via a crafted upgrade parameter, aka Bug ID CSCux15507.

8.5
2016-08-18 CVE-2016-6366 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products

Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON.

8.5
2016-08-19 CVE-2016-6493 Citrix 7PK - Security Features vulnerability in Citrix Xenapp and Xendesktop

Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission.

7.5

10 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-08-18 CVE-2016-6367 Cisco Local Code Execution vulnerability in Multiple Cisco Products

Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA.

6.8
2016-08-19 CVE-2016-4475 Theforeman 7PK - Security Features vulnerability in Theforeman Foreman

The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors.

6.5
2016-08-19 CVE-2016-0760 Apache Improper Access Control vulnerability in Apache Sentry 1.5.1/1.6.0

Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions.

6.5
2016-08-19 CVE-2016-6254 Debian
Collectd
Fedoraproject
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet.

6.4
2016-08-19 CVE-2016-4451 Theforeman 7PK - Security Features vulnerability in Theforeman Foreman

The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that organization.

6.0
2016-08-19 CVE-2016-5736 F5 Improper Access Control vulnerability in F5 products

The default configuration of the IPsec IKE peer listener in F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP DNS 12.x before 12.0.0 HF2; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 before HF16; BIG-IP GTM 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1; and BIG-IP PSM 11.4.0 through 11.4.1 improperly enables the anonymous IPsec IKE peer configuration object, which allows remote attackers to establish an IKE Phase 1 negotiation and possibly conduct brute-force attacks against Phase 2 negotiations via unspecified vectors.

5.0
2016-08-19 CVE-2016-6319 Theforeman Cross-site Scripting vulnerability in Theforeman Foreman

Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary web script or HTML via the label parameter.

4.3
2016-08-19 CVE-2016-3195 Fortinet Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware

Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2016-08-19 CVE-2016-3194 Fortinet Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware

Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2016-08-19 CVE-2016-3089 Apache Cross-site Scripting vulnerability in Apache Openmeetings

Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter.

4.3

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-08-19 CVE-2016-6320 Theforeman Cross-site Scripting vulnerability in Theforeman Foreman

Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the host interface form.

3.5
2016-08-19 CVE-2016-5390 Theforeman Information Exposure vulnerability in Theforeman Foreman

Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts permission containing a filter to obtain sensitive network interface information via a request to API routes beneath "hosts," as demonstrated by a GET request to api/v2/hosts/secrethost/interfaces.

3.5
2016-08-19 CVE-2016-4995 Theforeman Information Exposure vulnerability in Theforeman Foreman

Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.

3.5
2016-08-19 CVE-2016-3193 Fortinet Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware

Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5