Weekly Vulnerabilities Reports > September 19 to 25, 2016

Overview

192 new vulnerabilities reported during this period, including 36 critical vulnerabilities and 34 high severity vulnerabilities. This weekly summary report vulnerabilities in 153 products from 40 vendors including Apple, Libarchive, Mozilla, Canonical, and Cisco. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Information Exposure", "Permissions, Privileges, and Access Controls", and "Out-of-bounds Read".

  • 168 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 19 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 177 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 70 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 26 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

36 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-09-25 CVE-2016-4702 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

10.0
2016-09-25 CVE-2016-4658 Apple
Xmlsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.

10.0
2016-09-24 CVE-2016-6532 Dexis USE of Hard-Coded Credentials vulnerability in Dexis Imaging Suite 10.0

DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXIS_DATA SQL Server session.

10.0
2016-09-22 CVE-2016-6406 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Email Security Appliance Firmware

Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security Appliance (ESA) devices, when Enrollment Client before 1.0.2-065 is installed, allows remote attackers to obtain root access via a connection to the testing/debugging interface, aka Bug ID CSCvb26017.

10.0
2016-09-21 CVE-2016-6530 Dentsply Sirona USE of Hard-Coded Credentials vulnerability in Dentsply Sirona CDR Dicom

Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and cdr accounts, which allows remote attackers to obtain administrative access by leveraging knowledge of these passwords.

10.0
2016-09-20 CVE-2016-6662 Oracle
Percona
Mariadb
Debian
Redhat
Permissions, Privileges, and Access Controls vulnerability in multiple products

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration.

10.0
2016-09-19 CVE-2016-6536 Aver Permissions, Privileges, and Access Controls vulnerability in Aver Eh6108H+ Firmware

The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value.

10.0
2016-09-19 CVE-2016-6535 Aver USE of Hard-Coded Credentials vulnerability in Aver Eh6108H+ Firmware X9.03.24.00.07L

AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session.

10.0
2016-09-25 CVE-2016-4778 Apple Permissions, Privileges, and Access Controls vulnerability in Apple products

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3
2016-09-25 CVE-2016-4777 Apple Permissions, Privileges, and Access Controls vulnerability in Apple products

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app.

9.3
2016-09-25 CVE-2016-4753 Apple Improper Input Validation vulnerability in Apple products

Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk images, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3
2016-09-25 CVE-2016-4750 Apple Buffer Errors vulnerability in Apple Iphone OS and mac OS X

S2 Camera in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3
2016-09-25 CVE-2016-4738 Apple
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

9.3
2016-09-25 CVE-2016-4737 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

9.3
2016-09-25 CVE-2016-4736 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

libarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted file.

9.3
2016-09-25 CVE-2016-4735 Apple Buffer Errors vulnerability in Apple Iphone OS, Safari and Tvos

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4734.

9.3
2016-09-25 CVE-2016-4734 Apple Buffer Errors vulnerability in Apple Iphone OS, Safari and Tvos

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4735.

9.3
2016-09-25 CVE-2016-4733 Apple Buffer Errors vulnerability in Apple Iphone OS, Safari and Tvos

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4734, and CVE-2016-4735.

9.3
2016-09-25 CVE-2016-4731 Apple Buffer Errors vulnerability in Apple Iphone OS and Safari

WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4729.

9.3
2016-09-25 CVE-2016-4730 Apple Buffer Errors vulnerability in Apple Iphone OS, Safari and Tvos

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.

9.3
2016-09-25 CVE-2016-4729 Apple Buffer Errors vulnerability in Apple Iphone OS and Safari

WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4731.

9.3
2016-09-25 CVE-2016-4727 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

IOThunderboltFamily in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3
2016-09-25 CVE-2016-4726 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3
2016-09-25 CVE-2016-4724 Apple Null Pointer Dereference vulnerability in Apple Iphone OS and mac OS X

IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

9.3
2016-09-25 CVE-2016-4723 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

Intel Graphics Driver in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3
2016-09-25 CVE-2016-4712 Apple Out-Of-Bounds Write vulnerability in Apple products

CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.

9.3
2016-09-25 CVE-2016-4703 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

Bluetooth in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3
2016-09-25 CVE-2016-4700 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4699.

9.3
2016-09-25 CVE-2016-4699 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4700.

9.3
2016-09-25 CVE-2016-4698 Apple Improper Input Validation vulnerability in Apple Iphone OS and mac OS X

AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3
2016-09-25 CVE-2016-4697 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

Apple HSSPI Support in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3
2016-09-25 CVE-2016-4696 Apple Null Pointer Dereference vulnerability in Apple mac OS X

AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

9.3
2016-09-19 CVE-2016-5814 Rockwellautomation Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Rockwellautomation products

Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix 500 Starter Edition, RSLogix 500 Standard Edition, and RSLogix 500 Professional Edition allows remote attackers to execute arbitrary code via a crafted RSS project file.

9.3
2016-09-22 CVE-2016-6373 Cisco OS Command Injection vulnerability in Cisco Cloud Services Platform 2100 2.0.0Base

The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva00541.

9.0
2016-09-21 CVE-2016-4965 Fortinet OS Command Injection vulnerability in Fortinet Fortiwan

Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php.

9.0
2016-09-21 CVE-2016-4384 HP Denial of Service vulnerability in HP Loadrunner and Performance Center

HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors.

9.0

34 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-09-19 CVE-2016-1483 Cisco Improper Input Validation vulnerability in Cisco Webex Meetings Server 2.6.0

Cisco WebEx Meetings Server 2.6 allows remote attackers to cause a denial of service (CPU consumption) by repeatedly accessing the account-validation component of an unspecified service, aka Bug ID CSCuy92704.

7.8
2016-09-25 CVE-2016-4694 Apple Improper Access Control vulnerability in Apple mac OS X and OS X Server

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue, a related issue to CVE-2016-5387.

7.5
2016-09-24 CVE-2016-6531 Opendental Credentials Management vulnerability in Opendental

** DISPUTED ** Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306.

7.5
2016-09-22 CVE-2016-6374 Cisco Improper Input Validation vulnerability in Cisco Cloud Services Platform 2100 2.0.0

Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers to execute arbitrary code via a crafted dnslookup command in an HTTP request, aka Bug ID CSCuz89093.

7.5
2016-09-22 CVE-2016-5281 Mozilla USE After Free vulnerability in Mozilla Firefox and Firefox ESR

Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.

7.5
2016-09-22 CVE-2016-5280 Mozilla USE After Free vulnerability in Mozilla Firefox and Firefox ESR

Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text.

7.5
2016-09-22 CVE-2016-5277 Mozilla USE After Free vulnerability in Mozilla Firefox and Firefox ESR

Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation.

7.5
2016-09-22 CVE-2016-5276 Mozilla USE After Free vulnerability in Mozilla Firefox and Firefox ESR

Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute.

7.5
2016-09-22 CVE-2016-5274 Mozilla USE After Free vulnerability in Mozilla Firefox and Firefox ESR

Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation.

7.5
2016-09-22 CVE-2016-5270 Mozilla Buffer Errors vulnerability in Mozilla Firefox and Firefox ESR

Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion.

7.5
2016-09-22 CVE-2016-5257 Mozilla Buffer Errors vulnerability in Mozilla Firefox and Firefox ESR

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

7.5
2016-09-22 CVE-2016-5256 Mozilla Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

7.5
2016-09-22 CVE-2016-6525 Debian
Artifex
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array.

7.5
2016-09-21 CVE-2016-4464 Apache Improper Access Control vulnerability in Apache CXF Fediz

The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature.

7.5
2016-09-21 CVE-2016-6354 Debian
Flex Project
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.

7.5
2016-09-21 CVE-2016-6250 Oracle
Libarchive
Integer Overflow OR Wraparound vulnerability in multiple products

Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.

7.5
2016-09-21 CVE-2015-8871 Debian
Uclouvain
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.

7.5
2016-09-21 CVE-2016-0917 EMC Permissions, Privileges, and Access Controls vulnerability in EMC products

The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE before 8.1.9.155, and Celerra (all supported versions) does not prevent duplicate NTLM challenge-response nonces, which makes it easier for remote attackers to execute arbitrary code, or read or write to files, via a series of authentication requests, a related issue to CVE-2010-0231.

7.5
2016-09-19 CVE-2016-4860 Yokogawa Improper Authentication vulnerability in Yokogawa Stardom Fcn/Fcj

Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of service via a (1) stop application program, (2) change value, or (3) modify application command.

7.5
2016-09-25 CVE-2016-4775 Apple Buffer Errors vulnerability in Apple mac OS X, Tvos and Watchos

The kernel in Apple OS X before 10.12, tvOS before 10, and watchOS before 3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.2
2016-09-25 CVE-2016-4716 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors.

7.2
2016-09-25 CVE-2016-4710 Apple Incorrect Type Conversion OR Cast vulnerability in Apple mac OS X

WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4709.

7.2
2016-09-25 CVE-2016-4709 Apple Incorrect Type Conversion OR Cast vulnerability in Apple mac OS X

WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4710.

7.2
2016-09-24 CVE-2016-5793 Moxa Unquoted Search Path OR Element vulnerability in Moxa Active OPC Server

Unquoted Windows search path vulnerability in Moxa Active OPC Server before 2.4.19 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory.

7.2
2016-09-22 CVE-2016-6414 Cisco OS Command Injection vulnerability in Cisco IOS 15.6(1)T1

iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options, aka Bug ID CSCuz59223.

7.2
2016-09-22 CVE-2016-6322 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Quickstart Cloud Installer

Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file.

7.2
2016-09-22 CVE-2016-5247 Lenovo 7PK - Security Features vulnerability in Lenovo Bios

The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key.

7.2
2016-09-21 CVE-2016-7154 XEN USE After Free vulnerability in XEN

Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number.

7.2
2016-09-21 CVE-2016-7093 XEN Permissions, Privileges, and Access Controls vulnerability in XEN 4.5.3/4.6.3/4.7.0

Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.

7.2
2016-09-21 CVE-2016-0920 EMC Command Injection vulnerability in EMC Avamar Server 7.2.0401/7.2.131/7.2.132

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration.

7.2
2016-09-21 CVE-2016-0905 EMC Permissions, Privileges, and Access Controls vulnerability in EMC Avamar Server 7.2.0401/7.2.131/7.2.132

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command.

7.2
2016-09-25 CVE-2016-4722 Apple Improper Input Validation vulnerability in Apple Iphone OS and mac OS X

The IDS - Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and cause a denial of service via unspecified vectors.

7.1
2016-09-22 CVE-2016-6669 Huawei Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Huawei products

Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet.

7.1
2016-09-21 CVE-2016-6158 Huawei Cross-Site Request Forgery (CSRF) vulnerability in Huawei Ws331A Router Firmware Ws331A10V100R001C02B017Sp01

Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allow remote attackers to hijack the authentication of administrators for requests that (1) restore factory settings or (2) reboot the device via unspecified vectors.

7.1

116 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-09-21 CVE-2016-0921 EMC Permissions, Privileges, and Access Controls vulnerability in EMC Avamar Server 7.2.0401/7.2.131/7.2.132

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by replacing a script with a Trojan horse program.

6.9
2016-09-19 CVE-2016-4526 Trane Uncontrolled Search Path Element vulnerability in Trane Tracer SC

ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory.

6.9
2016-09-25 CVE-2016-7549 Google Denial of Service vulnerability in Google Chrome

Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message.

6.8
2016-09-25 CVE-2016-5175 Google Multiple Security vulnerability in Google Chrome Prior to 53.0.2785.113

Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

6.8
2016-09-25 CVE-2016-5173 Google Improper Access Control vulnerability in Google Chrome

The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.

6.8
2016-09-25 CVE-2016-5171 Google USE After Free vulnerability in Google Chrome

WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.

6.8
2016-09-25 CVE-2016-5170 Google USE After Free vulnerability in Google Chrome

WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.

6.8
2016-09-25 CVE-2016-5169 Google Remote Format String vulnerability in Google Chrome OS

Format string vulnerability in Google Chrome OS before 53.0.2785.103 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8
2016-09-25 CVE-2016-4779 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

Apple Type Services (ATS) in Apple OS X before 10.12 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

6.8
2016-09-25 CVE-2016-4769 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Safari

WebKit in Apple iTunes before 12.5.1 on Windows and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

6.8
2016-09-25 CVE-2016-4768 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4767.

6.8
2016-09-25 CVE-2016-4767 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4768.

6.8
2016-09-25 CVE-2016-4766 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767, and CVE-2016-4768.

6.8
2016-09-25 CVE-2016-4765 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.

6.8
2016-09-25 CVE-2016-4762 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, iCloud before 6.0 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

6.8
2016-09-25 CVE-2016-4759 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4765, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.

6.8
2016-09-25 CVE-2016-4728 Apple
Microsoft
Improper Input Validation vulnerability in Apple products

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site.

6.8
2016-09-25 CVE-2016-4611 Apple Buffer Errors vulnerability in Apple Iphone OS, Safari and Tvos

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4730, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.

6.8
2016-09-24 CVE-2016-4845 Iodata Cross-Site Request Forgery (CSRF) vulnerability in Iodata products

Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of arbitrary users for requests that delete content.

6.8
2016-09-24 CVE-2016-6413 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Application Policy Infrastructure Controller 1.3(2F)

The installation procedure on Cisco Application Policy Infrastructure Controller (APIC) devices 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCva50496.

6.8
2016-09-24 CVE-2016-6410 Cisco Improper Input Validation vulnerability in Cisco IOS 15.5(2)T

The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuy19856.

6.8
2016-09-22 CVE-2016-5283 Mozilla Improper Access Control vulnerability in Mozilla Firefox

Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized.

6.8
2016-09-22 CVE-2016-5278 Mozilla Buffer Errors vulnerability in Mozilla Firefox and Firefox ESR

Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image.

6.8
2016-09-22 CVE-2016-5275 Mozilla Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox

Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code by leveraging improper interaction between empty filters and CANVAS element rendering.

6.8
2016-09-22 CVE-2016-5273 Mozilla Improper Access Control vulnerability in Mozilla Firefox

The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site.

6.8
2016-09-22 CVE-2016-5272 Mozilla Improper Input Validation vulnerability in Mozilla Firefox and Firefox ESR

The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site.

6.8
2016-09-22 CVE-2016-6824 Huawei Improper Input Validation vulnerability in Huawei products

Huawei AC6003, AC6005, AC6605, and ACU2 access controllers with software before V200R006C10SPC200 allows remote authenticated users to cause a denial of service (device restart) via crafted CAPWAP packets.

6.8
2016-09-21 CVE-2016-3991 Oracle
Libtiff
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles.

6.8
2016-09-21 CVE-2016-3990 Libtiff
Oracle
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp.

6.8
2016-09-21 CVE-2016-3945 Libtiff
Oracle
Integer Overflow OR Wraparound vulnerability in multiple products

Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write.

6.8
2016-09-21 CVE-2016-3632 Libtiff
Oracle
Out-Of-Bounds Write vulnerability in multiple products

The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image.

6.8
2016-09-21 CVE-2016-7163 Uclouvain
Debian
Fedoraproject
Out-Of-Bounds Read vulnerability in multiple products

Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.

6.8
2016-09-21 CVE-2016-7143 Debian
Charybdis Project
Improper Authorization vulnerability in multiple products

The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.

6.8
2016-09-21 CVE-2016-7092 XEN Permissions, Privileges, and Access Controls vulnerability in XEN

The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables.

6.8
2016-09-21 CVE-2016-6801 Apache
Debian
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header.

6.8
2016-09-21 CVE-2016-6159 Huawei Improper Authentication vulnerability in Huawei Ws331A Router Firmware

The management interface of Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allows remote attackers to bypass authentication and obtain administrative access by sending "special packages" to the LAN interface.

6.8
2016-09-21 CVE-2016-5017 Apache Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apache Zookeeper

Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string.

6.8
2016-09-21 CVE-2016-4302 Redhat
Libarchive
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.

6.8
2016-09-21 CVE-2016-4301 Libarchive Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libarchive

Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.

6.8
2016-09-21 CVE-2016-4300 Libarchive
Redhat
Integer Overflow OR Wraparound vulnerability in multiple products

Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.

6.8
2016-09-21 CVE-2015-8960 Apple
Google
Microsoft
Mozilla
Opera
Cryptographic Issues vulnerability in multiple products

The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue.

6.8
2016-09-20 CVE-2015-8931 Libarchive
Suse
Canonical
Debian
Integer Overflow OR Wraparound vulnerability in multiple products

Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.

6.8
2016-09-21 CVE-2016-0903 EMC Information Exposure vulnerability in EMC Avamar Server 7.2.0401/7.2.131/7.2.132

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data via a modified client agent.

6.4
2016-09-21 CVE-2016-4382 HP Permissions, Privileges, and Access Controls vulnerability in HP Performance Center

HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to a "remote user validation failure" issue.

6.0
2016-09-25 CVE-2016-4776 Apple Out-Of-Bounds Read vulnerability in Apple products

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4774.

5.8
2016-09-25 CVE-2016-4774 Apple Out-Of-Bounds Read vulnerability in Apple products

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4776.

5.8
2016-09-25 CVE-2016-4773 Apple Out-Of-Bounds Read vulnerability in Apple products

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4774 and CVE-2016-4776.

5.8
2016-09-25 CVE-2016-4725 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted web site.

5.8
2016-09-25 CVE-2016-4772 Apple Resource Management Errors vulnerability in Apple products

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.

5.0
2016-09-25 CVE-2016-4754 Apple Cryptographic Issues vulnerability in Apple OS X Server

ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.

5.0
2016-09-25 CVE-2016-4745 Apple Information Exposure vulnerability in Apple mac OS X

The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack.

5.0
2016-09-25 CVE-2016-4717 Apple Multiple Security vulnerability in Apple Mac OS X APPLE-SA-2016-09-20

The File Bookmark component in Apple OS X before 10.12 mishandles scoped-bookmark file descriptors, which allows attackers to cause a denial of service via a crafted app.

5.0
2016-09-25 CVE-2016-4711 Apple Improper Input Validation vulnerability in Apple Iphone OS and mac OS X

CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output.

5.0
2016-09-24 CVE-2016-6411 Cisco Improper Input Validation vulnerability in Cisco Firesight System Software 6.0.1

Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585.

5.0
2016-09-21 CVE-2016-5427 Powerdns Resource Management Errors vulnerability in Powerdns Authoritative

PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a .

5.0
2016-09-21 CVE-2016-5426 Powerdns Resource Management Errors vulnerability in Powerdns Authoritative

PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname.

5.0
2016-09-21 CVE-2016-5418 Redhat
Oracle
Libarchive
Improper Input Validation vulnerability in multiple products

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.

5.0
2016-09-21 CVE-2016-4809 Redhat
Oracle
Libarchive
Improper Input Validation vulnerability in multiple products

The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.

5.0
2016-09-21 CVE-2016-0904 EMC Information Exposure vulnerability in EMC Avamar Server 7.2.0401/7.2.131/7.2.132

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server traffic information by leveraging knowledge of this key from another installation.

5.0
2016-09-20 CVE-2016-6802 Apache Improper Access Control vulnerability in Apache Shiro 1.3.1

Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path.

5.0
2016-09-20 CVE-2015-8930 Suse
Libarchive
Canonical
Improper Input Validation vulnerability in multiple products

bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.

5.0
2016-09-20 CVE-2015-8921 Novell
Libarchive
Canonical
Out-Of-Bounds Read vulnerability in multiple products

The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.

5.0
2016-09-20 CVE-2015-8919 Canonical
Libarchive
Novell
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.

5.0
2016-09-20 CVE-2015-8918 Novell
Libarchive
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."

5.0
2016-09-20 CVE-2015-8917 Debian
Libarchive
Canonical
Null Pointer Dereference vulnerability in multiple products

bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.

5.0
2016-09-19 CVE-2016-6537 Aver Information Exposure vulnerability in Aver Eh6108H+ Firmware X9.03.24.00.07L

AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings.

5.0
2016-09-19 CVE-2016-6415 Cisco Information Exposure vulnerability in Cisco IOS XE

The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.

5.0
2016-09-19 CVE-2016-0870 Trane Information Exposure vulnerability in Trane Tracer SC

The web server in Trane Tracer SC 4.2.1134 and earlier allows remote attackers to read sensitive configuration files via a direct request.

5.0
2016-09-25 CVE-2016-4763 Apple
Microsoft
Cryptographic Issues vulnerability in Apple Iphone OS, Itunes and Safari

WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

4.9
2016-09-25 CVE-2016-4706 Apple Improper Input Validation vulnerability in Apple mac OS X

cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors.

4.9
2016-09-25 CVE-2016-4748 Apple 7PK - Security Features vulnerability in Apple mac OS X

Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable.

4.6
2016-09-25 CVE-2016-5174 Google Improper Input Validation vulnerability in Google Chrome

browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.

4.3
2016-09-25 CVE-2016-5172 Google Information Exposure vulnerability in Google Chrome

The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.

4.3
2016-09-25 CVE-2016-4771 Apple Information Exposure vulnerability in Apple Iphone OS and mac OS X

The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname.

4.3
2016-09-25 CVE-2016-4760 Apple
Microsoft
Improper Access Control vulnerability in Apple Iphone OS, Itunes and Safari

WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support.

4.3
2016-09-25 CVE-2016-4758 Apple
Microsoft
Information Exposure vulnerability in Apple Iphone OS, Itunes and Safari

WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.

4.3
2016-09-25 CVE-2016-4752 Apple Information Exposure vulnerability in Apple mac OS X

The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering key derivation.

4.3
2016-09-25 CVE-2016-4751 Apple 7PK - Security Features vulnerability in Apple Safari

The Safari Tabs component in Apple Safari before 10 allows remote attackers to spoof the address bar of a tab via a crafted web site.

4.3
2016-09-25 CVE-2016-4742 Apple Information Exposure vulnerability in Apple mac OS X

NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app.

4.3
2016-09-25 CVE-2016-4739 Apple Information Exposure vulnerability in Apple mac OS X

mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface.

4.3
2016-09-25 CVE-2016-4718 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file.

4.3
2016-09-25 CVE-2016-4715 Apple Information Exposure vulnerability in Apple mac OS X

The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app.

4.3
2016-09-25 CVE-2016-4713 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access.

4.3
2016-09-25 CVE-2016-4708 Apple Information Exposure vulnerability in Apple products

CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response.

4.3
2016-09-25 CVE-2016-4618 Apple Cross-Site Scripting vulnerability in Apple Iphone OS and Safari

Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."

4.3
2016-09-24 CVE-2016-6412 Cisco Improper Input Validation vulnerability in Cisco IOS 15.6(1)T1

The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows man-in-the-middle attackers to trigger arbitrary downloads via crafted HTTP headers, aka Bug ID CSCuz84773.

4.3
2016-09-24 CVE-2016-6409 Cisco Resource Management Errors vulnerability in Cisco IOS 15.6(1)T

The Data in Motion (DMo) component in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service (out-of-bounds access) via crafted traffic, aka Bug ID CSCuy54015.

4.3
2016-09-24 CVE-2016-6408 Cisco XXE vulnerability in Cisco Prime Home 5.2.0

Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCvb17814.

4.3
2016-09-22 CVE-2016-5284 Mozilla Improper Input Validation vulnerability in Mozilla Firefox and Firefox ESR

Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.

4.3
2016-09-22 CVE-2016-5282 Mozilla Information Exposure vulnerability in Mozilla Firefox

Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.

4.3
2016-09-22 CVE-2016-5279 Mozilla Information Exposure vulnerability in Mozilla Firefox

Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code.

4.3
2016-09-22 CVE-2016-5271 Mozilla Out-Of-Bounds Read vulnerability in Mozilla Firefox

The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a "display: contents" Cascading Style Sheets (CSS) property.

4.3
2016-09-22 CVE-2016-2827 Mozilla Out-Of-Bounds Read vulnerability in Mozilla Firefox

The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a Content Security Policy (CSP) referrer directive with zero values.

4.3
2016-09-22 CVE-2014-2146 Cisco Improper Input Validation vulnerability in Cisco IOS XE

The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.

4.3
2016-09-22 CVE-2016-6265 Artifex
Opensuse
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

4.3
2016-09-21 CVE-2016-7166 Redhat
Libarchive
Oracle
Resource Management Errors vulnerability in multiple products

libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.

4.3
2016-09-21 CVE-2016-5844 Libarchive
Redhat
Oracle
Integer Overflow OR Wraparound vulnerability in multiple products

Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.

4.3
2016-09-21 CVE-2016-4969 Fortinet Cross-Site Scripting vulnerability in Fortinet Fortiwan

Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to script/statistics/getconn.php.

4.3
2016-09-20 CVE-2015-8934 Suse
Canonical
Libarchive
Out-Of-Bounds Read vulnerability in multiple products

The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.

4.3
2016-09-20 CVE-2015-8933 Libarchive
Suse
Canonical
Integer Overflow OR Wraparound vulnerability in multiple products

Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.

4.3
2016-09-20 CVE-2015-8932 Canonical
Debian
Suse
Libarchive
Improper Input Validation vulnerability in multiple products

The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.

4.3
2016-09-20 CVE-2015-8929 Suse
Libarchive
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.

4.3
2016-09-20 CVE-2015-8928 Canonical
Libarchive
Suse
Out-Of-Bounds Read vulnerability in multiple products

The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.

4.3
2016-09-20 CVE-2015-8927 Libarchive Out-Of-Bounds Read vulnerability in Libarchive

The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted zip file, related to reading the password.

4.3
2016-09-20 CVE-2015-8926 Canonical
Suse
Libarchive
Null Pointer Dereference vulnerability in multiple products

The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.

4.3
2016-09-20 CVE-2015-8925 Canonical
Libarchive
Suse
Out-Of-Bounds Read vulnerability in multiple products

The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.

4.3
2016-09-20 CVE-2015-8924 Libarchive
Novell
Canonical
Out-Of-Bounds Read vulnerability in multiple products

The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.

4.3
2016-09-20 CVE-2015-8923 Libarchive
Novell
Canonical
Improper Input Validation vulnerability in multiple products

The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.

4.3
2016-09-20 CVE-2015-8922 Libarchive
Novell
Canonical
Oracle
Null Pointer Dereference vulnerability in multiple products

The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.

4.3
2016-09-20 CVE-2015-8920 Novell
Canonical
Libarchive
Out-Of-Bounds Read vulnerability in multiple products

The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.

4.3
2016-09-20 CVE-2015-8916 Canonical
Debian
Libarchive
Null Pointer Dereference vulnerability in multiple products

bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file.

4.3
2016-09-20 CVE-2015-8915 Libarchive Out-Of-Bounds Read vulnerability in Libarchive

bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.

4.3
2016-09-24 CVE-2016-0918 EMC Information Exposure vulnerability in EMC products

EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Popup information via a modified URL.

4.0
2016-09-21 CVE-2016-4968 Fortinet Information Exposure vulnerability in Fortinet Fortiwan

The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request.

4.0
2016-09-21 CVE-2016-4967 Fortinet Information Exposure vulnerability in Fortinet Fortiwan

Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sensitive information from (1) a backup of the device configuration via script/cfg_show.php or (2) PCAP files via script/system/tcpdump.php.

4.0
2016-09-21 CVE-2016-4966 Fortinet Improper Authentication vulnerability in Fortinet Fortiwan

The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter.

4.0

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-09-21 CVE-2016-0925 EMC Cross-Site Scripting vulnerability in EMC RSA Adaptive Authentication On-Premise

Cross-site scripting (XSS) vulnerability in the Case Management application in EMC RSA Adaptive Authentication (On-Premise) before 6.0.2.1.SP3.P4 HF210, 7.0.x and 7.1.x before 7.1.0.0.SP0.P6 HF50, and 7.2.x before 7.2.0.0.SP0.P0 HF20 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2016-09-25 CVE-2016-4755 Apple Information Exposure vulnerability in Apple mac OS X

Terminal in Apple OS X before 10.12 uses weak permissions for the .bash_history and .bash_session files, which allows local users to obtain sensitive information via unspecified vectors.

2.1
2016-09-25 CVE-2016-4707 Apple Information Exposure vulnerability in Apple Iphone OS and mac OS X

CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors.

2.1
2016-09-25 CVE-2016-4701 Apple Improper Input Validation vulnerability in Apple mac OS X

Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable.

2.1
2016-09-22 CVE-2016-6340 Redhat 7PK - Security Features vulnerability in Redhat Quickstart Cloud Installer

The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack.

2.1
2016-09-21 CVE-2016-7094 XEN Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in XEN

Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.

1.5