Weekly Vulnerabilities Reports > September 26 to October 2, 2016

Overview

83 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 14 high severity vulnerabilities. This weekly summary report vulnerabilities in 117 products from 37 vendors including IBM, Openssl, Huawei, Debian, and Redhat. Vulnerabilities are notably categorized as "Cross-site Scripting", "Information Exposure", "Improper Input Validation", "Improper Access Control", and "Permissions, Privileges, and Access Controls".

  • 77 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 29 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 49 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 30 reported vulnerabilities.
  • Redhat has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

5 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-09-27 CVE-2016-6137 SAP Remote Command Execution vulnerability in SAP Trex 7.10

An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591.

10.0
2016-09-26 CVE-2016-6980 Adobe Use After Free vulnerability in Adobe Digital Editions

Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4263.

10.0
2016-09-27 CVE-2016-6330 Redhat Deserialization of Untrusted Data vulnerability in Redhat Jboss Operations Network

The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization.

9.8
2016-09-26 CVE-2016-6309 Openssl Use After Free vulnerability in Openssl 1.1.0A

statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.

9.8
2016-09-29 CVE-2016-5062 Aternity Incorrect Resource Transfer Between Spheres vulnerability in Aternity 9.0

The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans.

9.3

14 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-09-28 CVE-2016-2776 Oracle
ISC
HP
Improper Input Validation vulnerability in multiple products

buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.

7.8
2016-09-29 CVE-2016-4385 HP Deserialization of Untrusted Data vulnerability in HP Network Automation

The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) and Commons BeanUtils libraries.

7.5
2016-09-28 CVE-2016-7568 Libgd
PHP
Debian
Integer Overflow or Wraparound vulnerability in multiple products

Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.

7.5
2016-09-26 CVE-2016-7052 Novell
Openssl
Nodejs
NULL Pointer Dereference vulnerability in multiple products

crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.

7.5
2016-09-26 CVE-2016-6305 Openssl Improper Input Validation vulnerability in Openssl 1.1.0

The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.

7.5
2016-09-26 CVE-2016-6304 Openssl
Nodejs
Novell
Memory Leak vulnerability in multiple products

Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.

7.5
2016-09-26 CVE-2016-4972 Openstack Improper Input Validation vulnerability in Openstack products

OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files, which allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages.

7.5
2016-09-26 CVE-2016-4303 Iperf3 Project
Novell
Opensuse
Debian
Classic Buffer Overflow vulnerability in multiple products

The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.

7.5
2016-09-26 CVE-2016-3110 Redhat
Fedoraproject
Improper Input Validation vulnerability in multiple products

mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element.

7.5
2016-09-27 CVE-2016-4978 Apache
Redhat
Deserialization of Untrusted Data vulnerability in multiple products

The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath.

7.2
2016-09-26 CVE-2016-6276 Citrix Permissions, Privileges, and Access Controls vulnerability in Citrix Linux Virtual Delivery Agent

Citrix Linux Virtual Delivery Agent (aka VDA, formerly Linux Virtual Desktop) before 1.4.0 allows local users to gain root privileges via unspecified vectors.

7.2
2016-09-26 CVE-2016-6826 Huawei Improper Access Control vulnerability in Huawei Anyoffice Secureapp 2.5.0301.0190/2.5.0501.0190

Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a denial of service (application crash) via a crafted compressed email attachment.

7.1
2016-09-26 CVE-2016-6172 Opensuse
Powerdns
Resource Exhaustion vulnerability in multiple products

PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.

7.1
2016-09-26 CVE-2016-8279 Huawei Improper Access Control vulnerability in Huawei Honor6 Firmware, Mate S Firmware and P8 Firmware

The video driver in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B362, CRR-UL20 before CRR-UL20C00B362, CRR-CL00 before CRR-CL00C92B362, and CRR-CL20 before CRR-CL20C92B362; P8 smartphones with software GRA-TL00 before GRA-TL00C01B366, GRA-UL00 before GRA-UL00C00B366, GRA-UL10 before GRA-UL10C00B366, and GRA-CL00 before GRA-CL00C92B366; and Honor 6 and Honor 6 Plus smartphones with software before 6.9.16 allows attackers to cause a denial of service (device reboot) via a crafted application.

7.1

49 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-10-01 CVE-2016-5995 IBM
HP
Linux
Permissions, Privileges, and Access Controls vulnerability in IBM DB2 and DB2 Connect

Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program.

6.9
2016-09-29 CVE-2016-4386 HP Local Security Bypass vulnerability in HP Network Automation 10.10

HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors.

6.9
2016-09-30 CVE-2016-6637 Pivotal Software
Cloudfoundry
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page.

6.8
2016-09-26 CVE-2016-6901 Huawei Improper Input Validation vulnerability in Huawei AR Firmware and Netengine 16Ex Firmware

Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of service via format string specifiers in vectors involving partial commands.

6.8
2016-09-26 CVE-2016-7098 GNU Race Condition vulnerability in GNU Wget

Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.

6.8
2016-09-26 CVE-2016-3007 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Connections

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users.

6.8
2016-09-30 CVE-2016-6651 Pivotal Software
Cloudfoundry
Permissions, Privileges, and Access Controls vulnerability in multiple products

The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allows remote authenticated users to gain privileges by leveraging possession of a token.

6.5
2016-09-29 CVE-2016-5176 Google Improper Access Control vulnerability in Google Chrome

Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.

6.5
2016-09-27 CVE-2016-7498 Openstack Resource Management Errors vulnerability in Openstack Compute (Nova) 13.0.0

OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.

6.5
2016-09-26 CVE-2016-5406 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform

The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves.

6.5
2016-09-26 CVE-2016-5963 IBM Improper Access Control vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.0

IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 does not properly validate updates, which allows remote authenticated users to execute arbitrary code via unspecified vectors.

6.5
2016-09-26 CVE-2016-6308 Openssl Resource Management Errors vulnerability in Openssl 1.1.0

statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages.

5.9
2016-09-26 CVE-2016-6307 Openssl Resource Exhaustion vulnerability in Openssl 1.1.0

The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c.

5.9
2016-09-26 CVE-2016-6306 Openssl
HP
Novell
Nodejs
Debian
Canonical
Out-of-bounds Read vulnerability in multiple products

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.

5.9
2016-09-26 CVE-2016-6153 Sqlite
Fedoraproject
Opensuse
Improper Input Validation vulnerability in multiple products

os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.

5.9
2016-09-26 CVE-2016-5971 IBM Information Exposure vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.0/2.0.2

IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

5.5
2016-09-26 CVE-2016-5943 IBM Improper Access Control vulnerability in IBM Spectrum Control

IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to bypass intended access restrictions, and read task details or edit properties, via unspecified vectors.

5.5
2016-09-26 CVE-2016-5746 Opensuse
Yast
libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf.
5.1
2016-10-01 CVE-2016-5986 IBM Information Exposure vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors.

5.0
2016-09-30 CVE-2016-6636 Pivotal Software
Cloudfoundry
Open Redirect vulnerability in multiple products

The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain.

5.0
2016-09-27 CVE-2016-7444 GNU Permissions, Privileges, and Access Controls vulnerability in GNU Gnutls

The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.

5.0
2016-09-27 CVE-2016-7045 Irssi
Debian
Canonical
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string.

5.0
2016-09-27 CVE-2016-7044 Irssi
Debian
Canonical
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code.

5.0
2016-09-27 CVE-2016-6146 SAP Information Exposure vulnerability in SAP Trex 7.10

The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to obtain sensitive TNS information via an unspecified query, aka SAP Security Note 2234226.

5.0
2016-09-26 CVE-2016-6142 SAP Security Bypass vulnerability in SAP Hana 1.00.73.00.389160

SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459.

5.0
2016-09-26 CVE-2016-3639 SAP Information Exposure vulnerability in SAP Hana DB 1.00.091.00.1418659308

SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128.

5.0
2016-09-26 CVE-2016-7162 Canonical
File Roller Project
Improper Input Validation vulnerability in multiple products

The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.

5.0
2016-09-26 CVE-2016-6518 Huawei Resource Management Errors vulnerability in Huawei products

Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, and S12700 devices allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of malformed packets.

5.0
2016-09-26 CVE-2016-5996 IBM Weak Password Recovery Mechanism for Forgotten Password vulnerability in IBM Tealeaf Customer Experience

The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not enforce password-length restrictions, which makes it easier for remote attackers to obtain access via a brute-force attack.

5.0
2016-09-26 CVE-2016-5957 IBM Cryptographic Issues vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.0/2.0.2

IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by leveraging a weak algorithm.

5.0
2016-09-26 CVE-2016-5977 IBM Open Redirect vulnerability in IBM Tealeaf Customer Experience

Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

4.9
2016-09-26 CVE-2016-5972 IBM Improper Access Control vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.0/2.0.2

IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

4.9
2016-09-26 CVE-2016-3040 IBM Open Redirect vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.0

IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

4.9
2016-09-30 CVE-2016-0617 Oracle Unspecified vulnerability in Oracle Linux 6.0

Unspecified vulnerability in the kernel-uek component in Oracle Linux 6 allows local users to affect availability via unknown vectors.

4.6
2016-09-29 CVE-2016-7090 Siemens Information Exposure vulnerability in Siemens Scalance M-800 Firmware and Scalance S615 Firmware

The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

4.3
2016-09-29 CVE-2016-5061 Aternity Cross-site Scripting vulnerability in Aternity 9.0

Multiple cross-site scripting (XSS) vulnerabilities in the web server in Aternity before 9.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTPAgent, (2) MacAgent, (3) getExternalURL, or (4) retrieveTrustedUrl page.

4.3
2016-09-28 CVE-2016-7191 Microsoft Improper Authentication vulnerability in Microsoft Azure Active Directory Passport

The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD) library 1.x before 1.4.6 and 2.x before 2.0.1 for Node.js does not recognize the validateIssuer setting, which allows remote attackers to bypass authentication via a crafted token.

4.3
2016-09-26 CVE-2016-7142 Inspircd
Debian
Permissions, Privileges, and Access Controls vulnerability in multiple products

The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message.

4.3
2016-09-26 CVE-2016-6840 Huawei Cross-site Scripting vulnerability in Huawei Oceanstor ISM V200R001C01/V200R001C02/V200R001C03

Cross-site scripting (XSS) vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName parameter to cgi-bin/doLogin_CgiEntry and possibly other unspecified vectors.

4.3
2016-09-26 CVE-2016-4993 Redhat CRLF Injection vulnerability in Redhat products

CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

4.3
2016-09-26 CVE-2016-0248 IBM Information Exposure vulnerability in IBM Security Guardium 10.0/9.0

IBM Security Guardium 9.0 before p700 and 10.0 before p100 allows man-in-the-middle attackers to obtain sensitive query-string information from SSL sessions via unspecified vectors.

4.3
2016-09-26 CVE-2016-6038 IBM Path Traversal vulnerability in IBM AIX 5.3/6.1/7.1

Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL.

4.0
2016-09-26 CVE-2016-6827 Huawei Information Exposure vulnerability in Huawei Fusioncompute

Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

4.0
2016-09-26 CVE-2016-5997 IBM Weak Password Recovery Mechanism for Forgotten Password vulnerability in IBM Tealeaf Customer Experience

The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not apply password-quality rules to password changes, which makes it easier for remote attackers to obtain access via a brute-force attack.

4.0
2016-09-26 CVE-2016-5970 IBM Path Traversal vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.0/2.0.2

Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a ..

4.0
2016-09-26 CVE-2016-5946 IBM Information Exposure vulnerability in IBM products

Directory traversal vulnerability in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to read arbitrary files via a ..

4.0
2016-09-26 CVE-2016-5945 IBM Improper Access Control vulnerability in IBM products

IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to upload non-executable files via a crafted HTTP request.

4.0
2016-09-26 CVE-2016-3000 IBM Improper Input Validation vulnerability in IBM Connections

The help service in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to cause a denial of service (service degradation) via a crafted URL.

4.0
2016-09-26 CVE-2016-2999 IBM Information Exposure vulnerability in IBM Connections

IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to obtain sensitive information via an unspecified brute-force attack.

4.0

15 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-10-01 CVE-2016-3042 IBM Cross-site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving OpenID Connect clients.

3.5
2016-09-30 CVE-2016-6647 EMC Cross-site Scripting vulnerability in EMC Vipr SRM 3.6.0/3.6.4/4.0

Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2016-09-27 CVE-2016-4058 Huawei Cross-site Scripting vulnerability in Huawei Policy Center V100R003C00/V100R003C10

Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to "special characters on pages."

3.5
2016-09-26 CVE-2016-6913 Alienvault Cross-site Scripting vulnerability in Alienvault products

Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before 5.3 and USM before 5.3 allows remote attackers to inject arbitrary web script or HTML via the back parameter to ossim/conf/reload.php.

3.5
2016-09-26 CVE-2016-5395 Apache Cross-site Scripting vulnerability in Apache Ranger

Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.

3.5
2016-09-26 CVE-2016-5978 IBM Cross-site Scripting vulnerability in IBM Tealeaf Customer Experience

Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-5975.

3.5
2016-09-26 CVE-2016-5975 IBM Cross-site Scripting vulnerability in IBM Tealeaf Customer Experience

Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-5978.

3.5
2016-09-26 CVE-2016-5974 IBM Cross-site Scripting vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.0/2.0.2

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string.

3.5
2016-09-26 CVE-2016-5947 IBM Improper Input Validation vulnerability in IBM products

IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.

3.5
2016-09-26 CVE-2016-5944 IBM Cross-site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string.

3.5
2016-09-26 CVE-2016-3006 IBM Cross-site Scripting vulnerability in IBM Connections

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3001 and CVE-2016-3003.

3.5
2016-09-26 CVE-2016-3003 IBM Cross-site Scripting vulnerability in IBM Connections

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3001 and CVE-2016-3006.

3.5
2016-09-26 CVE-2016-3001 IBM Cross-site Scripting vulnerability in IBM Connections

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3003 and CVE-2016-3006.

3.5
2016-09-26 CVE-2016-0379 IBM Data Processing Errors vulnerability in IBM Websphere MQ

IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a denial of service (channel outage) by leveraging queue-manager rights.

3.5
2016-09-26 CVE-2016-5976 IBM Information Exposure vulnerability in IBM Tealeaf Customer Experience

The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to discover component passwords via unspecified vectors.

2.6