Weekly Vulnerabilities Reports > October 31 to November 6, 2016
Overview
58 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 11 high severity vulnerabilities. This weekly summary report vulnerabilities in 68 products from 29 vendors including Cisco, Debian, Qemu, Opensuse, and Exponentcms. Vulnerabilities are notably categorized as "Information Exposure", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Unrestricted Upload of File with Dangerous Type", "Out-of-bounds Read", and "Cross-site Scripting".
- 47 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities have public exploit available.
- 11 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 47 reported vulnerabilities are exploitable by an anonymous user.
- Cisco has the most reported vulnerabilities, with 10 reported vulnerabilities.
- Google has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
8 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2016-11-03 | CVE-2016-6452 | Cisco | Improper Authentication vulnerability in Cisco Prime Home 5.0Base/5.1Base/5.2.0 A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. | 10.0 |
2016-11-03 | CVE-2016-6441 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS XE A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the affected system. | 10.0 |
2016-11-03 | CVE-2015-8969 | Square Squareup | Command Injection vulnerability in Squareup Git-Fastclone 1.0.0/1.0.1 git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. | 10.0 |
2016-10-31 | CVE-2016-7990 | Google Samsung | 7PK - Errors vulnerability in Google Android On Samsung Galaxy S4 through S7 devices, an integer overflow condition exists within libomacp.so when parsing OMACP messages (within WAP Push SMS messages) leading to a heap corruption that can result in Denial of Service and potentially remote code execution, a subset of SVE-2016-6542. | 10.0 |
2016-11-04 | CVE-2016-8869 | Joomla | Improper Input Validation vulnerability in Joomla Joomla! The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site. | 9.8 |
2016-11-04 | CVE-2016-9176 | Microfocus | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microfocus Rumba 7.4.0/9.4/9.4.0 Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execute code. | 9.8 |
2016-11-03 | CVE-2015-8968 | Square Squareup | Command Injection vulnerability in Squareup Git-Fastclone 1.0.0 git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. | 9.3 |
2016-11-01 | CVE-2016-7855 | Adobe Apple Linux Microsoft Redhat | Use After Free vulnerability in multiple products Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016. | 9.3 |
11 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2016-11-04 | CVE-2016-8870 | Joomla | Improper Input Validation vulnerability in Joomla Joomla! The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting. | 8.1 |
2016-11-03 | CVE-2016-7160 | Samsung | NULL Pointer Dereference vulnerability in Samsung Mobile 6.0 A vulnerability on Samsung Mobile M(6.0) devices exists because external access to SystemUI activities is not properly restricted, leading to a SystemUI crash and device restart, aka SVE-2016-6248. | 7.8 |
2016-10-31 | CVE-2016-8203 | Brocade | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Brocade Netiron OS 6.0.00/6.0.00A A memory corruption in the IPsec code path of Brocade NetIron OS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a images could allow attackers to cause a denial of service (line card reset) via certain constructed IPsec control packets. | 7.8 |
2016-10-31 | CVE-2016-7991 | Google Samsung | 7PK - Errors vulnerability in Google Android On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542. | 7.8 |
2016-10-31 | CVE-2016-7989 | Google Samsung | 7PK - Security Features vulnerability in Google Android On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the WifiServiceImpl class within wifi-service.jar. | 7.8 |
2016-10-31 | CVE-2016-7988 | Google Samsung | Permission Issues vulnerability in Google Android On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configuration messages being handled by wifi-service.jar within the Android Framework, a subset of SVE-2016-6542. | 7.8 |
2016-11-03 | CVE-2016-6448 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Meeting Server A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. | 7.5 |
2016-11-03 | CVE-2016-6447 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Meeting APP and Meeting Server A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. | 7.5 |
2016-11-03 | CVE-2016-7453 | Exponentcms | SQL Injection vulnerability in Exponentcms Exponent CMS The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection. | 7.5 |
2016-11-03 | CVE-2016-7402 | Sybase | Permissions, Privileges, and Access Controls vulnerability in Sybase Adaptive Server Enterprise SAP ASE 16.0 SP02 PL03 and prior versions allow attackers who own SourceDB and TargetDB databases to elevate privileges to sa (system administrator) via dbcc import_sproc SQL injection. | 7.5 |
2016-11-03 | CVE-2016-7095 | Exponentcms | Unrestricted Upload of File with Dangerous Type vulnerability in Exponentcms Exponent CMS Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution. | 7.5 |
35 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2016-11-04 | CVE-2016-9190 | Python Debian | Improper Access Control vulnerability in multiple products Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. | 6.8 |
2016-10-31 | CVE-2016-8878 | Foxitsoftware | Out-of-bounds Read vulnerability in Foxitsoftware Phantompdf and Reader Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedded in the XFA stream in a PDF document, aka "Data from Faulting Address may be used as a return value starting at FOXITREADER." | 6.8 |
2016-10-31 | CVE-2016-8877 | Foxitsoftware | Out-of-bounds Write vulnerability in Foxitsoftware Phantompdf and Reader Heap buffer overflow (Out-of-Bounds write) vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted JPEG2000 image embedded in a PDF document, aka a "corrupted suffix pattern" issue. | 6.8 |
2016-10-31 | CVE-2016-8876 | Foxitsoftware | Out-of-bounds Read vulnerability in Foxitsoftware Phantompdf and Reader Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF image embedded in the XFA stream in a PDF document, aka "Read Access Violation starting at FoxitReader." | 6.8 |
2016-11-03 | CVE-2016-6430 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco IP Interoperability and Collaboration System A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. | 6.6 |
2016-11-04 | CVE-2016-9187 | Moodle | Unrestricted Upload of File with Dangerous Type vulnerability in Moodle Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. | 6.5 |
2016-11-04 | CVE-2016-9186 | Moodle | Unrestricted Upload of File with Dangerous Type vulnerability in Moodle Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. | 6.5 |
2016-11-04 | CVE-2016-8910 | Qemu Debian Opensuse Redhat | Infinite Loop vulnerability in multiple products The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count. | 6.0 |
2016-11-04 | CVE-2016-8909 | Qemu Debian Opensuse Redhat | Infinite Loop vulnerability in multiple products The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position. | 6.0 |
2016-11-04 | CVE-2016-8669 | Qemu Opensuse Redhat Debian | Divide By Zero vulnerability in multiple products The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base. | 6.0 |
2016-11-04 | CVE-2016-8577 | Qemu Debian Opensuse | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation. | 6.0 |
2016-11-04 | CVE-2016-8576 | Qemu Opensuse Redhat Debian | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process. | 6.0 |
2016-11-04 | CVE-2016-9184 | Exponentcms | Information Exposure vulnerability in Exponentcms Exponent CMS 2.4.0 In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection. | 5.0 |
2016-11-04 | CVE-2016-9183 | Exponentcms | Information Exposure vulnerability in Exponentcms Exponent CMS 2.4.0 In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. | 5.0 |
2016-11-04 | CVE-2016-9182 | Exponentcms | Improper Access Control vulnerability in Exponentcms Exponent CMS 2.4.0 Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. | 5.0 |
2016-11-04 | CVE-2016-9177 | Sparkjava | Path Traversal vulnerability in Sparkjava Spark Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. | 5.0 |
2016-11-03 | CVE-2016-6455 | Cisco | Resource Management Errors vulnerability in Cisco ASR 5000 Software A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber sessions to be disconnected, resulting in a partial denial of service (DoS) condition. | 5.0 |
2016-11-03 | CVE-2016-9136 | Artifex | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Artifex Mujs Artifex Software, Inc. | 5.0 |
2016-11-03 | CVE-2016-9135 | Exponentcms | Information Exposure vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. | 5.0 |
2016-11-03 | CVE-2016-9134 | Exponentcms | Information Exposure vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. | 5.0 |
2016-11-03 | CVE-2016-7452 | Exponentcms | Unrestricted Upload of File with Dangerous Type vulnerability in Exponentcms Exponent CMS The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal. | 5.0 |
2016-11-02 | CVE-2016-8864 | ISC Netapp Redhat Debian | Reachable Assertion vulnerability in multiple products named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. | 5.0 |
2016-11-03 | CVE-2016-6453 | Cisco | SQL Injection vulnerability in Cisco Identity Services Engine 1.3(0.876) A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. | 4.9 |
2016-10-31 | CVE-2016-8856 | Foxitsoftware | Permission Issues vulnerability in Foxitsoftware Reader Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. | 4.6 |
2016-11-04 | CVE-2016-9189 | Python Debian | Integer Overflow or Wraparound vulnerability in multiple products Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component. | 4.3 |
2016-11-04 | CVE-2016-9188 | Moodle | Cross-site Scripting vulnerability in Moodle Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and s_additionalhtmlfooter parameters. | 4.3 |
2016-11-03 | CVE-2016-6454 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Hosted Collaboration Mediation Fulfillment A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute unwanted actions. | 4.3 |
2016-11-03 | CVE-2016-6451 | Cisco | Cross-site Scripting vulnerability in Cisco Prime Collaboration Provisioning 10.6.0 Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. | 4.3 |
2016-11-03 | CVE-2016-6429 | Cisco | Cross-site Scripting vulnerability in Cisco IP Interoperability and Collaboration System 4.10(1) A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. | 4.3 |
2016-10-31 | CVE-2016-8879 | Foxitsoftware | Out-of-bounds Write vulnerability in Foxitsoftware Phantompdf and Reader The thumbnail shell extension plugin (FoxitThumbnailHndlr_x86.dll) in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted JPEG2000 image embedded in a PDF document, aka an "Exploitable - Heap Corruption" issue. | 4.3 |
2016-10-31 | CVE-2016-8875 | Foxitsoftware | Out-of-bounds Read vulnerability in Foxitsoftware Phantompdf and Reader The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image, aka "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ConvertToPDF_x86!CreateFXPDFConvertor." | 4.3 |
2016-10-31 | CVE-2016-7965 | Dokuwiki | Improper Input Validation vulnerability in Dokuwiki DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL. | 4.3 |
2016-10-31 | CVE-2016-7964 | Dokuwiki | Server-Side Request Forgery (SSRF) vulnerability in Dokuwiki 20160626A The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. | 4.3 |
2016-11-04 | CVE-2016-9185 | Openstack | Information Exposure vulnerability in Openstack Heat In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. | 4.0 |
2016-11-03 | CVE-2016-9086 | Gitlab | Information Exposure vulnerability in Gitlab GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. | 4.0 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2016-11-04 | CVE-2016-8668 | Qemu Opensuse | Classic Buffer Overflow vulnerability in multiple products The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size. | 2.1 |
2016-11-04 | CVE-2016-8667 | Qemu Opensuse Debian | Divide By Zero vulnerability in multiple products The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value. | 2.1 |
2016-11-04 | CVE-2016-8578 | Qemu Opensuse Debian | The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation. | 2.1 |
2016-11-03 | CVE-2016-4025 | Avast | 7PK - Security Features vulnerability in Avast products Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Protection Suite v8.x.x, Endpoint Protection Suite Plus v8.x.x, File Server Security v8.x.x, and Email Server Security v8.x.x allow attackers to bypass the DeepScreen feature via a DeviceIoControl call. | 2.1 |