Weekly Vulnerabilities Reports > November 14 to 20, 2016
Overview
49 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 24 high severity vulnerabilities. This weekly summary report vulnerabilities in 44 products from 14 vendors including Linux, Cisco, Dotcms, Wireshark, and Debian. Vulnerabilities are notably categorized as "SQL Injection", "Use After Free", "Improper Input Validation", "Resource Management Errors", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".
- 25 reported vulnerabilities are remotely exploitables.
- 6 reported vulnerabilities have public exploit available.
- 12 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 34 reported vulnerabilities are exploitable by an anonymous user.
- Linux has the most reported vulnerabilities, with 12 reported vulnerabilities.
- Paloaltonetworks has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
4 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2016-11-19 | CVE-2016-9150 | Paloaltonetworks | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Paloaltonetworks Pan-Os Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows remote attackers to execute arbitrary code via unspecified vectors. | 9.8 |
2016-11-15 | CVE-2016-9287 | Exponentcms | SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0 In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. | 9.8 |
2016-11-14 | CVE-2016-8902 | Dotcms | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter. | 9.8 |
2016-11-15 | CVE-2016-5763 | Novell | 7PK - Security Features vulnerability in Novell products Vulnerability in Novell Open Enterprise Server (OES2015 SP1 before Scheduled Maintenance Update 10992, OES2015 before Scheduled Maintenance Update 10990, OES11 SP3 before Scheduled Maintenance Update 10991, OES11 SP2 before Scheduled Maintenance Update 10989) might allow authenticated remote attackers to perform unauthorized file access and modification. | 9.1 |
24 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2016-11-14 | CVE-2016-8908 | Dotcms | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the "Site Browser > HTML pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | 8.8 |
2016-11-14 | CVE-2016-8907 | Dotcms | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | 8.8 |
2016-11-14 | CVE-2016-8906 | Dotcms | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the "Site Browser > Links pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | 8.8 |
2016-11-14 | CVE-2016-8905 | Dotcms | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter. | 8.8 |
2016-11-14 | CVE-2016-8904 | Dotcms | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the "Site Browser > Containers pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | 8.8 |
2016-11-14 | CVE-2016-8903 | Dotcms | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the "Site Browser > Templates pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | 8.8 |
2016-11-18 | CVE-2016-4333 | Hdfgroup | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hdfgroup Hdf5 1.8.16 The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. | 8.6 |
2016-11-18 | CVE-2016-4332 | Hdfgroup | Improper Input Validation vulnerability in Hdfgroup Hdf5 1.8.16 The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. | 8.6 |
2016-11-18 | CVE-2016-4331 | Hdfgroup | Out-of-bounds Write vulnerability in Hdfgroup Hdf5 1.8.16 When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution. | 8.6 |
2016-11-18 | CVE-2016-4330 | Hdfgroup | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hdfgroup Hdf5 1.8.16 In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution. | 8.6 |
2016-11-15 | CVE-2016-0909 | EMC | Improper Input Validation vulnerability in EMC Avamar Data Store and Avamar Server Virtual Edition EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users. | 8.4 |
2016-11-15 | CVE-2016-8661 | Obdev | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Obdev Little Snitch Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow vulnerability that could be locally exploited which could lead to an escalation of privileges (EoP) and unauthorised ring0 access to the operating system. | 8.4 |
2016-11-19 | CVE-2016-9151 | Paloaltonetworks | Permissions, Privileges, and Access Controls vulnerability in Paloaltonetworks Pan-Os Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables. | 7.8 |
2016-11-16 | CVE-2016-7913 | Linux Canonical | Use After Free vulnerability in multiple products The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. | 7.8 |
2016-11-16 | CVE-2016-7912 | Linux | Use After Free vulnerability in Linux Kernel Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call. | 7.8 |
2016-11-16 | CVE-2016-7911 | Linux | Use After Free vulnerability in Linux Kernel Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call. | 7.8 |
2016-11-16 | CVE-2016-7910 | Linux | Use After Free vulnerability in Linux Kernel Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed. | 7.8 |
2016-11-16 | CVE-2015-8961 | Linux | Use After Free vulnerability in Linux Kernel The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel before 4.3.3 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field. | 7.8 |
2016-11-19 | CVE-2016-6466 | Cisco | Resource Management Errors vulnerability in Cisco ASR 5000 Series Software and Virtualized Packet Core A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. | 7.5 |
2016-11-19 | CVE-2016-6460 | Cisco | 7PK - Security Features vulnerability in Cisco Firesight System Software A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. | 7.5 |
2016-11-19 | CVE-2016-6458 | Cisco | Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. | 7.5 |
2016-11-18 | CVE-2016-8562 | Siemens | Unspecified vulnerability in Siemens products A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). | 7.5 |
2016-11-16 | CVE-2015-8962 | Linux | Double Free vulnerability in Linux Kernel Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call. | 7.3 |
2016-11-16 | CVE-2015-8963 | Linux | Use After Free vulnerability in Linux Kernel Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation. | 7.0 |
20 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2016-11-18 | CVE-2016-8561 | Siemens | Permissions, Privileges, and Access Controls vulnerability in Siemens Simatic CP 1543-1 Firmware A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). | 6.6 |
2016-11-19 | CVE-2016-9149 | Paloaltonetworks | Data Processing Errors vulnerability in Paloaltonetworks Pan-Os The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a crafted string. | 6.5 |
2016-11-19 | CVE-2016-6457 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. | 6.5 |
2016-11-15 | CVE-2016-7165 | Siemens | Improper Access Control vulnerability in Siemens products A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 V5.X (All versions < V5.5 SP4 HF11), SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced (All versions < V14), SIMATIC WinCC (TIA Portal) Professional V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) Professional V14 (All versions < V14 SP1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1), SIMATIC WinCC V7.0 SP2 and earlier versions (All versions < V7.0 SP2 Upd 12), SIMATIC WinCC V7.0 SP3 (All versions < V7.0 SP3 Upd 8), SIMATIC WinCC V7.2 (All versions < V7.2 Upd 14), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 11), SIMATIC WinCC V7.4 (All versions < V7.4 SP1), SIMIT V9.0 (All versions < V9.0 SP1), SINEMA Remote Connect Client (All versions < V1.0 SP3), SINEMA Server (All versions < V13 SP2), SOFTNET Security Client V5.0 (All versions), Security Configuration Tool (SCT) (All versions < V4.3 HF1), TeleControl Server Basic (All versions < V3.0 SP2), WinAC RTX 2010 SP2 (All versions), WinAC RTX F 2010 SP2 (All versions). | 6.4 |
2016-11-19 | CVE-2016-6472 | Cisco | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.2) A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager) could allow an unauthenticated, remote attacker to launch a cross-site scripting (XSS) attack against a user of the web interface on the affected system. | 6.1 |
2016-11-19 | CVE-2016-6461 | Cisco | Improper Input Validation vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system. | 5.9 |
2016-11-17 | CVE-2016-9376 | Wireshark Debian | Resource Management Errors vulnerability in multiple products In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. | 5.9 |
2016-11-17 | CVE-2016-9375 | Wireshark Debian | Resource Management Errors vulnerability in multiple products In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. | 5.9 |
2016-11-17 | CVE-2016-9374 | Wireshark Debian | Resource Management Errors vulnerability in multiple products In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. | 5.9 |
2016-11-17 | CVE-2016-9373 | Wireshark Debian | Use After Free vulnerability in multiple products In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. | 5.9 |
2016-11-17 | CVE-2016-9372 | Wireshark | Resource Management Errors vulnerability in Wireshark 2.2.0/2.2.1 In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. | 5.9 |
2016-11-19 | CVE-2016-6459 | Cisco | OS Command Injection vulnerability in Cisco Telepresence TC Software Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. | 5.5 |
2016-11-16 | CVE-2016-7916 | Linux | Race Condition vulnerability in Linux Kernel Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete. | 5.5 |
2016-11-16 | CVE-2016-7915 | Linux | Out-of-bounds Read vulnerability in Linux Kernel The hid_input_field function in drivers/hid/hid-core.c in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver. | 5.5 |
2016-11-16 | CVE-2016-7914 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite. | 5.5 |
2016-11-16 | CVE-2015-8964 | Linux | Information Exposure vulnerability in Linux Kernel The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure. | 5.5 |
2016-11-16 | CVE-2016-9318 | Xmlsoft Canonical | XXE vulnerability in multiple products libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. | 5.5 |
2016-11-19 | CVE-2016-6463 | Cisco | Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware 10.0.0082/9.7.0125/9.7.106 A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. | 5.3 |
2016-11-19 | CVE-2016-6462 | Cisco | Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware 10.0.0082/10.0.0125/9.7.106 A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. | 5.3 |
2016-11-16 | CVE-2016-7917 | Linux | Out-of-bounds Read vulnerability in Linux Kernel The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability. | 5.0 |
1 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2016-11-19 | CVE-2016-6450 | Cisco | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. | 2.5 |