SB16-326 Vulnerability Summary for the Week of November 14th 2016

11/21/2016 09:25 AM EST – Original release date: November 21, 2016
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
dotcms — dotcms SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter. 2016-11-14 7.5 CVE-2016-8902
MISC
MISC
MISC
MISC
emc — avamar_data_store EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users. 2016-11-15 7.2 CVE-2016-0909
miscellaneous
CONFIRM
exponentcms — exponent_cms In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter ‘$term’ used directly in SQL. Impact is a SQL injection. 2016-11-15 7.5 CVE-2016-9287
CONFIRM
exponentcms — exponent_cms In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter “target” of function “DragnDropReRank” is directly used without any filtration which caused SQL injection. The payload can be used like this: /navigation/DragnDropReRank/target/1. 2016-11-11 7.5 CVE-2016-9288
CONFIRM
linux — linux_kernel The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel before 4.3.3 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field. 2016-11-16 9.3 CVE-2015-8961
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call. 2016-11-16 9.3 CVE-2015-8962
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation. 2016-11-16 7.6 CVE-2015-8963
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure. 2016-11-16 7.1 CVE-2015-8964
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed. 2016-11-16 9.3 CVE-2016-7910
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call. 2016-11-16 9.3 CVE-2016-7911
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call. 2016-11-16 9.3 CVE-2016-7912
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. 2016-11-16 9.3 CVE-2016-7913
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite. 2016-11-16 7.1 CVE-2016-7914
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete. 2016-11-16 7.1 CVE-2016-7916
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
objective_development — little_snitch Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow vulnerability that could be locally exploited which could lead to an escalation of privileges (EoP) and unauthorised ring0 access to the operating system. The buffer overflow is related to insufficient checking of parameters to the “OSMalloc” and “copyin” kernel API calls. 2016-11-15 7.2 CVE-2016-8661
MISC
samsung — samsung_mobile Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note devices allows attackers to cause a denial of service (UI restart) via vectors involving APIs and an activity that computes an out-of-bounds array index, aka SVE-2016-6906. 2016-11-11 7.8 CVE-2016-9277
CONFIRM


Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
7-zip — p7zip A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z applications, will cause a crash and a denial of service when decoding malformed 7z files. 2016-11-11 5.0 CVE-2016-9296
MISC
MISC
MISC
artifex — mujs Artifex Software, Inc. MuJS before 5008105780c0b0182ea6eda83ad5598f225be3ee allows context-dependent attackers to conduct “denial of service (application crash)” attacks by using the “malformed labeled break/continue in JavaScript” approach, related to a “NULL pointer dereference” issue affecting the jscompile.c component. 2016-11-11 5.0 CVE-2016-9294
CONFIRM
CONFIRM
dotcms — dotcms SQL injection vulnerability in the “Site Browser > Templates pages” screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. 2016-11-14 6.5 CVE-2016-8903
MISC
MISC
MISC
MISC
dotcms — dotcms SQL injection vulnerability in the “Site Browser > Containers pages” screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. 2016-11-14 6.5 CVE-2016-8904
MISC
MISC
MISC
MISC
dotcms — dotcms SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter. 2016-11-14 6.5 CVE-2016-8905
MISC
MISC
MISC
MISC
dotcms — dotcms SQL injection vulnerability in the “Site Browser > Links pages” screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. 2016-11-14 6.5 CVE-2016-8906
MISC
MISC
MISC
MISC
dotcms — dotcms SQL injection vulnerability in the “Content Types > Content Types” screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. 2016-11-14 6.5 CVE-2016-8907
MISC
MISC
MISC
MISC
dotcms — dotcms SQL injection vulnerability in the “Site Browser > HTML pages” screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. 2016-11-14 6.5 CVE-2016-8908
MISC
MISC
MISC
MISC
exponentcms — exponent_cms A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service. 2016-11-11 6.4 CVE-2016-9272
CONFIRM
CONFIRM
CONFIRM
exponentcms — exponent_cms SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter. 2016-11-11 5.0 CVE-2016-9282
CONFIRM
exponentcms — exponent_cms SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a “sef URL” issue. 2016-11-11 5.0 CVE-2016-9283
CONFIRM
exponentcms — exponent_cms getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string. 2016-11-11 5.0 CVE-2016-9284
CONFIRM
exponentcms — exponent_cms framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an “addresses, countries, and regions” issue. 2016-11-11 5.0 CVE-2016-9285
CONFIRM
exponentcms — exponent_cms framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI. 2016-11-11 5.0 CVE-2016-9286
CONFIRM
git_for_windows_project — git_for_windows Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory. NOTE: 2.x is unaffected. 2016-11-11 4.4 CVE-2016-9274
MISC
MISC
linux — linux_kernel The hid_input_field function in drivers/hid/hid-core.c in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver. 2016-11-16 4.3 CVE-2016-7915
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message’s length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability. 2016-11-16 4.3 CVE-2016-7917
CONFIRM
CONFIRM
CONFIRM
novell — open_enterprise_server_11 Vulnerability in Novell Open Enterprise Server (OES2015 SP1 before Scheduled Maintenance Update 10992, OES2015 before Scheduled Maintenance Update 10990, OES11 SP3 before Scheduled Maintenance Update 10991, OES11 SP2 before Scheduled Maintenance Update 10989) might allow authenticated remote attackers to perform unauthorized file access and modification. 2016-11-15 6.4 CVE-2016-5763
CONFIRM
CONFIRM
CONFIRM
CONFIRM
siemens — primary_setup_tool Unquoted Windows search path vulnerability in Siemens SIMATIC WinCC before 7.0 SP2 Upd 12, 7.0 SP3 before Upd 8, and 7.2 through 7.4; SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced before 14; SIMATIC WinCC Runtime Professional; SIMATIC WinCC (TIA Portal) Professional; SIMATIC STEP 7 5.x; SIMATIC STEP 7 (TIA Portal) before 14; SIMATIC NET PC-Software before 14; TeleControl Server Basic before 3.0 SP2; SINEMA Server before 13 SP2; SIMATIC PCS 7 through 8.2; SINEMA Remote Connect Client; SIMATIC WinAC RTX 2010 SP2; SIMATIC WinAC RTX F 2010 SP2; SIMATIC IT Production Suite; SOFTNET Security Client 5.0; SIMIT 9.0; Security Configuration Tool (SCT); and Primary Setup Tool (PST), when the installation does not use the %PROGRAMFILES% directory, might allow local users to gain privileges via a Trojan horse executable file. 2016-11-15 6.9 CVE-2016-7165
CONFIRM
wireshark — wireshark In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects. 2016-11-17 4.3 CVE-2016-9372
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings. 2016-11-17 4.3 CVE-2016-9373
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable. 2016-11-17 4.3 CVE-2016-9374
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful. 2016-11-17 4.3 CVE-2016-9375
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large. 2016-11-17 4.3 CVE-2016-9376
CONFIRM
CONFIRM
CONFIRM
xmlsoft — libxml2 libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. 2016-11-15 6.8 CVE-2016-9318
MISC
MISC


Low Vulnerabilities

There were no low vulnerabilities recorded this week.

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cisco — adaptive_security_appliance A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system. More Information: CSCva38556. Known Affected Releases: 9.1(6.10). Known Fixed Releases: 100.11(0.75) 100.15(0.137) 100.8(40.129) 96.2(0.95) 97.1(0.55) 97.1(12.7) 97.1(6.30). 2016-11-18 not yet calculated CVE-2016-6461
CONFIRM
cisco — asr_5000_series_routers A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. This vulnerability affects the following Cisco products: Cisco ASR 5000/5500 Series routers, Cisco Virtualized Packet Core (VPC). More Information: CSCva13631. Known Affected Releases: 20.0.0 20.1.0 20.2.0 20.2.3 20.2.v1 21.0.0 21.0.M0.64246. Known Fixed Releases: 20.2.3 20.2.3.65026 20.2.a4.65307 20.2.v1 20.2.v1.65353 20.3.M0.65037 20.3.T0.65043 21.0.0 21.0.0.65256 21.0.M0.64595 21.0.M0.64860 21.0.M0.65140 21.0.V0.65052 21.0.V0.65150 21.0.V0.65366 21.0.VC0.64639 21.1.A0.64861 21.1.A0.65145 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.R0.65154 21.1.VC0.64898 21.1.VC0.65203 21.2.A0.65147. 2016-11-18 not yet calculated CVE-2016-6466
CONFIRM
cisco — email_security_appliance A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been filtered could instead be forwarded by the device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to use a content filter for email attachments that are protected or encrypted. More Information: CSCva52546. Known Affected Releases: 10.0.0-125 9.7.1-066. 2016-11-18 not yet calculated CVE-2016-6458
CONFIRM
cisco — email_security_appliance A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCuz85823. Known Affected Releases: 10.0.0-082 9.7.0-125 9.7.1-066. Known Fixed Releases: 10.0.0-203 9.7.2-131. 2016-11-18 not yet calculated CVE-2016-6463
CONFIRM
cisco — email_security_appliance A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCva13456. Known Affected Releases: 10.0.0-082 10.0.0-125 9.7.1-066. Known Fixed Releases: 10.0.0-203 9.7.2-131. 2016-11-18 not yet calculated CVE-2016-6462
CONFIRM
cisco — firepower_system_software A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0. 2016-11-18 not yet calculated CVE-2016-6460
CONFIRM
cisco — ios_xe_software A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are running a vulnerable release of Cisco IOS XE Software: Cisco 5700 Series Wireless LAN Controllers, Cisco Catalyst 3650 Series Switches, Cisco Catalyst 3850 Series Switches, Cisco Catalyst 4500E Series Switches, Cisco Catalyst 4500X Series Switches. More Information: CSCva60013 CSCvb22622. Known Affected Releases: 3.7(0) 16.4.1 Denali-16.1.3 Denali-16.2.2 Denali-16.3.1. Known Fixed Releases: 15.2(4)E3 16.1(2.208) 16.2(2.42) 16.3(1.22) 16.4(0.190) 16.5(0.29). 2016-11-18 not yet calculated CVE-2016-6450
CONFIRM
cisco — nexus_9000_series A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability affects Cisco Nexus 9000 Series Leaf Switches (TOR) – ACI Mode and Cisco Application Policy Infrastructure Controller (APIC). More Information: CSCuy93241. Known Affected Releases: 11.2(2x) 11.2(3x) 11.3(1x) 11.3(2x) 12.0(1x). Known Fixed Releases: 11.2(2i) 11.2(2j) 11.2(3f) 11.2(3g) 11.2(3h) 11.2(3l) 11.3(0.236) 11.3(1j) 11.3(2i) 11.3(2j) 12.0(1r). 2016-11-18 not yet calculated CVE-2016-6457
CONFIRM
cisco — telepresence Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0. 2016-11-18 not yet calculated CVE-2016-6459
CONFIRM
cisco — unified_communication_manager A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager) could allow an unauthenticated, remote attacker to launch a cross-site scripting (XSS) attack against a user of the web interface on the affected system. More Information: CSCvb37121. Known Affected Releases: 11.5(1.2). Known Fixed Releases: 11.5(1.11950.96) 11.5(1.12900.2) 12.0(0.98000.133) 12.0(0.98000.313) 12.0(0.98000.404). 2016-11-18 not yet calculated CVE-2016-6472
CONFIRM
hdf5 — hdf5 In the HDF5 1.8.16 library’s failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution. 2016-11-18 not yet calculated CVE-2016-4330
MISC
hdf5 — hdf5 The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop’s terminator. Due to this, an aggressor can cause the loop’s index to point outside the bounds of the array when initializing it. 2016-11-18 not yet calculated CVE-2016-4333
MISC
hdf5 — hdf5 The library’s failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren’t supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library. 2016-11-18 not yet calculated CVE-2016-4332
MISC
hdf5 — hdf5 When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution. 2016-11-18 not yet calculated CVE-2016-4331
MISC
palo_alto_networks — pan-os Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows remote attackers to execute arbitrary code via unspecified vectors. 2016-11-19 not yet calculated CVE-2016-9150
CONFIRM
palo_alto_networks — pan-os Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables. 2016-11-19 not yet calculated CVE-2016-9151
CONFIRM
palo_alto_networks — pan-os The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a crafted string. 2016-11-19 not yet calculated CVE-2016-9149
CONFIRM
siemens — simatic_cp Siemens SIMATIC CP 1543-1 before 2.0.28 allows remote authenticated users to gain privileges by leveraging certain TIA-Portal access and project-data access. 2016-11-18 not yet calculated CVE-2016-8561
CONFIRM
siemens — simatic_cp Siemens SIMATIC CP 1543-1 before 2.0.28, when SNMPv3 write access or SNMPv1 is enabled, allows remote authenticated users to cause a denial of service by modifying SNMP variables. 2016-11-18 not yet calculated CVE-2016-8562
CONFIRM
Click here for reuse options!
Copyright 2016 ECI Networks