SB16-158: Vulnerability Summary for the Week of May 30, 2016

Title: SB16-158: Vulnerability Summary for the Week of May 30, 2016

U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

06/06/2016 06:16 AM EDT

Original release date: June 06, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
adobe -- connect	Untrusted search path vulnerability in the add-in installer in Adobe Connect before 9.5.3 on Windows allows local users to gain privileges via unspecified vectors.	2016年05月29日	7.2	CVE-2016-4118 CONFIRM
apache -- pdfbox	Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.	2016年06月01日	7.5	CVE-2016-2175 BUGTRAQ CONFIRM CONFIRM MLIST
apache -- activemq	The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.	2016年06月01日	7.5	CVE-2016-3088 MISC MISC SECTRACK CONFIRM
cisco -- network_analysis_module	Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21882.	2016年06月02日	7.5	CVE-2016-1388 CISCO
hp -- release_control	The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.	2016年05月29日	10.0	CVE-2016-1999 HP
irz -- ruh2	iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.	2016年05月29日	7.5	CVE-2016-2309 MISC
moxa -- edr_g903_firmware	Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function.	2016年05月30日	7.8	CVE-2016-0877 MISC
moxa -- edr_g903_firmware	Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to cause a denial of service (cold start) by sending two crafted ping requests.	2016年05月30日	7.8	CVE-2016-0878 MISC
moxa -- edr_g903_firmware	Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL.	2016年05月30日	7.8	CVE-2016-0879 MISC
resource_data_management -- intuitive_650_tdb_controller	Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allow remote authenticated users to modify arbitrary passwords via unspecified vectors.	2016年05月30日	9.0	CVE-2016-4505 MISC
sixnet -- bt-5_series_cellular_router_firmware	Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors.	2016年05月30日	10.0	CVE-2016-4521 MISC

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
apache -- qpid_java	PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught exception.	2016年06月01日	4.3	CVE-2016-3094 CONFIRM CONFIRM BUGTRAQ CONFIRM MLIST
apache -- qpid_java	The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging.	2016年06月01日	5.0	CVE-2016-4432 CONFIRM CONFIRM CONFIRM BUGTRAQ MLIST
blackbox -- alertwerks_servsensor_contact_firmware	Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks ServSensor Contact with firmware before SP473 allow remote authenticated users to discover administrator and user passwords via unspecified vectors.	2016年05月29日	4.0	CVE-2016-2311 MISC
cisco -- network_analysis_module_software	Cisco Prime Network Analysis Module (NAM) before 6.2(1-b) miscalculates IPv6 payload lengths, which allows remote attackers to cause a denial of service (mond process crash and monitoring outage) via crafted IPv6 packets, aka Bug ID CSCuy37324.	2016年06月02日	5.0	CVE-2016-1370 CISCO
cisco -- adaptive_security_appliance_software	Cisco Adaptive Security Appliance (ASA) Software 9.0 through 9.5.1 mishandles IPsec error processing, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted (1) LAN-to-LAN or (2) Remote Access VPN tunnel packets, aka Bug ID CSCuv70576.	2016年05月27日	6.8	CVE-2016-1379 CISCO
cisco -- ucs_invicta_c3124sa_appliance	Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by sniffing network traffic to an Autosupport server and leveraging knowledge of this key from another installation, aka Bug ID CSCur85504.	2016年05月29日	5.0	CVE-2016-1404 CISCO
cisco -- webex_meeting_center	Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312.	2016年05月27日	5.0	CVE-2016-1410 CISCO
cisco -- firepower_management_center	The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517.	2016年05月27日	4.0	CVE-2016-1413 CISCO
cisco -- esc_8832_data_controller	Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors.	2016年05月30日	6.4	CVE-2016-4501 MISC
cisco -- esc_8832_data_controller	Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter.	2016年05月30日	5.0	CVE-2016-4502 MISC
citrix -- xenapp	Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors.	2016年06月01日	5.0	CVE-2016-4810 CONFIRM
citrix -- netscaler_gateway_11.0_firmware	Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSC_TMAC cookie.	2016年06月01日	4.3	CVE-2016-4945 BUGTRAQ CONFIRM MISC MISC
emc -- isilon_onefs	EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream, a similar issue to CVE-2016-2115.	2016年05月29日	4.3	CVE-2016-0907 BUGTRAQ
gnome -- gdk-pixbuf	Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow.	2016年06月01日	6.8	CVE-2015-8875 CONFIRM MLIST MLIST MLIST DEBIAN
gnu -- glibc	Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.	2016年06月01日	5.0	CVE-2016-1234 CONFIRM CONFIRM MLIST FEDORA
gnu -- glibc	Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.	2016年06月01日	5.0	CVE-2016-3075 CONFIRM CONFIRM UBUNTU FEDORA
hp -- service_manager	HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components.	2016年05月29日	5.0	CVE-2016-2025 HP
ibm -- security_appscan	IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before 9.0.3.2 and Security AppScan Enterprise allow remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.	2016年06月01日	4.0	CVE-2016-0288 CONFIRM
moxa -- edr_g903_firmware	Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL.	2016年05月30日	5.0	CVE-2016-0875 MISC
moxa -- edr_g903_firmware	Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file.	2016年05月30日	5.0	CVE-2016-0876 MISC
moxa -- miineport_e1_4641_firmware	Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allows remote attackers to hijack the authentication of arbitrary users.	2016年05月30日	6.8	CVE-2016-2285 MISC
moxa -- miineport_e1_4641_firmware	Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 have a blank default password, which allows remote attackers to obtain access via unspecified vectors.	2016年05月30日	5.0	CVE-2016-2286 MISC
moxa -- miineport_e1_4641_firmware	Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allow remote attackers to obtain sensitive cleartext information by reading a configuration file.	2016年05月30日	5.0	CVE-2016-2295 MISC
moxa -- uc-7408_lx-plus	Moxa UC-7408 LX-Plus devices allow remote authenticated users to write to the firmware, and consequently render a device unusable, by leveraging root access.	2016年06月01日	4.9	CVE-2016-4500 MISC
qemu -- qemu	The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local OS guest administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.	2016年06月01日	4.6	CVE-2016-4453 MLIST CONFIRM MLIST
qemu -- qemu	Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local OS guest users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.	2016年06月01日	4.6	CVE-2016-5126 MLIST CONFIRM MLIST MLIST CONFIRM
resource_data_management -- intuitive_650_tdb_controller	Cross-site request forgery (CSRF) vulnerability on Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allows remote authenticated users to hijack the authentication of arbitrary users.	2016年05月30日	6.0	CVE-2016-4506 MISC
sensiolabs -- symfony	The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.	2016年06月01日	5.0	CVE-2016-1902 CONFIRM MISC DEBIAN CONFIRM
sensiolabs -- symfony	The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.	2016年06月01日	5.0	CVE-2016-4423 CONFIRM CONFIRM DEBIAN
siemens -- siprotec_firmware	The integrated web server in the EN100 Ethernet module before 4.27 on Siemens SIPROTEC 4 and SIPROTEC Compact devices, and the Ethernet Service Interface on SIPROTEC Compact devices, allows remote attackers to obtain sensitive information via an HTTP request.	2016年05月30日	5.0	CVE-2016-4784 MISC CONFIRM
siemens -- siprotec_firmware	The integrated web server in the EN100 Ethernet module before 4.27 on Siemens SIPROTEC 4 and SIPROTEC Compact devices allows remote attackers to obtain sensitive information from device memory via an HTTP request.	2016年05月30日	5.0	CVE-2016-4785 MISC CONFIRM

Low Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
docker -- docker	libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.	2016年06月01日	2.1	CVE-2016-3697 CONFIRM CONFIRM CONFIRM CONFIRM REDHAT SUSE
dosfstools_project -- dosfstools	The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error."	2016年06月03日	2.1	CVE-2015-8872 CONFIRM CONFIRM CONFIRM MISC UBUNTU SUSE
dosfstools_project -- dosfstools	The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function.	2016年06月03日	2.1	CVE-2016-4804 CONFIRM CONFIRM MISC CONFIRM UBUNTU SUSE
hp -- restful_interface_tool	HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive information via unspecified vectors.	2016年05月29日	2.1	CVE-2016-2023 HP
qemu -- qemu	The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local OS guest administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read.	2016年06月01日	3.2	CVE-2016-4454 MLIST CONFIRM MLIST

Severity Not Yet Assigned

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
ansible -- lxc_container	The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.	2016年06月03日	Not Yet Calculated	CVE-2016-3096 MLIST MLIST CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM FEDORA FEDORA FEDORA FEDORA FEDORA
cisco -- network_analysis_module	CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005.	2016年06月04日	Not Yet Calculated	CVE-2016-1403 CISCO
cisco -- network_analysis_module	Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow local users to obtain root access via crafted CLI input, aka Bug ID CSCuy21892.	2016年06月03日	Not Yet Calculated	CVE-2016-1390 CISCO
cisco -- network_analysis_module	Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) allow remote authenticated users to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21889.	2016年06月03日	Not Yet Calculated	CVE-2016-1391 CISCO
cisco -- network_analysis_module	The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in May 2016.	2016年05月29日	Not Yet Calculated	CVE-2016-1409 CISCO
emc_isilon -- onefs_7.1	EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges.	2016年06月03日	Not Yet Calculated	CVE-2016-0908 BUGTRAQ
epoch -- web_mailing_list_0.321	Cross-site scripting (XSS) vulnerability in Epoch Web Mailing List 0.31 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2016年06月04日	Not Yet Calculated	CVE-2016-1211 CONFIRM JVNDB JVN
futomi -- mp_form_mail_cgi_3.2.3	Directory traversal vulnerability in futomi MP Form Mail CGI Professional Edition 3.2.3 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors.	2016年06月04日	Not Yet Calculated	CVE-2016-1212 CONFIRM JVNDB JVN
humhub -- 0.20.0_beta1	Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.	2016年06月04日	Not Yet Calculated	CVE-2016-1229 CONFIRM JVNDB JVN
imagemagick -- magickcore/draw.c	The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.	2016年06月04日	Not Yet Calculated	CVE-2016-4562 CONFIRM CONFIRM
imagemagick -- magickcore/draw.c	The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.	2016年06月04日	Not Yet Calculated	CVE-2016-4564 CONFIRM CONFIRM
imagemagick -- magickcore/draw.c	The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.	2016年06月04日	Not Yet Calculated	CVE-2016-4563 CONFIRM CONFIRM
java -- ibm_sdk	The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.	2016年06月03日	Not Yet Calculated	CVE-2016-0363 MISC CONFIRM AIXAPAR FULLDISC FULLDISC REDHAT REDHAT SUSE SUSE SUSE SUSE SUSE
java -- ibm_sdk	The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.	2016年06月03日	Not Yet Calculated	CVE-2016-0376 BUGTRAQ MISC CONFIRM AIXAPAR FULLDISC REDHAT REDHAT SUSE SUSE SUSE SUSE SUSE
kobe_beauty -- php-contact_form	Cross-site scripting (XSS) vulnerability in Kobe Beauty php-contact-form before 2016年05月18日 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.	2016年06月04日	Not Yet Calculated	CVE-2016-1222 CONFIRM CONFIRM JVNDB JVN
lenovo -- updateagent	UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com.	2016年06月03日	Not Yet Calculated	CVE-2016-3944 CONFIRM MISC
ntt_pc -- webarena_formail	Cross-site scripting (XSS) vulnerability in NTT PC Communications WebARENA Service formmail before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2016年06月04日	Not Yet Calculated	CVE-2016-1230 CONFIRM CONFIRM CONFIRM JVNDB JVN
wordpress -- save_improved_plugin	Cross-site scripting (XSS) vulnerability in the Markdown on Save Improved plugin before 2.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2016年06月04日	Not Yet Calculated	CVE-2016-4812 CONFIRM JVNDB JVN

This product is provided subject to this Notification and this Privacy & Use policy.

A copy of this publication is available at www.us-cert.gov. If you need help or have questions, please send an email to info@xxxxxxxxxxx. Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT@xxxxxxxxxxxxxxxx to your address book.

OTHER RESOURCES:

STAY CONNECTED:

SUBSCRIBER SERVICES:
Manage Preferences | Unsubscribe | Help

This email was sent to linux-security@xxxxxxxxxxx using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (888) 282-0870 Powered by GovDelivery