[prev in list] [next in list] [prev in thread] [next in thread]
List: patchmanagement
Subject: [patchmanagement] US-CERT: Bulletin (SB16-242) Vulnerability Summary for the Week of August 22, 2016
From: Phantom of the Mobile PhotM <phantom.of.the.mobile () live ! com>
Date: 2016-08-29 15:43:37
Message-ID: BAY175-W112A8C2B895B507D8B24C99CE10 () phx ! gbl
[Download RAW message or body]
https://www.us-cert.gov/ncas/bulletins/SB16-242
National Cyber Awareness System: SB16-242: Vulnerability Summary for the Week of \
August 22, 201608/29/2016 06:25 AM EDTOriginal release date: August 29, 2016 The \
US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have \
been recorded by the National Institute of Standards and Technology (NIST) National \
Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department \
of Homeland Security (DHS) National Cybersecurity and Communications Integration \
Center(NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For \
modified or updated entries, please visit the NVD, which contains historical \
vulnerability information.The vulnerabilities are based on the CVE vulnerability \
naming standard and are organized according to severity, determined by the Common \
Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low \
severities correspond to the following scores:High - Vulnerabilities will be labeled \
High severity if they have a CVSS base score of 7.0 - 10.0Medium - Vulnerabilities \
will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9Low - \
Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - \
3.9Entries may include additional information provided by organizations and efforts \
sponsored by US-CERT. This information may include identifying information, values, \
definitions, and related links. Patch information is provided when available. Please \
note that some of the information in the bulletins is compiled from external, open \
source reports and is not a direct result of US-CERT analysis.High \
VulnerabilitiesPrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch \
Infoapple -- iphone_osThe kernel in Apple iOS before 9.3.5 allows attackers to obtain \
sensitive information from memory via a crafted \
app.2016-08-257.1CVE-2016-4655APPLECONFIRMapple -- iphone_osThe kernel in Apple iOS \
before 9.3.5 allows attackers to execute arbitrary code in a privileged context or \
cause a denial of service (memory corruption) via a crafted \
app.2016-08-259.3CVE-2016-4656APPLECONFIRMbrocade -- fabric_osHPE FOS before 7.4.1d \
and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain \
sensitive information via unspecified vectors.2016-08-227.8CVE-2016-4376CONFIRMcisco \
-- ip_phone_8800_series_firmwareCisco IP Phone 8800 devices with software 11.0(1) \
allow remote attackers to cause a denial of service (memory corruption) via a crafted \
HTTP request, aka Bug ID CSCuz03038.2016-08-227.8CVE-2016-1479CISCOcisco -- \
ios_xrMemory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x \
through 5.3.2 on ASR 9001 devices allows remote attackers to cause a denial of \
service (control-plane protocol outage) via crafted fragmented packets, aka Bug ID \
CSCux26791.2016-08-227.8CVE-2016-6355CISCOcisco -- aironet_access_point_softwareCisco \
Aironet 1800, 2800, and 3800 devices with software before 8.2.110.0, 8.2.12x before \
8.2.121.0, and 8.3.x before 8.3.102.0 allow local users to gain privileges via \
crafted CLI parameters, aka Bug ID CSCuz24725.2016-08-227.2CVE-2016-6362CISCOcisco -- \
anyconnect_secure_mobility_clientCisco AnyConnect Secure Mobility Client before \
4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users \
to gain privileges via a crafted INF file, aka Bug ID \
CSCuz92464.2016-08-257.2CVE-2016-6369CISCOcitrix -- xenappCitrix XenApp 6.x before \
6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers \
to weaken an unspecified security mitigation via vectors related to memory \
permission.2016-08-197.5CVE-2016-6493CONFIRMBIDSECTRACKd-link -- \
dir-822_firmwareStack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 \
2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 \
before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before \
1.11WWb04, DIR-890L A1 1.09 before 1.09b14, DIR-885L A1 1.11 before 1.11WWb07, \
DIR-880L A1 1.07 before 1.07WWb08, DIR-868L B1 2.03 before 2.03WWb01, and DIR-868L C1 \
3.00 before 3.00WWb01 devices allows remote attackers to execute arbitrary code via a \
long session cookie.2016-08-259.3CVE-2016-5681CONFIRMCERT-VNdbd-mysql_project -- \
dbd-mysqlUse-after-free vulnerability in DBD::mysql before 4.029 allows attackers to \
cause a denial of service (program crash) or possibly execute arbitrary code via \
vectors related to a lost server \
connection.2016-08-1910.0CVE-2014-9906CONFIRMDEBIANMLISTMLISTCONFIRMCONFIRMdbd-mysql_project \
-- dbd-mysqlUse-after-free vulnerability in the my_login function in DBD::mysql \
before 4.033_01 allows attackers to have unspecified impact by leveraging a call to \
mysql_errno after a failure of \
my_login.2016-08-1910.0CVE-2015-8949DEBIANMLISTMLISTMISCCONFIRMCONFIRMCONFIRMf5 -- \
big-ip_access_policy_managerThe Configuration utility in F5 BIG-IP LTM, Analytics, \
APM, ASM, GTM, and Link Controller 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before \
11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AAM 11.4.x before \
11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AFM and PEM \
11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; \
BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF16 and 11.3.0; and \
BIG-IP PSM 11.x before 11.2.1 HF16, 11.3.x, and 11.4.x before 11.4.1 HF10 allows \
remote authenticated users with certain permissions to gain privileges by leveraging \
an Access Policy Manager customization configuration section that allows file \
uploads.2016-08-198.5CVE-2015-8022SECTRACKCONFIRMfortinet -- fortiosBuffer overflow \
in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and \
4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute \
arbitrary code via a crafted HTTP request, aka \
EGREGIOUSBLUNDER.2016-08-2410.0CVE-2016-6909CONFIRMMISCBIDSECTRACKMISCEXPLOIT-DBhp -- \
converged_infrastructure_solution_sizer_suiteHPE Smart Update in Storage Sizing Tool \
before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, \
Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning \
Tool before 3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP Business Suite \
powered by HANA before 16.11.1, Sizer for ConvergedSystems Virtualization before \
16.7.1, Sizer for Microsoft Exchange Server before 16.12.1, Sizer for Microsoft Lync \
Server 2013 before 16.12.1, Sizer for Microsoft SharePoint 2013 before 16.13.1, Sizer \
for Microsoft SharePoint 2010 before 16.11.1, and Sizer for Microsoft Skype for \
Business Server 2015 before 16.5.1 allows remote attackers to execute arbitrary code \
via unspecified vectors.2016-08-227.6CVE-2016-4377CONFIRMmoxa -- \
oncell_g3001_firmwareMoxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, \
and G3251 devices before 1.7 do not properly restrict authentication attempts, which \
makes it easier for remote attackers to obtain access via a brute-force \
attack.2016-08-2310.0CVE-2016-5799MISCnavis -- webaccessSQL injection vulnerability \
in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers \
to execute arbitrary SQL commands via unspecified \
vectors.2016-08-227.5CVE-2016-5817MISCrockwellautomation -- 1766-l32awaRockwell \
Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, \
1766-L32AWAA, and 1766-L32BXBA devices have a hardcoded SNMP community, which makes \
it easier for remote attackers to load arbitrary firmware updates by leveraging \
knowledge of this community.2016-08-237.5CVE-2016-5645MISCwatchguard -- \
rapidstreamWatchGuard RapidStream appliances allow local users to gain privileges and \
execute arbitrary commands via a crafted ifconfig command, aka \
ESCALATEPLOWMAN.2016-08-247.2CVE-2016-7089MISCEXPLOIT-DBMISCzmodo -- zp-ibh-13wZModo \
ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it \
easier for remote attackers to obtain access via a TELNET \
session.2016-08-2310.0CVE-2016-5081CERT-VNBack to topMedium \
VulnerabilitiesPrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch \
Infoapache -- sentryMultiple incomplete blacklist vulnerabilities in Apache Sentry \
before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) \
reflect, (2) reflect2, or (3) java_method Hive builtin \
functions.2016-08-196.5CVE-2016-0760MLISTBIDapache -- openmeetingsCross-site \
scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 \
allows remote attackers to inject arbitrary web script or HTML via the swf \
parameter.2016-08-194.3CVE-2016-3089CONFIRMBUGTRAQCONFIRMapple -- iphone_osWebKit in \
Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a \
denial of service (memory corruption) via a crafted web \
site.2016-08-256.8CVE-2016-4657APPLECONFIRMcisco -- \
connected_streaming_analyticsCisco Connected Streaming Analytics 1.1.1 allows remote \
authenticated users to discover a notification service password by reading \
administrative pages, aka Bug ID CSCuz92891.2016-08-224.0CVE-2016-1477CISCOcisco -- \
webex_meetings_serverCisco WebEx Meetings Server 2.6 allows remote attackers to \
bypass intended access restrictions and obtain sensitive application information via \
unspecified vectors, aka Bug ID CSCuy92724.2016-08-225.0CVE-2016-1484CISCOcisco -- \
identity_services_engine_softwareCross-site scripting (XSS) vulnerability in Cisco \
Identity Services Engine 1.3(0.876) allows remote attackers to inject arbitrary web \
script or HTML via crafted parameters, aka Bug ID \
CSCva46497.2016-08-224.3CVE-2016-1485CISCOcisco -- \
transport_gateway_installation_softwareCross-site scripting (XSS) vulnerability in \
Cisco Transport Gateway Installation Software 4.1(4.0) on Smart Call Home Transport \
Gateway devices allows remote attackers to inject arbitrary web script or HTML via a \
crafted value, aka Bug IDs CSCva40650 and \
CSCva40817.2016-08-224.3CVE-2016-6359CISCOcisco -- aironet_access_point_softwareThe \
Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, \
and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows \
remote attackers to cause a denial of service (device reload) via a crafted AMPDU \
header, aka Bug ID CSCuz56288.2016-08-226.1CVE-2016-6361CISCOcisco -- \
aironet_access_point_softwareThe rate-limit feature in the 802.11 protocol \
implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before \
8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of \
service (device reload) via crafted 802.11 frames, aka Bug ID \
CSCva06192.2016-08-226.1CVE-2016-6363CISCOcisco -- unified_communications_managerThe \
User Data Services (UDS) API implementation in Cisco Unified Communications Manager \
11.5 allows remote attackers to bypass intended access restrictions and obtain \
sensitive information via unspecified API calls, aka Bug ID \
CSCux67855.2016-08-225.0CVE-2016-6364CISCOcisco -- \
firepower_management_centerCross-site scripting (XSS) vulnerability in Cisco \
Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows \
remote attackers to inject arbitrary web script or HTML via unspecified parameters, \
aka Bug IDs CSCur25508 and CSCur25518.2016-08-224.3CVE-2016-6365CISCOcollectd -- \
collectdHeap-based buffer overflow in the parse_packet function in network.c in \
collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial \
of service (daemon crash) or possibly execute arbitrary code via a crafted network \
packet.2016-08-196.4CVE-2016-6254CONFIRMDEBIANCONFIRMemc -- \
authentication_manager_prime_self-serviceThe Self-Service Portal in EMC RSA \
Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 \
allows remote authenticated users to cause a denial of service (PIN change for an \
arbitrary user) via a modified token serial number within a PIN change request, \
related to a "direct object reference \
vulnerability."2016-08-225.5CVE-2016-0915BUGTRAQf5 -- big-ip_access_policy_managerThe \
Configuration utility in F5 BIG-IP systems 11.0.x, 11.1.x, 11.2.x before 11.2.1 HF16, \
11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4 HF2, 1.6.x before 11.6.1, and \
12.0.0 before HF1 allows remote administrators to read Access Policy Manager (APM) \
access logs via unspecified vectors.2016-08-264.0CVE-2016-1497SECTRACKCONFIRMf5 -- \
big-ip_access_policy_managerVirtual servers in F5 BIG-IP systems 11.2.1 HF11 through \
HF15, 11.4.1 HF4 through HF10, 11.5.3 through 11.5.4, 11.6.0 HF5 through HF7, and \
12.0.0, when configured with a TCP profile, allow remote attackers to cause a denial \
of service (Traffic Management Microkernel restart) via crafted network \
traffic.2016-08-265.0CVE-2016-5023SECTRACKCONFIRMf5 -- \
big-ip_access_policy_managerThe default configuration of the IPsec IKE peer listener \
in F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.1 before HF16, \
11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; \
BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and \
12.x before 12.0.0 HF2; BIG-IP DNS 12.x before 12.0.0 HF2; BIG-IP Edge Gateway, \
WebAccelerator, and WOM 11.2.1 before HF16; BIG-IP GTM 11.2.1 before HF16, 11.4.x, \
11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1; and BIG-IP PSM 11.4.0 through \
11.4.1 improperly enables the anonymous IPsec IKE peer configuration object, which \
allows remote attackers to establish an IKE Phase 1 negotiation and possibly conduct \
brute-force attacks against Phase 2 negotiations via unspecified \
vectors.2016-08-195.0CVE-2016-5736SECTRACKCONFIRMfortinet -- \
fortianalyzer_firmwareCross-site scripting (XSS) vulnerability in the address added \
page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and \
FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to \
inject arbitrary web script or HTML via unspecified \
vectors.2016-08-194.3CVE-2016-3194CONFIRMfortinet -- fortianalyzer_firmwareCross-site \
scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before \
5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before \
5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified \
vectors.2016-08-194.3CVE-2016-3195CONFIRMkaspersky -- safe_browserKaspersky Safe \
Browser iOS before 1.7.0 does not verify X.509 certificates from SSL servers, which \
allows man-in-the-middle attackers to obtain sensitive information via a crafted \
certificate.2016-08-254.3CVE-2016-6231FULLDISCMISCBUGTRAQCONFIRMredhat -- \
cloudformsThe web UI in Red Hat CloudForms 4.1 allows remote authenticated users to \
execute arbitrary code via vectors involving "Lack of field \
filters."2016-08-266.5CVE-2016-5383REDHATBIDroundcube -- webmailCross-site request \
forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote \
attackers to hijack the authentication of users for requests that download \
attachments and cause a denial of service (disk consumption) via unspecified \
vectors.2016-08-256.8CVE-2016-4069SUSEMLISTCONFIRMCONFIRMCONFIRMCONFIRMCONFIRMtheforeman \
-- foremanThe (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and \
1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to \
bypass organization and location restrictions and read or modify data for an \
arbitrary organization by leveraging knowledge of the id of that \
organization.2016-08-196.0CVE-2016-4451CONFIRMCONFIRMCONFIRMtheforeman -- foremanThe \
(1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x \
before 1.12.0-RC3 allow remote authenticated users to bypass organization and \
location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations \
Best Regards,
Crysta
PhotM
---
PatchManagement.org is hosted by Shavlik
The content on the email list is intended for assisting administrators. If you would \
like to use any of this content in a blog or media publication, please contact the \
owners of the list for approval.
To unsubscribe send a blank email to leave-patchmanagement@patchmanagement.org
If you are unable to unsubscribe via this email address, please email
owner-patchmanagement@patchmanagement.org
[Attachment #3 (text/html)]
<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'><a \
href="https://www.us-cert.gov/ncas/bulletins/SB16-242" \
target="_blank">https://www.us-cert.gov/ncas/bulletins/SB16-242</a><br><br><br><p \
style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.8px; \
-webkit-user-select: auto !important; background-color: rgb(255, 255, 255);"><img \
src="https://ci5.googleusercontent.com/proxy/RhteCuvFn9ZpLI9g3vfeoQ19ucjQ25cmYap6m9T3x \
keiWwuvlMkday_hxOy4YEkW2FOkgNViJdZH1E1YzIpte284gTGfLfcjwiOzIIjSqK6APnLB-XNIhuJYbXaT3Wa \
dhLoq3a01xkmcuiPaMrXPRJJ2I_B0ShMnHrBivlef-KSH8dmf2wYU2ZfDoKq_iw=s0-d-e1-ft#http://cont \
ent.govdelivery.com/attachments/fancy_images/USDHSUSCERT/2015/11/675988/us-cert-banner-700x100-2_original.png" \
alt="U.S. Department of Homeland Security US-CERT" title="US-CERT" width="700" \
height="100" class="CToWUd" style="-webkit-user-select: auto !important;"></p><p \
style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.8px; \
-webkit-user-select: auto !important; background-color: rgb(255, 255, 255);">National \
Cyber Awareness System:</p><p style="color: rgb(34, 34, 34); font-family: arial, \
sans-serif; font-size: 12.8px; -webkit-user-select: auto !important; \
background-color: rgb(255, 255, 255);"> </p><div style="color: rgb(34, 34, 34); \
font-family: arial, sans-serif; font-size: 12.8px; margin-bottom: 2em; \
-webkit-user-select: auto !important; background-color: rgb(255, 255, 255);"><div \
style="-webkit-user-select: auto !important; font-weight: bold; font-size: 15.36px; \
margin: 0px 0px 0.3em; padding: 0px;"><a \
href="https://www.us-cert.gov/ncas/bulletins/SB16-242" target="_blank" \
data-saferedirecturl="https://www.google.com/url?hl=en&q=https://www.us-cert.gov/n \
cas/bulletins/SB16-242&source=gmail&ust=1472571500728000&usg=AFQjCNHwdYjDcwO_JqRZbeGqvDDOBfo2vA" \
style="-webkit-user-select: auto !important; color: rgb(17, 85, 204);">SB16-242: \
Vulnerability Summary for the Week of August 22, 2016</a></div><div \
style="-webkit-user-select: auto !important; font-size: 12px; font-style: italic; \
color: rgb(102, 102, 102); margin: 0px 0px 0.3em; padding: 0px;">08/29/2016 06:25 AM \
EDT</div><br style="-webkit-user-select: auto !important;"><div \
style="-webkit-user-select: auto !important; margin: 0px 0px 0.3em; padding: \
0px;">Original release date: <span class="aBn" data-term="goog_1860230659" \
tabindex="0" style="-webkit-user-select: auto !important; border-bottom: 1px dashed \
rgb(204, 204, 204); position: relative; top: -2px; z-index: 0;"><span class="aQJ" \
style="-webkit-user-select: auto !important; position: relative; top: 2px; z-index: \
-1;">August 29, 2016</span></span> <br style="-webkit-user-select: auto \
!important;"><p style="-webkit-user-select: auto !important;">The US-CERT Cyber \
Security Bulletin provides a summary of new vulnerabilities that have been recorded \
by the <a href="http://www.nist.gov/" target="_blank" \
data-saferedirecturl="https://www.google.com/url?hl=en&q=http://www.nist.gov&source=gmail&ust=1472571500728000&usg=AFQjCNEaQZejlweGoCuyFlgpyzCLPZtfHg" \
style="-webkit-user-select: auto !important; color: rgb(17, 85, 204);">National \
Institute of Standards and Technology</a> (NIST) <a \
href="http://nvd.nist.gov/" target="_blank" \
data-saferedirecturl="https://www.google.com/url?hl=en&q=http://nvd.nist.gov&source=gmail&ust=1472571500728000&usg=AFQjCNG-xUAtO4U0W8InVC82X0F7YKsPGw" \
style="-webkit-user-select: auto !important; color: rgb(17, 85, 204);">National \
Vulnerability Database</a> (NVD) in the past week. The NVD is sponsored by \
the <a href="http://www.dhs.gov/" target="_blank" \
data-saferedirecturl="https://www.google.com/url?hl=en&q=http://www.dhs.gov&source=gmail&ust=1472571500728000&usg=AFQjCNGc3GVfknQJn56nbu_SnscPeGcoQg" \
style="-webkit-user-select: auto !important; color: rgb(17, 85, 204);">Department of \
Homeland Security</a> (DHS) <a href="https://www.us-cert.gov/nccic" \
target="_blank" data-saferedirecturl="https://www.google.com/url?hl=en&q=https://w \
ww.us-cert.gov/nccic&source=gmail&ust=1472571500728000&usg=AFQjCNFNuX7nMJpyX_1bL3eQD3-g289NIg" \
style="-webkit-user-select: auto !important; color: rgb(17, 85, 204);">National \
Cybersecurity and Communications Integration Center</a>(NCCIC) / <a \
href="https://www.us-cert.gov/" target="_blank" \
data-saferedirecturl="https://www.google.com/url?hl=en&q=https://www.us-cert.gov&a \
mp;source=gmail&ust=1472571500728000&usg=AFQjCNEDlDZtEfEjre8_g7n75Bk6iizXgw" \
style="-webkit-user-select: auto !important; color: rgb(17, 85, 204);">United States \
Computer Emergency Readiness Team</a> (US-CERT). For modified or updated \
entries, please visit the <a href="http://nvd.nist.gov/" target="_blank" \
data-saferedirecturl="https://www.google.com/url?hl=en&q=http://nvd.nist.gov&source=gmail&ust=1472571500728000&usg=AFQjCNG-xUAtO4U0W8InVC82X0F7YKsPGw" \
style="-webkit-user-select: auto !important; color: rgb(17, 85, 204);">NVD</a>, which \
contains historical vulnerability information.</p><p style="-webkit-user-select: auto \
!important;">The vulnerabilities are based on the <a \
href="http://cve.mitre.org/" target="_blank" \
data-saferedirecturl="https://www.google.com/url?hl=en&q=http://cve.mitre.org/& \
;source=gmail&ust=1472571500728000&usg=AFQjCNGIhenHF3VmtQvcjg0O8W03-yTfkg" \
style="-webkit-user-select: auto !important; color: rgb(17, 85, \
204);">CVE</a> vulnerability naming standard and are organized according to \
severity, determined by the <a href="http://nvd.nist.gov/cvss.cfm" \
target="_blank" data-saferedirecturl="https://www.google.com/url?hl=en&q=http://nv \
d.nist.gov/cvss.cfm&source=gmail&ust=1472571500728000&usg=AFQjCNFyuVRKKVgGVt-m7fHperqNrE-gQw" \
style="-webkit-user-select: auto !important; color: rgb(17, 85, 204);">Common \
Vulnerability Scoring System</a> (CVSS) standard. The division of high, medium, \
and low severities correspond to the following scores:</p><ul \
style="-webkit-user-select: auto !important;"><li style="-webkit-user-select: auto \
!important; margin-left: 15px;"><p style="-webkit-user-select: auto \
!important;"><strong style="-webkit-user-select: auto !important;"><a \
href="https://mail.google.com/mail/u/0/#m_-5045648929040632183_high" \
style="-webkit-user-select: auto !important; color: rgb(17, 85, \
204);">High</a></strong> - Vulnerabilities will be labeled High severity if they \
have a CVSS base score of 7.0 - 10.0</p></li><li style="-webkit-user-select: auto \
!important; margin-left: 15px;"><p style="-webkit-user-select: auto \
!important;"><strong style="-webkit-user-select: auto !important;"><a \
href="https://mail.google.com/mail/u/0/#m_-5045648929040632183_medium" \
style="-webkit-user-select: auto !important; color: rgb(17, 85, \
204);">Medium</a></strong> - Vulnerabilities will be labeled Medium severity if \
they have a CVSS base score of 4.0 - 6.9</p></li><li style="-webkit-user-select: auto \
!important; margin-left: 15px;"><p style="-webkit-user-select: auto \
!important;"><strong style="-webkit-user-select: auto !important;"><a \
href="https://mail.google.com/mail/u/0/#m_-5045648929040632183_low" \
style="-webkit-user-select: auto !important; color: rgb(17, 85, \
204);">Low</a></strong> - Vulnerabilities will be labeled Low severity if they \
have a CVSS base score of 0.0 - 3.9</p></li></ul><p style="-webkit-user-select: auto \
!important;">Entries may include additional information provided by organizations and \
efforts sponsored by US-CERT. This information may include identifying information, \
values, definitions, and related links. Patch information is provided when available. \
Please note that some of the information in the bulletins is compiled from external, \
open source reports and is not a direct result of US-CERT analysis.</p><p \
style="-webkit-user-select: auto !important;"><a name="m_-5045648929040632183_high" \
style="-webkit-user-select: auto !important;"></a></p><div \
style="-webkit-user-select: auto !important;"><h2 style="-webkit-user-select: auto \
!important;">High Vulnerabilities</h2><table border="1" summary="High \
Vulnerabilities" align="center" style="-webkit-user-select: auto !important;"><thead \
style="-webkit-user-select: auto !important;"><tr style="-webkit-user-select: auto \
!important;"><th scope="col" style="-webkit-user-select: auto !important; width: \
187px; word-break: keep-all;">Primary<br style="-webkit-user-select: auto \
!important;">Vendor -- Product</th><th scope="col" style="-webkit-user-select: auto \
!important; width: 304px;">Description</th><th scope="col" \
style="-webkit-user-select: auto !important; width: 64px;">Published</th><th \
scope="col" style="-webkit-user-select: auto !important; width: 37px;">CVSS \
Score</th><th scope="col" style="-webkit-user-select: auto !important; width: \
74px;">Source & Patch Info</th></tr></thead><tbody style="-webkit-user-select: \
auto !important;"><tr style="-webkit-user-select: auto !important;"><td scope="row" \
align="left" style="margin: 0px; word-break: keep-all; -webkit-user-select: auto \
!important;">apple -- iphone_os</td><td align="left" style="margin: 0px; \
-webkit-user-select: auto !important;">The kernel in Apple iOS before 9.3.5 allows \
attackers to obtain sensitive information from memory via a crafted app.</td><td \
align="center" style="margin: 0px; text-align: center; -webkit-user-select: auto \
!important;">2016-08-25</td><td align="center" style="margin: 0px; text-align: \
center; width: 37px; -webkit-user-select: auto !important;"><a \
href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-4655&vector=(AV:N/AC:M/Au:N/C:C/I:N/A:N)" \
target="_blank" data-saferedirecturl="https://www.google.com/url?hl=en&q=https://n \
vd.nist.gov/cvss.cfm?version%3D2%26name%3DCVE-2016-4655%26vector%3D(AV:N/AC:M/Au:N/C:C \
/I:N/A:N)&source=gmail&ust=1472571500728000&usg=AFQjCNF4TFk4VhiPHVUxt2R2ehPFREkDQw" \
style="-webkit-user-select: auto !important; color: rgb(17, 85, \
204);">7.1</a></td><td style="margin: 0px; -webkit-user-select: auto !important;"><a \
href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4655" target="_blank" \
data-saferedirecturl="https://www.google.com/url?hl=en&q=https://nvd.nist.gov/nvd. \
cfm?cvename%3DCVE-2016-4655&source=gmail&ust=1472571500728000&usg=AFQjCNHJ8mLv4Qq13yfxwRE0mBXmoQEjAQ" \
style="-webkit-user-select: auto !important; color: rgb(17, 85, \
204);">CVE-2016-4655</a><br style="-webkit-user-select: auto !important;"><a \
href="http://lists.apple.com/archives/security-announce/2016/Aug/msg00000.html" \
target="_blank" data-saferedirecturl="https://www.google.com/url?hl=en&q=http://li \
sts.apple.com/archives/security-announce/2016/Aug/msg00000.html&source=gmail&ust=1472571500728000&usg=AFQjCNHC-6ON4akbQwrpP8-oz-DVF2IsHg" \
style="-webkit-user-select: auto !important; color: rgb(17, 85, 204);">APPLE</a><br \
style="-webkit-user-select: auto !important;"><a \
href="https://support.apple.com/HT207107" target="_blank" \
data-saferedirecturl="https://www.google.com/url?hl=en&q=https://support.apple.com \
/HT207107&source=gmail&ust=1472571500728000&usg=AFQjCNG5EWjwI_rFPb70pr94HVgAmhsLqA" \
style="-webkit-user-select: auto !important; color: rgb(17, 85, \
204);">CONFIRM</a></td></tr><tr style="-webkit-user-select: auto !important;"><td \
scope="row" align="left" style="margin: 0px; word-break: keep-all; \
-webkit-user-select: auto !important;">apple -- iphone_os</td><td align="left" \
style="margin: 0px; -webkit-user-select: auto !important;">The kernel in Apple iOS \
before 9.3.5 allows attackers to execute arbitrary code in a privileged context or \
cause a denial of service (memory corruption) via a crafted app.</td><td \
align="center" style="margin: 0px; text-align: center; -webkit-user-select: auto \
!important;">2016-08-25</td><td align="center" style="margin: 0px; text-align: \
center; width: 37px; -webkit-user-select: auto !important;"><a \
href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-4656&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" \
target="_blank" data-saferedirecturl="https://www.google.com/url?hl=en&q=https://n \
vd.nist.gov/cvss.cfm?version%3D2%26name%3DCVE-2016-4656%26vector%3D(AV:N/AC:M/Au:N/C:C \
/I:C/A:C)&source=gmail&ust=1472571500728000&usg=AFQjCNG2FTRfp30NfSl--2tuY1CahDrKMw" \
style="-webkit-user-select: auto !important; color: rgb(17, 85, \
204);">9.3</a></td><td style="margin: 0px; -webkit-user-select: auto !important;"><a \
href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4656" target="_blank" \
data-saferedirecturl="https://www.google.com/url?hl=en&q=https://nvd.nist.gov/nvd. \
cfm?cvename%3DCVE-2016-4656&source=gmail&ust=1472571500729000&usg=AFQjCNESsAe9E25BTuFb51u1gT58g1I2BQ" \
style="-webkit-user-select: auto !important; color: rgb(17, 85, \
204);">CVE-2016-4656</a><br style="-webkit-user-select: auto !important;"><a \
href="http://lists.apple.com/archives/security-announce/2016/Aug/msg00000.html" \
target="_blank" data-saferedirecturl="https://www.google.com/url?hl=en&q=http://li \
sts.apple.com/archives/security-announce/2016/Aug/msg00000.html&source=gmail&ust=1472571500729000&usg=AFQjCNE-BL8ViP4zm4LTi5VqQ1zp21751g" \
style="-webkit-user-select: auto !important; color: rgb(17, 85, 204);">APPLE</a><br \
style="-webkit-user-select: auto !important;"><a \
href="https://support.apple.com/HT207107" target="_blank" \
data-saferedirecturl="https://www.google.com/url?hl=en&q=https://support.apple.com \
/HT207107&source=gmail&ust=1472571500729000&usg=AFQjCNHDl20aBBWrfxcq1reQlpiUe86JLA" \
style="-webkit-user-select: auto !important; color: rgb(17, 85, \
204);">CONFIRM</a></td></tr><tr style="-webkit-user-select: auto !important;"><td \
scope="row" align="left" style="margin: 0px; word-break: keep-all; \
-webkit-user-select: auto !important;">brocade -- fabric_os</td><td align="left" \
style="margin: 0px; -webkit-user-select: auto !important;">HPE FOS before 7.4.1d and \
8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain \
sensitive information via unspecified vectors.</td><td align="center" style="margin: \
0px; text-align: center; -webkit-user-select: auto !important;">2016-08-22</td><td \
align="center" style="margin: 0px; text-align: center; width: 37px; \
-webkit-user-select: auto !important;"><a \
href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-4376&vector=(AV:N/AC:L/Au:N/C:C/I:N/A:N)" \
target="_blank" data-saferedirecturl="https://www.google.com/url?hl=en&q=https://n \
vd.nist.gov/cvss.cfm?version%3D2%26name%3DCVE-2016-4376%26vector%3D(AV:N/AC:L/Au:N/C:C \
/I:N/A:N)&source=gmail&ust=1472571500729000&usg=AFQjCNEgeDle1y6FHeh5Xex5XS3KZeul4w" \
style="-webkit-user-select: auto !important; color: rgb(17, 85, \
204);">7.8</a></td><td style="margin: 0px; -webkit-user-select: auto !important;"><a \
href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4376" target="_blank" \
data-saferedirecturl="https://www.google.com/url?hl=en&q=https://nvd.nist.gov/nvd. \
cfm?cvename%3DCVE-2016-4376&source=gmail&ust=1472571500729000&usg=AFQjCNEcvaEG2Rbf_f4svkm0xM0VPs7n7w" \
style="-webkit-user-select: auto !important; color: rgb(17, 85, \
204);">CVE-2016-4376</a><br style="-webkit-user-select: auto !important;"><a \
href="https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05236212" \
target="_blank" data-saferedirecturl="https://www.google.com/url?hl=en&q=https://h \
20566.www2.hpe.com/hpsc/doc/public/display?docId%3Demr_na-c05236212&source=gmail&ust=1472571500729000&usg=AFQjCNEnlzYCIv83DS0g7Hsj0TqPtJRCtQ" \
style="-webkit-user-select: auto !important; color: rgb(17, 85, \
204);">CONFIRM</a></td></tr><tr style="-webkit-user-select: auto !important;"><td \
scope="row" align="left" style="margin: 0px; word-break: keep-all; \
-webkit-user-select: auto !important;">cisco -- ip_phone_8800_series_firmware</td><td \
align="left" style="margin: 0px; -webkit-user-select: auto !important;">Cisco IP \
Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of \
service (memory corruption) via a crafted HTTP request, aka Bug ID \
CSCuz03038.</td><td align="center" style="margin: 0px; text-align: center; \
-webkit-user-select: auto !important;">2016-08-22</td><td align="center" \
style="margin: 0px; text-align: center; width: 37px; -webkit-user-select: auto \
!important;"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-1479&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C)" \
</html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic