Vulnerability Summary for the Week of October 31, 2016

Please Note:

• The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low.

• The CVE indentity number is the publicly known ID given to that particular vulnerability. Therefore you can search the status of that particular vulnerability using that ID.

• The CVSS (Common Vulnerability Scoring System) score is a standard scoring system used to determine the severity of the vulnerability.

High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity adobe -- flash_player Use-after-free vulnerability in Adobe Flash Player 2016-11-01 10.0 CVE-2016-7855 MS (link is before 23.0.0.205 on Windows and OS X and external) before 11.2.202.643 on allows remote CONFIRM (link attackers to execute arbitrary code via is external) MISC (link is unspecified vectors, as exploited in the wild in external) October 2016. alienvault -- PHP object injection vulnerabilities exist in 2016-10-28 7.5 CVE-2016-8580 CONFIRM (link open_source_security_inf multiple widget files in AlienVault OSSIM and is external) ormation USM before 5.3.2. These vulnerabilities allow _and_event_managemen arbitrary PHP code execution via magic methods t in included classes. alienvault -- A vulnerability exists in gauge. of AlienVault 2016-10-28 7.5 CVE-2016-8582 CONFIRM (link open_source_security_inf OSSIM and USM before 5.3.2 that allows an is external) ormation attacker to execute an arbitrary SQL query and _and_event_managemen retrieve information or read local t system files via MySQL's LOAD_FILE. artifex -- mujs A use-after-free vulnerability was observed in 2016-10-28 7.5 CVE-2016-7504 CONFIRM (link Rp_toString function of Artifex Software, Inc. is external) MuJS before 5c337af4b3df80cf967e4f9f6a21522de84b392a. A successful exploitation of this issue can lead to code execution or denial of service condition. artifex -- mujs A buffer overflow vulnerability was observed in 2016-10-28 7.5 CVE-2016-7505 CONFIRM (link divby function of Artifex Software, Inc. MuJS is external) before 8c805b4eb19cf2af689c860b77e6111d2ee439d5. A successful exploitation of this issue can lead to code execution or denial of service condition. brocade -- netiron_os A memory corruption in the IPsec code path of 2016-10-31 7.8 CVE-2016-8203 CONFIRM (link Brocade NetIron OS on Brocade MLXs 5.8.00 is external) through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a images could allow attackers to cause a denial of service (line card reset) via certain constructed IPsec control packets. cisco -- ios_xe A vulnerability in the Transaction Language 1 2016-11-03 10.0 CVE-2016-6441 CONFIRM (link (TL1) code of Cisco ASR 900 Series routers could is external) allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the affected system. This vulnerability affects Cisco ASR 900 Series Aggregation Services Routers (ASR902, ASR903, and ASR907) that are running the following releases of Cisco IOS XE Software: 3.17.0S 3.17.1S 3.17.2S 3.18.0S 3.18.1S. More Information: CSCuy15175. Known Affected Releases: 15.6(1)S 15.6(2)S. Known Fixed Releases: 15.6(1)S2.12 15.6(1.17)S0.41 15.6(1.17)SP 15.6(2)SP 16.4(0.183) 16.5(0.10). cisco -- meeting_app A vulnerability in Cisco Meeting Server and 2016-11-03 7.5 CVE-2016-6447 CONFIRM (link Meeting App could allow an unauthenticated, is external) remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to 2.0.1, Acano Server releases prior to 1.8.16 and prior to 1.9.3, Cisco Meeting App releases prior to 1.9.8, Acano Meeting Apps releases prior to 1.8.35. More Information: CSCva75942 CSCvb67878. Known Affected Releases: 1.81.92.0. cisco -- meeting_server A vulnerability in the Session Description 2016-11-03 7.5 CVE-2016-6448 CONFIRM (link Protocol (SDP) parser of Cisco Meeting Server is external) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to Release 2.0.3, Acano Server releases 1.9.x prior to Release 1.9.5, Acano Server releases 1.8.x prior to Release 1.8.17. More Information: CSCva76004. Known Affected Releases: 1.8.x 1.92.0. cisco -- prime_home A vulnerability in the web-based graphical user 2016-11-03 10.0 CVE-2016-6452 CONFIRM (link interface (GUI) of Cisco Prime Home could allow is external) an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. Cisco Prime Home versions 5.1.1.6 and earlier and 5.2.2.2 and earlier have been confirmed to be vulnerable. Cisco Prime Home versions 6.0 and later are not vulnerable. More Information: CSCvb71732. Known Affected Releases: 5.0 5.0(1) 5.0(1.1) 5.0(1.2) 5.0(2) 5.15.1(0) 5.1(1) 5.1(1.3) 5.1(1.4) 5.1(1.5) 5.1(1.6) 5.1(2) 5.1(2.1) 5.1(2.3) 5.25.2(0.1) 5.2(1.0) 5.2(1.2) 5.2(2.0) 5.2(2.1) 5.2(2.2). exponentcms -- Exponent CMS before 2.3.9 is vulnerable to an 2016-11-03 7.5 CVE-2016-7095 CONFIRM exponent_cms attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution. exponentcms -- The Pixidou Image Editor in Exponent CMS prior 2016-11-03 7.5 CVE-2016-7453 CONFIRM (link exponent_cms to v2.3.9 patch 2 could be used to perform an fid is external) SQL Injection. google -- android On Samsung Galaxy S4 through S7 devices, 2016-10-31 7.8 CVE-2016-7988 CONFIRM (link absence of permissions on the is external) BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configuration messages being handled by wifi-service.jar within the Android Framework, a subset of SVE- 2016-6542. google -- android On Samsung Galaxy S4 through S7 devices, a 2016-10-31 7.8 CVE-2016-7989 CONFIRM (link malformed OTA WAP PUSH SMS containing an is external) OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the WifiServiceImpl class within wifi-service.jar. This causes the Android runtime to continually crash, rendering the device unusable until a factory reset is performed, a subset of SVE-2016-6542. google -- android On Samsung Galaxy S4 through S7 devices, an 2016-10-31 10.0 CVE-2016-7990 CONFIRM (link integer overflow condition exists within is external) libomacp.so when parsing OMACP messages (within WAP Push SMS messages) leading to a heap corruption that can result in Denial of Service and potentially remote code execution, a subset of SVE-2016-6542. google -- android On Samsung Galaxy S4 through S7 devices, the 2016-10-31 7.8 CVE-2016-7991 CONFIRM (link "omacp" app ignores security information is external) embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542. hp -- HPE System Management Homepage before 2016-10-28 7.8 CVE-2016-4395 miscellaneous system_management_ho v7.6 allows remote attackers to have an (link is external) mepage unspecified impact via unknown vectors, related CONFIRM (link to a "Buffer Overflow" issue. is external) miscellaneous (link is external) hp -- HPE System Management Homepage before 2016-10-28 7.8 CVE-2016-4396 miscellaneous system_management_ho v7.6 allows remote attackers to have an (link is external) mepage unspecified impact via unknown vectors, related CONFIRM (link to a "Buffer Overflow" issue. is external) miscellaneous (link is external) libcsp_project -- libcsp Buffer overflow in the csp_can_process_frame in 2016-10-28 7.5 CVE-2016-8596 MISC (link is csp_if_can.c in the libcsp library v1.4 and earlier external) allows hostile components connected to the canbus to execute arbitrary code via a long csp packet. libcsp_project -- libcsp Buffer overflow in the csp_sfp_recv_fp in 2016-10-28 7.5 CVE-2016-8597 MISC (link is csp_sfp.c in the libcsp library v1.4 and earlier external) allows hostile components with network access to the SFP underlying network layers to execute arbitrary code via specially crafted SFP packets. libcsp_project -- libcsp Buffer overflow in the zmq interface in 2016-10-28 7.5 CVE-2016-8598 MISC (link is csp_if_zmqhub.c in the libcsp library v1.4 and external) earlier allows hostile computers connected via a zmq interface to execute arbitrary code via a long packet. microfocus -- rumba Stack buffer overflow in the send.exe and 2016-11-03 7.5 CVE-2016-9176 MISC (link is receive.exe components of Micro Focus Rumba external) 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execute code. pivotal_software -- redis A buffer overflow in Redis 3.2.x prior to 3.2.4 2016-10-28 7.5 CVE-2016-8339 MISC (link is causes arbitrary code execution when a crafted external) command is sent. An out of bounds write MISC (link is vulnerability exists in the handling of the client- external) output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution. samsung -- A vulnerability on Samsung Mobile L(5.0/5.1) 2016-11-03 7.8 CVE-2016-7160 CONFIRM (link samsung_mobile and M(6.0) devices with the Exynos7420 chipset is external) exists because of a NULL pointer dereference in the fimg2d driver. The patch (aka "SVE-2016- 6248: SystemUI Security issue") verifies if the object is null before dereferencing it. square -- git-fastclone git-fastclone before 1.0.1 permits arbitrary shell 2016-11-03 9.3 CVE-2015-8968 MISC (link is command execution from .gitmodules. If an external) attacker can instruct a user to run a recursive MISC (link is clone from a repository they control, they can external) get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone, they could exploit this. The ext command will be run if the repository is recursively cloned or if submodules are updated. This attack works when cloning both local and remote repositories. square -- git-fastclone git-fastclone before 1.0.5 passes user modifiable 2016-11-03 10.0 CVE-2015-8969 MISC (link is strings directly to a shell command. An attacker external) can execute malicious commands by modifying MISC (link is the strings that are passed as arguments to "cd " external) and "git clone " commands in the library. sybase -- SAP ASE 16.0 SP02 PL03 and prior versions allow 2016-11-03 7.5 CVE-2016-7402 MISC (link is adaptive_server_enterpris attackers who own SourceDB and TargetDB external) e to elevate privileges to sa (system administrator) via dbcc import_sproc SQL injection.

Medium Severity Vulnerabilities The Primary Description Date Published CVSS The CVE Vendor --- Product Score Identity alienvault -- A persistent XSS vulnerability exists in the User- 2016-10-28 4.3 CVE-2016-8581 CONFIRM (link open_source_securi Agent header of the login process of AlienVault is external) ty_information OSSIM and USM before 5.3.2 that allows an attacker _and_event_manag to steal session IDs of logged in users when the ement current sessions are viewed by an administrator. alienvault -- Multiple GET parameters in the vulnerability scan 2016-10-28 4.3 CVE-2016-8583 CONFIRM (link open_source_securi scheduler of AlienVault OSSIM and USM before is external) ty_information 5.3.2 are vulnerable to reflected XSS. _and_event_manag ement artifex -- mujs An out-of-bounds read vulnerability was observed 2016-10-28 5.0 CVE-2016-7506 CONFIRM (link in Sp_replace_regexp function of Artifex Software, is external) Inc. MuJS before 5000749f5afe3b956fc916e407309de840997f4a. A successful exploitation of this issue can lead to code execution or denial of service condition. artifex -- mujs Artifex Software, Inc. MuJS before 2016-10-28 5.0 CVE-2016-9017 CONFIRM (link a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 is external) allows context-dependent attackers to obtain sensitive information by using the "opname in crafted JavaScript file" approach, related to an "Out- of-Bounds read" issue affecting the jsC_dumpfunction function in the jsdump.c component. artifex -- mujs Artifex Software, Inc. MuJS before 2016-11-03 5.0 CVE-2016-9136 CONFIRM (link a0ceaf5050faf419401fe1b83acfa950ec8a8a89 is external) allows context-dependent attackers to obtain sensitive information by using the "crafted JavaScript" approach, related to a "Buffer Over- read" issue. cisco -- A vulnerability in the web framework code of the 2016-11-03 4.3 CVE-2016-6429 CONFIRM (link ip_interoperability_ Cisco IP Interoperability and Collaboration System is external) and (IPICS) could allow an unauthenticated, remote _collaboration_syst attacker to conduct a cross-site scripting (XSS) em attack. More Information: CSCva47092. Known Affected Releases: 4.10(1). cisco -- A vulnerability in the command-line interface of the 2016-11-03 6.6 CVE-2016-6430 CONFIRM (link ip_interoperability_ Cisco IP Interoperability and Collaboration System is external) and (IPICS) could allow an authenticated, local attacker _collaboration_syst to elevate the privilege level associated with their em session. More Information: CSCva38636. Known Affected Releases: 4.10(1). Known Fixed Releases: 5.0(1). cisco -- Multiple vulnerabilities in the web framework code 2016-11-03 4.3 CVE-2016-6451 CONFIRM (link prime_collaboratio of the Cisco Prime Collaboration Provisioning could is external) n_provisioning allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCut43061 CSCut43066 CSCut43736 CSCut43738 CSCut43741 CSCut43745 CSCut43748 CSCut43751 CSCut43756 CSCut43759 CSCut43764 CSCut43766. Known Affected Releases: 10.6. cisco -- A vulnerability in the web framework code of Cisco 2016-11-03 4.9 CVE-2016-6453 CONFIRM (link identity_services_e Identity Services Engine (ISE) could allow an is external) ngine authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CSCva46542. Known Affected Releases: 1.3(0.876). cisco -- A cross-site request forgery (CSRF) vulnerability in 2016-11-03 4.3 CVE-2016-6454 CONFIRM (link hosted_collaboratio the web interface of the Cisco Hosted Collaboration is external) n Mediation Fulfillment application could allow an _mediation_fulfillm unauthenticated, remote attacker to execute ent unwanted actions. More Information: CSCva54241. Known Affected Releases: 11.5(1). Known Fixed Releases: 11.5(0.98000.216). cisco -- A vulnerability in the Slowpath of StarOS for Cisco 2016-11-03 5.0 CVE-2016-6455 CONFIRM (link asr_5000_software ASR 5500 Series routers with Data Processing Card 2 is external) (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber sessions to be disconnected, resulting in a partial denial of service (DoS) condition. This vulnerability affects Cisco ASR 5500 devices with Data Processing Card 2 (DPC2) running StarOS 18.0 or later. More Information: CSCvb12081. Known Affected Releases: 18.7.4 19.5.0 20.0.2.64048 20.2.3 21.0.0. Known Fixed Releases: 18.7.4 18.7.4.65030 18.8.M0.65044 19.5.0 19.5.0.65092 19.5.M0.65023 19.5.M0.65050 20.2.3 20.2.3.64982 20.2.3.65017 20.2.a4.65307 20.3.M0.64984 20.3.M0.65029 20.3.M0.65037 20.3.M0.65071 20.3.T0.64985 20.3.T0.65031 20.3.T0.65043 20.3.T0.65067 21.0.0 21.0.0.65256 21.0.M0.64922 21.0.M0.64983 21.0.M0.65140 21.0.V0.65150 21.1.A0.64932 21.1.A0.64987 21.1.A0.65145 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.R0.65154 21.1.VC0.65203 21.2.A0.65147. citrix -- Unauthorized redirect vulnerability in Citrix 2016-10-28 5.8 CVE-2016-9028 CONFIRM (link netscaler_applicatio NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 is external) n_delivery 65.31/65.35F and 11.1 47.14 allows a remote _controller_firmwar attacker to steal session cookies of a legitimate AAA e user via manipulation of Host header. docker -- docker Docker Engine 1.12.2 enabled ambient capabilities 2016-10-28 5.0 CVE-2016-8867 CONFIRM (link with misconfigured capability policies. This allowed is external) malicious images to bypass user permissions to access files within the container filesystem or mounted volumes. dokuwiki -- The sendRequest method in HTTPClient Class in 2016-10-31 4.3 CVE-2016-7964 CONFIRM (link dokuwiki file /inc/HTTPClient.php in DokuWiki 2016-06-26a is external) and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16. dokuwiki -- DokuWiki 2016-06-26a and older uses 2016-10-31 4.3 CVE-2016-7965 CONFIRM (link dokuwiki $_SERVER[HTTP_HOST] instead of the baseurl is external) setting as part of the password-reset URL. This can lead to phishing attacks. (A remote unauthenticated attacker can change the URL's hostname via the HTTP Host header.) The vulnerability can be triggered only if the Host header is not part of the web server routing process (e.g., if several domains are served by the same web server). dotcms -- dotcms In dotCMS 3.2.1, attacker can load captcha once, fill 2016-10-28 5.0 CVE-2016-8600 MISC it with correct value and then this correct value is ok CONFIRM (link for forms with captcha check later. is external) MISC (link is external) exponentcms -- The Pixidou Image Editor in Exponent CMS prior to 2016-11-03 5.0 CVE-2016-7452 CONFIRM (link exponent_cms v2.3.9 patch 2 could be used to upload a malicious is external) file to any folder on the site via a cpi directory traversal. exponentcms -- Exponent CMS 2.3.9 suffers from a SQL injection 2016-11-03 5.0 CVE-2016-9134 CONFIRM (link exponent_cms vulnerability in "/expPaginator.php" affecting the is external) order parameter. Impact is Information Disclosure. CONFIRM (link is external) exponentcms -- Exponent CMS 2.3.9 suffers from a SQL injection 2016-11-03 5.0 CVE-2016-9135 CONFIRM (link exponent_cms vulnerability in is external) "/framework/modules/help/controllers/helpControl ler.php" affecting the version parameter. Impact is Information Disclosure. exponentcms -- Exponent CMS 2.4 uses PHP reflection to call a 2016-11-04 5.0 CVE-2016-9182 CONFIRM (link exponent_cms method of a controller class, and then uses the is external) method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can use a capitalized method name to bypass the permission check, e.g., controller=expHTMLEditor&action=preview&editor =ckeditor and controller=expHTMLEditor&action=Preview&editor =ckeditor. An anonymous user will be rejected for the former but can access the latter. exponentcms -- In 2016-11-04 5.0 CVE-2016-9183 CONFIRM (link exponent_cms /framework/modules/ecommerce/controllers/order is external) Controller.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. The method selectObjectsBySql of class mysqli_database uses the injectProof method to prevent SQL injection, but this filter can be bypassed easily: it only sanitizes user input if there are odd numbers of ' or " characters. Impact is Information Disclosure. exponentcms -- In 2016-11-04 5.0 CVE-2016-9184 CONFIRM (link exponent_cms /framework/modules/core/controllers/expHTMLEdi is external) torController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection. Impact is Information Disclosure. foxitsoftware -- Foxit Reader for Mac 2.1.0.0804 and earlier and 2016-10-31 4.6 CVE-2016-8856 CONFIRM (link reader Foxit Reader for Linux 2.1.0.0805 and earlier is external) suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. After the installation, Foxit Reader's core files were world-writable by default, allowing an attacker to overwrite them with backdoor code, which when executed by privileged user would result in Privilege Escalation, Code Execution, or both. foxitsoftware -- The ConvertToPDF plugin in Foxit Reader and 2016-10-31 4.3 CVE-2016-8875 CONFIRM (link phantompdf PhantomPDF before 8.1 on Windows, when the is external) gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image, aka "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ConvertToPDF_x86!CreateFXPDFConvertor." foxitsoftware -- Out-of-Bounds read vulnerability in Foxit Reader 2016-10-31 6.8 CVE-2016-8876 CONFIRM (link phantompdf and PhantomPDF before 8.1 on Windows, when the is external) gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF image embedded in the XFA stream in a PDF document, aka "Read Access Violation starting at FoxitReader." foxitsoftware -- Heap buffer overflow (Out-of-Bounds write) 2016-10-31 6.8 CVE-2016-8877 CONFIRM (link phantompdf vulnerability in Foxit Reader and PhantomPDF is external) before 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted JPEG2000 image embedded in a PDF document, aka a "corrupted suffix pattern" issue. foxitsoftware -- Out-of-Bounds read vulnerability in Foxit Reader 2016-10-31 6.8 CVE-2016-8878 CONFIRM (link phantompdf and PhantomPDF before 8.1 on Windows, when the is external) gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedded in the XFA stream in a PDF document, aka "Data from Faulting Address may be used as a return value starting at FOXITREADER." foxitsoftware -- The thumbnail shell extension plugin 2016-10-31 4.3 CVE-2016-8879 CONFIRM (link phantompdf (FoxitThumbnailHndlr_x86.dll) in Foxit Reader and is external) PhantomPDF before 8.1 on Windows allows remote attackers to cause a denial of service (out-of- bounds write and application crash) via a crafted JPEG2000 image embedded in a PDF document, aka an "Exploitable - Heap Corruption" issue. gitlab -- gitlab GitLab versions 8.9.x and above contain a critical 2016-11-03 4.0 CVE-2016-9086 security flaw in the "import/export project" feature CONFIRM (link is external) of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their projects as tape archive files (tar). All GitLab versions prior to 8.13.0 restricted this feature to administrators only. Starting with version 8.13.0 this feature was made available to all users. This feature did not properly check for symbolic links in user-provided archives and therefore it was possible for an authenticated user to retrieve the contents of any file accessible to the GitLab service account. This included sensitive files such as those that contain secret tokens used by the GitLab service to authenticate users. GitLab CE and EE versions 8.13.0 through 8.13.2, 8.12.0 through 8.12.7, 8.11.0 through 8.11.10, 8.10.0 through 8.10.12, and 8.9.0 through 8.9.11 are affected. hp -- HPE System Management Homepage before v7.6 2016-10-28 5.8 CVE-2016-4394 Miscellaneous system_manageme allows remote attackers to obtain sensitive (link is external) nt_homepage information via unspecified vectors, related to an CONFIRM (link "HSTS" issue. is external) Miscellaneous (link is external) iceni -- argus An exploitable stack-based buffer overflow 2016-10-28 6.8 CVE-2016-8333 MISC (link is vulnerability exists in the ipfSetColourStroke external) functionality of Iceni Argus version 6.6.04 A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code execution. An attacker can provide a malicious pdf file to trigger this vulnerability. iceni -- argus An exploitable stack based buffer overflow 2016-10-28 6.8 CVE-2016-8335 MISC (link is vulnerability exists in the ipNameAdd functionality external) of Iceni Argus Version 6.6.04 (Sep 7 2012) NK - Linux x64 and Version 6.6.04 (Nov 14 2014) NK - Windows x64. A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code execution. An attacker can send/provide malicious pdf file to trigger this vulnerability. isc -- bind named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 2016-11-02 5.0 CVE-2016-8864 CONFIRM 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. libtiff -- libtiff An exploitable remote code execution vulnerability 2016-10-28 6.8 CVE-2016-8331 MISC (link is exists in the handling of TIFF images in LibTIFF external) version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality. moodle -- moodle Unrestricted file upload vulnerability in the "legacy 2016-11-04 6.5 CVE-2016-9186 MISC (link is course files" and "file manager" modules in Moodle external) 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. moodle -- moodle Unrestricted file upload vulnerability in the double 2016-11-04 6.5 CVE-2016-9187 MISC (link is extension support in the "image" module in Moodle external) 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. moodle -- moodle Cross-site scripting (XSS) vulnerabilities in Moodle 2016-11-04 4.3 CVE-2016-9188 MISC (link is CMS on or before 3.1.2 allow remote attackers to external) inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and s_additionalhtmlfooter parameters. openjpeg -- A buffer overflow in OpenJPEG 2.1.1 causes 2016-10-28 6.8 CVE-2016-8332 MISC (link is openjpeg arbitrary code execution when parsing a crafted external) image. An exploitable code execution vulnerability MISC (link is exists in the jpeg2000 image file format parser as external) implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector. openjpeg -- Floating Point Exception (aka FPE or divide by zero) 2016-10-29 5.0 CVE-2016-9112 MISC (link is openjpeg in opj_pi_next_cprl function in openjp2/pi.c:523 in external) OpenJPEG 2.1.2. openjpeg -- There is a NULL pointer dereference in function 2016-10-30 5.0 CVE-2016-9113 MISC (link is openjpeg imagetobmp of convertbmp.c:980 of OpenJPEG external) 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service. openjpeg -- There is a NULL Pointer Access in function 2016-10-30 5.0 CVE-2016-9114 MISC (link is openjpeg imagetopnm of convert.c:1943(jp2) of OpenJPEG external) 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service. openjpeg -- Heap Buffer Over-read in function imagetotga of 2016-10-30 4.3 CVE-2016-9115 MISC (link is openjpeg convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is external) Denial of Service. Someone must open a crafted j2k file. openjpeg -- NULL Pointer Access in function imagetopnm of 2016-10-30 4.3 CVE-2016-9116 MISC (link is openjpeg convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is external) Denial of Service. Someone must open a crafted j2k file. openjpeg -- NULL Pointer Access in function imagetopnm of 2016-10-30 4.3 CVE-2016-9117 MISC (link is openjpeg convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is external) Denial of Service. Someone must open a crafted j2k file. openjpeg -- Heap Buffer Overflow (WRITE of size 4) in function 2016-10-30 5.0 CVE-2016-9118 MISC (link is openjpeg pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2. external) openstack -- heat In OpenStack Heat, by launching a new Heat stack 2016-11-04 4.0 CVE-2016-9185 CONFIRM (link with a local URL an authenticated user may conduct is external) network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0. python -- pillow Pillow before 3.3.2 allows context-dependent 2016-11-04 4.3 CVE-2016-9189 CONFIRM (link attackers to obtain sensitive information by using is external) the "crafted image file" approach, related to an CONFIRM (link "Integer Overflow" issue affecting the is external) CONFIRM (link Image.core.map_buffer in map.c component. is external) python -- pillow Pillow before 3.3.2 allows context-dependent 2016-11-04 6.8 CVE-2016-9190 CONFIRM (link attackers to execute arbitrary code by using the is external) "crafted image file" approach, related to an CONFIRM (link "Insecure Sign Extension" issue affecting the is external) CONFIRM (link ImagingNew in Storage.c component. is external) realnetworks -- Improper handling of a repeating VRAT chunk in 2016-10-28 4.3 CVE-2016-9018 MISC (link is realplayer qcpfformat.dll allows attackers to cause a Null external) pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file. sparkjava -- spark Directory traversal vulnerability in Spark 2.5 allows 2016-11-04 5.0 CVE-2016-9177 MISC remote attackers to read arbitrary files via a .. (dot dot) in the URI. Low Severity Vulnerabilities The Primary Description Date Published CVSS The CVE Vendor --- Product Score Identity avast -- Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, 2016-11-03 2.1 CVE-2016-4025 business_security Premier v11.x.x, Free Antivirus v11.x.x, Business MISC (link is Security v11.x.x, Endpoint Protection v8.x.x, Endpoint external) Protection Plus v8.x.x, Endpoint Protection Suite v8.x.x, Endpoint Protection Suite Plus v8.x.x, File Server Security v8.x.x, and Email Server Security v8.x.x allow attackers to bypass the DeepScreen feature via a DeviceIoControl call. bitcoin_knots_proje In Bitcoin Knots v0.11.0.ljr20150711 through 2016-10-28 2.1 CVE-2016-8889 ct -- bitcoin_knots v0.13.0.knots20160814 (fixed in CONFIRM v0.13.1.knots20161027), the debug console stores CONFIRM (link sensitive information including private keys and the is external) wallet passphrase in its persistent command history. botan_project -- In Botan 1.11.29 through 1.11.32, RSA decryption 2016-10-28 2.1 CVE-2016-8871 botan with certain padding options had a detectable timing CONFIRM (link channel which could given sufficient queries be used is external) to recover plaintext, aka an "OAEP side channel" attack. docker2aci_project docker2aci <= 0.12.3 has an infinite loop when 2016-10-28 2.1 CVE-2016-8579 -- docker2aci handling local images with cyclic dependency chain. CONFIRM (link is external) hp -- HPE System Management Homepage before v7.6 2016-10-28 3.5 CVE-2016-4393 system_managemen allows "remote authenticated" attackers to obtain Miscellaneous t_homepage sensitive information via unspecified vectors, related (link is external) to an "XSS" issue. CONFIRM (link is external) Miscellaneous (link is external) ibm -- Payments Director in IBM Financial Transaction 2016-10-28 3.5 CVE-2016-3060 financial_transactio Manager (FTM) for ACH Services, Check Services, AIXAPAR (link n_manager and Corporate Payment Services (CPS) 3.0.0.x before is external) fp0015 and 3.0.1.0 before iFix0002 allows remote AIXAPAR (link authenticated users to conduct clickjacking attacks via is external) a crafted web site. AIXAPAR (link is external) CONFIRM (link is external) ibm -- Cross-site scripting (XSS) vulnerability in the Web UI 2016-10-28 3.5 CVE-2016-5920 financial_transactio in IBM Financial Transaction Manager (FTM) for AIXAPAR (link n_manager ACH Services 3.0.0.x before fp0015 and 3.0.1.0 is external) before iFix0002 allows remote authenticated users to CONFIRM (link inject arbitrary web script or HTML via unspecified is external) vectors.

• Sources: http://nvd.nist.gov (For more information visit the National Vulnerabilities Database (NVD) which contains a database of every vulnerability that has ever been published).

Uganda Communications Commission – UGCERT Email: [email protected] Tel + 256 414 302 100/150 Toll Free: 0800 133 911 www.ug-cert.ug Face book / Twitter: UGCERT