Vulnerability Summary for the Week of November 14, 2016 Please Note: • The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low. • The !" indentity number is the #ublicly $nown %& given to that #articular vulnerability. Therefore you can search the status of that #articular vulnerability using that %&. • The !'S (Common !ulnerability 'coring System) score is a standard scoring system used to determine the severity of the vulnerability. High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity dotcms ** dotcms 'QL in,ection vulnerability in the 2016-11-14 7.5 CVE-2016-8902 MISC categories'ervlet servlet in dot M' before -.3.. MISC (link is allows remote not authenticated attac$ers to external) e/ecute arbitrary '+L commands via the sort MISC (link is external) #arameter. MISC (link is external) emc ** avamar0data0store EM 1vamar &ata 'tore (1&') and 1vamar 2016-11-15 7.2 CVE-2016-0909 miscellaneous !irtual Edition (1!") versions 2.3 and older CONFIRM (link contain a vulnerability that may e/#ose the is external) 1vamar servers to #otentially be com#romised by malicious users. e/#onentcms ** %n 2016-11-15 7.5 CVE-2016-9287 CONFIRM (link e/#onent0cms 3framewor$3modules3notfound/controllers3notf is external) oundController.ph# of "/#onent M' 4.4.0 #atch., untrusted in#ut is #assed into get'earch7esults. The method get'earch7esults is defined in the search model with the #arameter 89term8 used directly in 'QL. %m#act is a 'QL in,ection. e/#onentcms ** %n 2016-11-11 7.5 CVE-2016-9288 CONFIRM (link e/#onent0cms framewor$3modules3navigation3controllers3navi is external) gation ontroller.ph# in "/#onent M' v2.4.0 or older, the #arameter :target: of function :DragnDro#7e7an$: is directly used without any filtration which caused 'QL in,ection. The #ayload can be used li$e this: 3navigation3DragnDrop7e7an$3target3.. linu/ ** linu/0$ernel The 00e/t50,ournal_stop function in 2016-11-16 9.3 CVE-2015-8961 CONFIRM fs3e/t53e/t50,bd2.c in the Linu/ $ernel before CONFIRM (link 5.3.3 allows local users to gain #rivileges or is external) cause a denial of service (use*after*free) by CONFIRM CONFIRM (link leveraging im#roper access to a certain error is external) field. linu/ ** linu/0$ernel Double free vulnerability in the 2016-11-16 9.3 CVE-2015-8962 CONFIRM sg0common0write function in drivers3scsi3sg.c CONFIRM (link in the Linu/ $ernel before 5.4 allows local users is external) to gain #rivileges or cause a denial of service CONFIRM (link is external) (memory corru#tion and system crash) by detaching a device during an ';0%O ioctl call. linu/ ** linu/0$ernel 7ace condition in $ernel/events3core.c in the 2016-11-16 7.6 CVE-2015-8963 CONFIRM Linu/ $ernel before 5.4 allows local users to gain CONFIRM (link #rivileges or cause a denial of service (use*after* is external) free) by leveraging incorrect handling of an CONFIRM (link is external) swevent data structure during a P= un#lug operation. linu/ ** linu/0$ernel The tty_set0termios0ldisc function in 2016-11-16 7.1 CVE-2015-8964 CONFIRM drivers3tty/tty_ldisc.c in the Linu/ $ernel before CONFIRM (link 5.5 allows local users to obtain sensitive is external) information from $ernel memory by reading a CONFIRM (link is external) tty data structure. linu/ ** linu/0$ernel =se*after*free vulnerability in the dis$0se?f0stop 2016-11-16 9.3 CVE-2016-7910 CONFIRM function in bloc$3genhd.c in the Linu/ $ernel CONFIRM (link before 5.7.1 allows local users to gain #rivileges is external) by leveraging the e/ecution of a certain stop CONFIRM CONFIRM (link operation even if the corres#onding start is external) operation had failed. linu/ ** linu/0$ernel 7ace condition in the get0tas$0io#rio function in 2016-11-16 9.3 CVE-2016-7911 bloc$3ioprio.c in the Linu/ $ernel before 5.6.6 CONFIRM CONFIRM (link allows local users to gain #rivileges or cause a is external) denial of service (use*after*free) via a crafted CONFIRM ioprio_get system call. CONFIRM (link is external) linu/ ** linu/0$ernel =se*after*free vulnerability in the 2016-11-16 9.3 CVE-2016-7912 CONFIRM ffs0user0copy0wor$er function in CONFIRM (link drivers3usb3gadget3function3f0fs.c in the Linu/ is external) $ernel before 5.>.3 allows local users to gain CONFIRM CONFIRM (link #rivileges by accessing an %3O data structure is external) after a certain callbac$ call. linu/ ** linu/0$ernel The /c464A0set0config function in 2016-11-16 9.3 CVE-2016-7913 CONFIRM drivers3media3tuners3tuner*/c464A.c in the CONFIRM (link Linu/ $ernel before 5.6 allows local users to gain is external) #rivileges or cause a denial of service (use*after* CONFIRM (link is external) free) via vectors involving omission of the firmware name from a certain data structure. linu/ ** linu/0$ernel The assoc0array_insert0into_terminal_node 2016-11-16 7.1 CVE-2016-7914 CONFIRM function in lib3assoc0array.c in the Linu/ $ernel CONFIRM (link before 5.5.3 does not chec$ whether a slot is a is external) leaf, which allows local users to obtain sensitive CONFIRM CONFIRM (link information from $ernel memory or cause a is external) denial of service (invalid #ointer dereference and out*of*bounds read) via an a##lication that uses associative*array data structures, as demonstrated by the $eyutils test suite. linu/ ** linu/0$ernel 7ace condition in the environ0read function in 2016-11-16 7.1 CVE-2016-7916 CONFIRM fs3#roc3base.c in the Linu/ $ernel before 5.5.4 CONFIRM (link allows local users to obtain sensitive information is external) from $ernel memory by reading a CONFIRM CONFIRM 3#roc3B3environ file during a #rocess*setu# time CONFIRM (link interval in which environment*variable copying is external) is incom#lete. CONFIRM (link is external) ob,ective0development ** Little 'nitch version -.0 through -.6.. suffer from 2016-11-15 7.2 CVE-2016-8661 MISC (link is little0snitch a buffer overflow vulnerability that could be external) locally e/#loited which could lead to an escalation of #rivileges (EoP) and unauthorised ring6 access to the operating system. The buffer overflow is related to insufficient chec$ing of #arameters to the :<'Malloc: and :copyin: $ernel 1P% calls. samsung ** %nteger overflow in 'ystem=% in CC(5.4) and 2016-11-11 7.8 CVE-2016-9277 CONFIRM (link samsung0mobile L(>.03>.1) on 'amsung Note devices allows is external) attac$ers to cause a denial of service (=% restart) via vectors involving 1P%s and an activity that com#utes an out*of*bounds array inde/, a$a '!"*46.@*@D6@. Medium Severity Vulnerabilities The Primary Description Date Published CVSS The CVE Vendor --- Product Score Identity 2*zi# ** #2zi# 1 null #ointer dereference bug affects the [email protected] and 2016-11-11 5.0 CVE-2016-9296 MISC (link is many old versions of #2zi#. 1 lac$ of null #ointer external) chec$ for the variable folders.Pac$Positions in MISC (link is function external) MISC (link is %n1rchive::ReadAndDecodePac$edStreams in external) PP32zi#31rchive32z32z%n.c##, as used in the 2z.so library and in 2z a##lications, will cause a crash and a denial of service when decoding malformed 2z files. artife/ ** mu,s 1rtife/ 'oftware, %nc. MuE' before 2016-11-11 5.0 CVE-2016-9294 CONFIRM (link >66A.6>2A6c6b6.A4ea@edaA-ad5>DAf44>be-ee is external) allows conte/t*de#endent attac$ers to conduct CONFIRM (link :denial of service (a##lication crash): attac$s by is external) using the :malformed labeled brea$3continue in Eava'cri#t: a##roach, related to a :NULL #ointer dereference: issue affecting the ,scom#ile.c com#onent. dotcms ** dotcms 'QL in,ection vulnerability in the :'ite Frowser G 2016-11-14 6.5 CVE-2016-8903 Tem#lates #ages: screen in dot M' before -.3.1 MISC MISC (link is allows remote authenticated attac$ers to e/ecute external) arbitrary 'QL commands via the orderby #arameter. MISC (link is external) MISC (link is external) dotcms ** dotcms 'QL in,ection vulnerability in the :'ite Frowser G 2016-11-14 6.5 CVE-2016-8904 MISC ontainers #ages: screen in dot M' before -.3.1 MISC (link is allows remote authenticated attac$ers to e/ecute external) arbitrary 'QL commands via the orderby #arameter. MISC (link is external) MISC (link is external) dotcms ** dotcms 'QL in,ection vulnerability in the E'ONTags servlet 2016-11-14 6.5 CVE-2016-8905 MISC in dot M' before -.3.1 allows remote authenticated MISC (link is attac$ers to e/ecute arbitrary 'QL commands via external) the sort #arameter. MISC (link is external) MISC (link is external) dotcms ** dotcms 'QL in,ection vulnerability in the :'ite Frowser G 2016-11-14 6.5 CVE-2016-8906 MISC Lin$s #ages: screen in dot M' before -.3.1 allows MISC (link is remote authenticated attac$ers to e/ecute arbitrary external) 'QL commands via the orderby #arameter. MISC (link is external) MISC (link is external) dotcms ** dotcms 'QL in,ection vulnerability in the : ontent Types G 2016-11-14 6.5 CVE-2016-8907 MISC ontent Types: screen in dot M' before -.3.1 MISC (link is allows remote authenticated attac$ers to e/ecute external) arbitrary 'QL commands via the orderby #arameter. MISC (link is external) MISC (link is external) dotcms ** dotcms 'QL in,ection vulnerability in the :'ite Frowser G 2016-11-14 6.5 CVE-2016-8908 MISC HTML #ages: screen in dot M' before -.3.1 allows MISC (link is remote authenticated attac$ers to e/ecute arbitrary external) 'QL commands via the orderby #arameter.