VARIoT IoT vulnerabilities database

SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript. Samsung SecEmailUI is prone to a security vulnerability. This may aid in further attacks

Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). The Samsung Galaxy S6 is a smartphone released by South Korea's Samsung. An attacker could exploit the vulnerability to crash a device and refuse to serve legitimate users

The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on blade servers allows remote attackers to obtain potentially sensitive version information by visiting an unspecified URL, aka Bug ID CSCuw87226. Vendors have confirmed this vulnerability Bug ID CSCuw87226 It is released as.Unspecified by a third party URL By accessing, important version information may be obtained. Cisco Unified Computing System is prone to a remote information-disclosure vulnerability. Successful exploits may allow an attacker to obtain sensitive information that may lead to further attacks. This issue is tracked by Cisco Bug ID CSCuw87226. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology. A security vulnerability exists in Cisco UCS Release 2.2(5b)A on Blade Server

Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via a crafted CMAP table in a PDF document, a different vulnerability than CVE-2015-6685, CVE-2015-6686, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695, and CVE-2015-7622. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the way CMAP tables are parsed. A specially crafted CMAP table embedded in a PDF file can force Adobe Acrobat Reader to read memory past the end of an allocated object. An attacker could leverage this vulnerability to execute arbitrary code under the context of the current process. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Classic and Continuous are two update mechanisms provided by Acrobat Reader DC Product Download Center. Security flaws exist in several Adobe products. 30060 and earlier, Acrobat XI Desktop 11.0.12 and earlier, Reader XI Desktop 11.0.12 and earlier, Acrobat X Desktop 10.1.15 and earlier, Reader X Desktop 10.1.15 and earlier

The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. Libxml2 is prone to a denial-of-service vulnerability. Successful exploit will result in a denial-of-service condition. Libxml2 2.9.1 and prior versions are vulnerable. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc. The vulnerability is caused by the program not properly checking for compression errors. CVE-ID CVE-2016-1722 : Joshua J. For the oldstable distribution (wheezy), these problems have been fixed in version 2.8.0+dfsg1-7+wheezy5. For the stable distribution (jessie), these problems have been fixed in version 2.9.1+dfsg1-5+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 2.9.3+dfsg1-1 or earlier versions. For the unstable distribution (sid), these problems have been fixed in version 2.9.3+dfsg1-1 or earlier versions. We recommend that you upgrade your libxml2 packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: libxml2 security update Advisory ID: RHSA-2020:1190-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1190 Issue date: 2020-03-31 CVE Names: CVE-2015-8035 CVE-2016-5131 CVE-2017-15412 CVE-2017-18258 CVE-2018-14404 CVE-2018-14567 ==================================================================== 1. Summary: An update for libxml2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131) * libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412) * libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035) * libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404) * libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258) * libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The desktop must be restarted (log out, then log back in) for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1277146 - CVE-2015-8035 libxml2: DoS caused by incorrect error detection during XZ decompression 1358641 - CVE-2016-5131 libxml2: Use after free triggered by XPointer paths beginning with range-to 1523128 - CVE-2017-15412 libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c 1566749 - CVE-2017-18258 libxml2: Unrestricted memory usage in xz_head() function in xzlib.c 1595985 - CVE-2018-14404 libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c 1619875 - CVE-2018-14567 libxml2: Infinite loop caused by incorrect error detection during LZMA decompression 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libxml2-2.9.1-6.el7.4.src.rpm x86_64: libxml2-2.9.1-6.el7.4.i686.rpm libxml2-2.9.1-6.el7.4.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7.4.i686.rpm libxml2-debuginfo-2.9.1-6.el7.4.x86_64.rpm libxml2-python-2.9.1-6.el7.4.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7.4.i686.rpm libxml2-debuginfo-2.9.1-6.el7.4.x86_64.rpm libxml2-devel-2.9.1-6.el7.4.i686.rpm libxml2-devel-2.9.1-6.el7.4.x86_64.rpm libxml2-static-2.9.1-6.el7.4.i686.rpm libxml2-static-2.9.1-6.el7.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libxml2-2.9.1-6.el7.4.src.rpm x86_64: libxml2-2.9.1-6.el7.4.i686.rpm libxml2-2.9.1-6.el7.4.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7.4.i686.rpm libxml2-debuginfo-2.9.1-6.el7.4.x86_64.rpm libxml2-python-2.9.1-6.el7.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7.4.i686.rpm libxml2-debuginfo-2.9.1-6.el7.4.x86_64.rpm libxml2-devel-2.9.1-6.el7.4.i686.rpm libxml2-devel-2.9.1-6.el7.4.x86_64.rpm libxml2-static-2.9.1-6.el7.4.i686.rpm libxml2-static-2.9.1-6.el7.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libxml2-2.9.1-6.el7.4.src.rpm ppc64: libxml2-2.9.1-6.el7.4.ppc.rpm libxml2-2.9.1-6.el7.4.ppc64.rpm libxml2-debuginfo-2.9.1-6.el7.4.ppc.rpm libxml2-debuginfo-2.9.1-6.el7.4.ppc64.rpm libxml2-devel-2.9.1-6.el7.4.ppc.rpm libxml2-devel-2.9.1-6.el7.4.ppc64.rpm libxml2-python-2.9.1-6.el7.4.ppc64.rpm ppc64le: libxml2-2.9.1-6.el7.4.ppc64le.rpm libxml2-debuginfo-2.9.1-6.el7.4.ppc64le.rpm libxml2-devel-2.9.1-6.el7.4.ppc64le.rpm libxml2-python-2.9.1-6.el7.4.ppc64le.rpm s390x: libxml2-2.9.1-6.el7.4.s390.rpm libxml2-2.9.1-6.el7.4.s390x.rpm libxml2-debuginfo-2.9.1-6.el7.4.s390.rpm libxml2-debuginfo-2.9.1-6.el7.4.s390x.rpm libxml2-devel-2.9.1-6.el7.4.s390.rpm libxml2-devel-2.9.1-6.el7.4.s390x.rpm libxml2-python-2.9.1-6.el7.4.s390x.rpm x86_64: libxml2-2.9.1-6.el7.4.i686.rpm libxml2-2.9.1-6.el7.4.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7.4.i686.rpm libxml2-debuginfo-2.9.1-6.el7.4.x86_64.rpm libxml2-devel-2.9.1-6.el7.4.i686.rpm libxml2-devel-2.9.1-6.el7.4.x86_64.rpm libxml2-python-2.9.1-6.el7.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libxml2-debuginfo-2.9.1-6.el7.4.ppc.rpm libxml2-debuginfo-2.9.1-6.el7.4.ppc64.rpm libxml2-static-2.9.1-6.el7.4.ppc.rpm libxml2-static-2.9.1-6.el7.4.ppc64.rpm ppc64le: libxml2-debuginfo-2.9.1-6.el7.4.ppc64le.rpm libxml2-static-2.9.1-6.el7.4.ppc64le.rpm s390x: libxml2-debuginfo-2.9.1-6.el7.4.s390.rpm libxml2-debuginfo-2.9.1-6.el7.4.s390x.rpm libxml2-static-2.9.1-6.el7.4.s390.rpm libxml2-static-2.9.1-6.el7.4.s390x.rpm x86_64: libxml2-debuginfo-2.9.1-6.el7.4.i686.rpm libxml2-debuginfo-2.9.1-6.el7.4.x86_64.rpm libxml2-static-2.9.1-6.el7.4.i686.rpm libxml2-static-2.9.1-6.el7.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libxml2-2.9.1-6.el7.4.src.rpm x86_64: libxml2-2.9.1-6.el7.4.i686.rpm libxml2-2.9.1-6.el7.4.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7.4.i686.rpm libxml2-debuginfo-2.9.1-6.el7.4.x86_64.rpm libxml2-devel-2.9.1-6.el7.4.i686.rpm libxml2-devel-2.9.1-6.el7.4.x86_64.rpm libxml2-python-2.9.1-6.el7.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7.4.i686.rpm libxml2-debuginfo-2.9.1-6.el7.4.x86_64.rpm libxml2-static-2.9.1-6.el7.4.i686.rpm libxml2-static-2.9.1-6.el7.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8035 https://access.redhat.com/security/cve/CVE-2016-5131 https://access.redhat.com/security/cve/CVE-2017-15412 https://access.redhat.com/security/cve/CVE-2017-18258 https://access.redhat.com/security/cve/CVE-2018-14404 https://access.redhat.com/security/cve/CVE-2018-14567 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXoOdR9zjgjWX9erEAQhgbQ/+JolcknqNffv7HQZNxYOtS/M2Zx/E3IB4 QwmkXhfmgV44ig4prUpghE/+O5eTUPjqSq6rHjih/pjCjG4bVcK6BptxBFi7WQwo GM0ryvm0p0fib0dy+Ov3NNC6Dhg32NIVwC0pWTIEdYcOGBfDY3mXlLXx5aHefisu p1C7F6rP4xxMRDOlQhAB4UPMkPSD/MtKIyxIEqiAT5olybSTl0um2AB5XtLlCbkT h4IXDsAyswvBIS/bxnyZkn6oHEiD3JBwcP+ZU0jgSEy34O92ttV7hRQb1H1+YHOO li1bX5IcbmFzATwBfCZQmNfrp/XU4Ra28GT/3JGntnhhxFmz1xe/h5YNJTwZ+0TX yxKZdAz3brm/mt6uvbY4PpGERyA+X/Moz4ToXCEL2jVfSXbOuajRtCV8Cp3X7bCd Ed2imuXZQPpUXNVdF73RJ7YB6vEhQRIdlKgEXzPPpuHFH1HprvSLoJyrDD1T8bfx TVrrmvtWKtXq0DYSD7wGw23WZJJeUIgyKiZNTlIxvb0c7r8+aZ+toY07sZlBkTCA cjWNRnHDNkdYH2ZoNPQlzYzk5rSYGqhoOvF85pNCY4v4fofyMEnyAY7MEZ/Z991X Ko2ShKSzEtKSMcx2B2wPg+hFcACP8HbKxSbW3SzoCSKCOGEAPLQlJ5eHXwLOAO3Q IZIK7xZywNw=8RZh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-2812-1 November 16, 2015 libxml2 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in libxml2. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-1819) Michal Zalewski discovered that libxml2 incorrectly handled certain XML data. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-7941) Kostya Serebryany discovered that libxml2 incorrectly handled certain XML data. (CVE-2015-7942) Gustavo Grieco discovered that libxml2 incorrectly handled certain XML data. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-8035) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: libxml2 2.9.2+zdfsg1-4ubuntu0.1 Ubuntu 15.04: libxml2 2.9.2+dfsg1-3ubuntu0.1 Ubuntu 14.04 LTS: libxml2 2.9.1+dfsg1-3ubuntu4.5 Ubuntu 12.04 LTS: libxml2 2.7.8.dfsg-5.1ubuntu4.12 After a standard system update you need to reboot your computer to make all the necessary changes. CVE-ID CVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc. WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A website may be able to track sensitive user information Description: A hidden web page may be able to access device- orientation and device-motion data. This issue was addressed by suspending the availability of this data when the web view is hidden. CVE-ID CVE-2016-1780 : Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti, and Feng Hao of the School of Computing Science, Newcastle University, UK WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may reveal a user's current location Description: An issue existed in the parsing of geolocation requests. CVE-ID CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab (http://www.tencent.com) WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A port redirection issue was addressed through additional port validation. CVE-ID CVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit Technologies Co.,Ltd. CVE-ID CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of 无声信息技术PKAV Team (PKAV.net) WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: Redirect responses may have allowed a malicious website to display an arbitrary URL and read cached contents of the destination origin. CVE-ID CVE-2016-1786 : ma.la of LINE Corporation WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may exfiltrate data cross-origin Description: A caching issue existed with character encoding. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002 OS X El Capitan 10.11.4 and Security Update 2016-002 is now available and addresses the following: apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team AppleUSBNetworking Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of data from USB devices. This issue was addressed through improved input validation. CVE-ID CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path Bluetooth Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1735 : Jeonghoon Shin@A.D.D CVE-2016-1736 : beist and ABH of BoB Carbon Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2016-1737 : an anonymous researcher dyld Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker may tamper with code-signed applications to execute arbitrary code in the application's context Description: A code signing verification issue existed in dyld. This issue was addressed with improved validation. CVE-ID CVE-2016-1738 : beist and ABH of BoB FontParser Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI) HTTPProtocol Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2015-8659 Intel Graphics Driver Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1743 : Piotr Bania of Cisco Talos CVE-2016-1744 : Ian Beer of Google Project Zero IOFireWireFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1745 : sweetchip of Grayhash IOGraphics Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) IOHIDFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1748 : Brandon Azad IOUSBFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition existed during the creation of new processes. This was addressed through improved state handling. CVE-ID CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-ID CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team Kernel Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero CVE-2016-1759 : lokihardt Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1758 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1762 Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments Description: A cryptographic issue was addressed by rejecting duplicate messages on the client. CVE-ID CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a JavaScript link can reveal sensitive user information Description: An issue existed in the processing of JavaScript links. This issue was addressed through improved content security policy checks. CVE-ID CVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of Bishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox NVIDIA Graphics Drivers Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1741 : Ian Beer of Google Project Zero OpenSSH Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Connecting to a server may leak sensitive user information, such as a client's private keys Description: Roaming, which was on by default in the OpenSSH client, exposed an information leak and a buffer overflow. These issues were addressed by disabling roaming in the client. CVE-ID CVE-2016-0777 : Qualys CVE-2016-0778 : Qualys OpenSSH Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 Impact: Multiple vulnerabilities in LibreSSL Description: Multiple vulnerabilities existed in LibreSSL versions prior to 2.1.8. These were addressed by updating LibreSSL to version 2.1.8. CVE-ID CVE-2015-5333 : Qualys CVE-2015-5334 : Qualys OpenSSL Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to cause a denial of service Description: A memory leak existed in OpenSSL versions prior to 0.9.8zh. This issue was addressed by updating OpenSSL to version 0.9.8zh. CVE-ID CVE-2015-3195 Python Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2014-9495 CVE-2015-0973 CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1767 : Francis Provencher from COSIG CVE-2016-1768 : Francis Provencher from COSIG QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1769 : Francis Provencher from COSIG Reminders Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a tel link can make a call without prompting the user Description: A user was not prompted before invoking a call. This was addressed through improved entitlement checks. CVE-ID CVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of Laurent.ca Ruby Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An unsafe tainted string usage vulnerability existed in versions prior to 2.0.0-p648. This issue was addressed by updating to version 2.0.0-p648. CVE-ID CVE-2015-7551 Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to check for the existence of arbitrary files Description: A permissions issue existed in code signing tools. This was addressed though additional ownership checks. CVE-ID CVE-2016-1773 : Mark Mentovai of Google Inc. Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab Tcl Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by removing libpng. CVE-ID CVE-2015-8126 : Adam Mariš TrueTypeScaler Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI) Wi-Fi Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher OS X El Capitan 10.11.4 includes the security content of Safari 9.1. https://support.apple.com/kb/HT206171 OS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6 ARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w HiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l Jy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau /71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi UhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng O+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78 juPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF i9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP Izo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X qlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q VZmOKa8qMxB1L/JmdCqy =mZR+ -----END PGP SIGNATURE-----

Multiple router products contain an issue in the protection against clickjacking attacks. Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be conducted. Multiple Routers are prone to a clickjacking vulnerability because it fails to perform validity checks on certain user actions through HTTP requests. Successful exploits will allow an attacker to compromise the affected device or obtain sensitive information. Other attacks are also possible

Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C. Samsumgandroidphone is a series of mobile phones based on the Android platform. The Samsumgandroid system service failed to handle exceptions correctly, allowing local attackers to conduct denial of service attacks by sending malicious service commands. Multiple Samsung Android Mobile devices are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions

Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call. Samsung Mobile Phone is a smart phone released by Samsung in South Korea. An attacker could use this vulnerability to cause a denial of service. The following products and versions are affected: Samsung Mobile Phones 4.4, 5.0, 5.1. Remote attackers can exploit this issue to cause a denial-of-service condition

Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.3.1.5 and 5.4.x through 5.4.1.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuu28922. Cisco FireSight Management Center (MC) Contains a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug IDs CSCuu28922, CSCuv62998, and CSCuv63012

Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.4.1.3 and 6.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuv73338. Cisco FireSight Management Center (MC) Contains a cross-site scripting vulnerability. Cisco FireSIGHT Management Center is prone to an HTML-injection vulnerability because it fails to properly sanitize certain unspecified user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCuv73338

Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices with software 19.1.0.61559 and 19.2.0 allow remote attackers to cause a denial of service (BGP process restart) via a crafted header in a BGP packet, aka Bug ID CSCuw65781. A remote attacker exploiting this vulnerability could result in a denial of service. An attacker can exploit this issue to cause the BGP process to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuw65781. The vulnerability is caused by the program not properly validating BGP packet headers

The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain plaintext data via a padding-oracle attack. IBM DataPower Gateway is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. IBM DataPower Gateway is a security and integration platform specially designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads of IBM Corporation in the United States, which can utilize a dedicated gateway The platform secures, integrates and optimizes access across channels. GatewayScript is one of the modules for handling mobile, web and API workloads and optimizing the gateway environment

The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security 9.3(4.1.11) allows remote authenticated users to bypass intended access restrictions and obtain sensitive user information via an unspecified HTTP request, aka Bug ID CSCuv74105. Attackers can exploit this issue to gain unauthorized access to the affected application. This may aid in further attacks. This issue is being tracked by Cisco bug ID CSCuv74105

SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue being tracked by Cisco Bug ID CSCuw50843. The solution supports automated ordering of a unified service catalog of computing, networking, storage, and other data center resources. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands

Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to map a filesystem via a series of requests, aka Bug ID CSCut67891. Vendors have confirmed this vulnerability Bug ID CSCut67891 It is released as.A third party may be able to map the file system through a series of requests. Cisco Unified Communications Domain Manager is prone to an information-disclosure vulnerability. Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCut67891. This component features scalable, distributed, and highly available enterprise Voice over IP call processing. A security vulnerability exists in Cisco UCDM versions prior to 10.6(1) due to the different methods used by the program to handle paths that exist and do not exist

Long Term Evolution (LTE) is a 4G wireless broadband technology developed by the 3rd Generation Partnership Project (3GPP) project team. An information disclosure vulnerability exists in LTE equipment. Attackers can use this vulnerability to obtain sensitive information and perform man-in-the-middle attacks. Long Term Evolution (LTE) devices are prone to multiple information-disclosure vulnerabilities. Successful exploits may lead to other attacks

The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent. Samsung S6 Edge Contains a permission vulnerability.Information may be obtained. Samsung SecEmailComposer is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges within the context of the application.

Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter. Samsung S6 Edge Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be put into a state. Samsung Sieren Kernel Driver is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker may exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause denial-of-service conditions

Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of an Ethernet frame. Siemens RuggedCom ROS and ROX-based devices are used to connect devices in harsh environments such as substations, traffic management chassis, and more. An information disclosure vulnerability exists in the previous version of Siemens RUGGEDCOM ROS 4.2.1. An attacker can exploit this issue to obtain sensitive information. Successful exploits may lead to other attacks. Versions prior to RuggedCom ROS 4.2.1 are vulnerable. Siemens RuggedCom ROS is a set of operating system used in RuggedCom series switches by Siemens of Germany

SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Allen-Bradley MicroLogix is a programmable logic controller (PLC) from Rockwell Automation. Multiple Rockwell Automation Micrologix products are prone to the following security vulnerabilities: 1. A stack-based buffer-overflow vulnerability 2. A denial-of-service vulnerability 3. A cross-site scripting vulnerability 4. An SQL-injection vulnerability An attacker can exploit these issues to execute arbitrary code, crash the device, execute attacker-supplied HTML or JavaScript code in the context of the affected site, steal cookie-based authentication credentials and compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database