Report ช่องโหว่ ประจำสัปดาห์ (4 มกราคม 2559)


บริการแจ้งเตือนช่องโหว่ เป็นข้อมูลช่องโหว่ที่อ้างอิงจากหมายเลข CVE และมีการประเมินความระดับรุนแรงของช่องโหว่ตามข้อมูล Common Vulnerabilities Scoring System (CVSS) สำหรับการแบ่งประเภทความรุนแรงของช่องโหว่ แบ่งได้เป็น 3 ระดับตามค่ารุนแรงของ CVSS Score ดังนี้:
  • High - ประเภทความรุนแรงระดับสูง ประเมินจากค่า CVSS 7.0 - 10.0
  • Medium - ประเภทความรุนแรงระดับปานกลาง ประเมินจากค่า CVSS 4.0 - 6.9
  • Low - ประเภทความรุนแรงระดับต่ำ ประเมินจากค่า CVSS 0.0 - 3.9
รายการช่องโหว่จะแสดงในรูปของตารางมีข้อมูล 5 ส่วนได้แก่ 1). ชื่อผู้ผลิต (Vendor) และ ชื่อผลิตภัณฑ์ (Product) 2). รายละเอียดช่องโหว่ซึ่งอาจรวมถึง ชื่อซอฟต์แวร์ เวอร์ชันที่ได้รับผลกระทบ และ ผลกระทบที่เกิดจากการโจมตีผ่านช่องโหว่ดังกล่าว 3). วันที่ประกาศช่องโหว่ 4). CVSS Score พร้อม link ที่มา 5). แหล่งที่มา โดยรายการช่องโหว่ดังกล่าวจะแสดงเฉพาะ รายการของซอฟต์แวร์ที่ไทยเซิร์ตติดตาม

High Vulnerabilities (ช่องโหว่ความรุนแรงระดับสูง)
ชื่อผู้ผลิต - ชื่อผลิตภัณฑ์
(Vendor - Product)
รายละเอียดช่องโหว่ วันที่ประกาศช่องโหว่ CVSS Score แหล่งที่มา
google - androidmediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 25070493 and 24686670.2016-01-0610.0CVE-2015-6636
sap - afariaSAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization checks and wipe or lock mobile devices via a crafted request, related to "Insecure signature," aka SAP Security Note 2134905.2016-01-089.4CVE-2015-8753
apache - subversionInteger overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read.2016-01-089.0CVE-2015-5259
juniper - screenosJuniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation.2016-01-089.3CVE-2015-7754
google - androidThe prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service (vma list corruption) via a crafted application, aka internal bug 20017123.2016-01-069.3CVE-2015-6640
google - androidThe Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554.2016-01-069.3CVE-2015-6647
google - androidThe Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908.2016-01-069.3CVE-2015-6638
google - androidThe MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013.2016-01-069.3CVE-2015-6637
google - androidThe Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.2016-01-069.3CVE-2015-6639
owncloud - owncloudownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to index.php/apps/files/ajax/scan.php.2016-01-087.5CVE-2016-1499
mcafee - epolicy_orchestratorIntel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix 1106041 allow remote attackers to execute arbitrary code via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.2016-01-087.5CVE-2015-8765
apache - activemqApache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.2016-01-087.5CVE-2015-5254
google - androidSyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205.2016-01-067.1CVE-2015-6645
google - androidThe kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24157888.2016-01-067.8CVE-2015-6642
google - androidThe System V IPC implementation in the kernel in Android before 6.0 2016-01-01 allows attackers to cause a denial of service (global kernel resource consumption) by leveraging improper interaction between IPC resource allocation and the memory manager, aka internal bug 22300191, a different vulnerability than CVE-2015-7613.2016-01-067.8CVE-2015-6646
google - androidSetup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka internal bug 25290269.2016-01-067.2CVE-2015-6643


Medium Vulnerabilities (ช่องโหว่ความรุนแรงระดับปานกลาง)
ชื่อผู้ผลิต - ชื่อผลิตภัณฑ์
(Vendor - Product)
รายละเอียดช่องโหว่ วันที่ประกาศช่องโหว่ CVSS Score แหล่งที่มา
apple - quicktimeApple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7092, and CVE-2015-7117.2016-01-086.8CVE-2015-7091
apple - quicktimeApple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117.2016-01-086.8CVE-2015-7089
apple - quicktimeApple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117.2016-01-086.8CVE-2015-7090
apple - quicktimeApple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted TXXX frame within an ID3 tag in MP3 data in a movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, and CVE-2015-7117.2016-01-086.8CVE-2015-7092
apple - quicktimeApple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117.2016-01-086.8CVE-2015-7088
values_project - valuesThe Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via the exported values list in a ctools import.2016-01-086.0CVE-2015-8761
apple - quicktimeApple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117.2016-01-086.8CVE-2015-7086
apple - quicktimeApple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, and CVE-2015-7092.2016-01-086.8CVE-2015-7117
apple - quicktimeApple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117.2016-01-086.8CVE-2015-7085
apple - quicktimeApple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117.2016-01-086.8CVE-2015-7087
zip_attachments_project - zip_attachmentsDirectory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the za_file parameter.2016-01-085.0CVE-2015-4694
acquia - mollomThe Mollom module 6.x-2.7 before 6.x-2.15 for Drupal allows remote attackers to bypass intended access restrictions and modify the mollom blacklist via unspecified vectors.2016-01-085.0CVE-2015-8754
apple - apple_tvlibxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7116.2016-01-094.3CVE-2015-7115
apple - apple_tvlibxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7115.2016-01-094.3CVE-2015-7116
ibm - jazz_reporting_serviceLifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended query restrictions or modify the LDAP directory, via unspecified vectors.2016-01-094.0CVE-2015-7466
titan_framework_project - titan_frameworkMultiple cross-site scripting (XSS) vulnerabilities in the Titan Framework plugin before 1.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) t parameter to iframe-googlefont-preview.php or the (2) text parameter to iframe-font-preview.php.2016-01-084.3CVE-2014-6444
nex-forms_lite_project - nex-forms_liteMultiple cross-site scripting (XSS) vulnerabilities in the NEX-Forms Lite plugin 2.1.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the form_fields parameter in a (1) do_edit or (2) do_insert action to wp-admin/admin-ajax.php.2016-01-084.3CVE-2014-7151
mozilla - firefox_osCross-site scripting (XSS) vulnerability in the internationalization feature in the default homescreen app in Mozilla Firefox OS before 2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted web site that is mishandled during "Add to home screen" bookmarking.2016-01-084.3CVE-2015-8510
google - androidBouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.2016-01-064.3CVE-2015-6644
wireshark - wiresharkepan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet.2016-01-044.3CVE-2015-8730
wireshark - wiresharkThe get_value function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (invalid write operation and application crash) via a crafted packet.2016-01-044.3CVE-2015-8735


Low Vulnerabilities (ช่องโหว่ความรุนแรงระดับต่ำ)
ชื่อผู้ผลิต - ชื่อผลิตภัณฑ์
(Vendor - Product)
รายละเอียดช่องโหว่ วันที่ประกาศช่องโหว่ CVSS Score แหล่งที่มา
field_group_project - field_groupCross-site scripting (XSS) vulnerability in the Field Group module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with permission to configure field display settings to inject arbitrary web script or HTML via an element attribute.2016-01-083.5CVE-2016-1565
google - androidWi-Fi in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Wi-Fi information by leveraging access to the local physical environment, aka internal bug 25266660.2016-01-063.3CVE-2015-5310
mozilla - firefox_osThe lockscreen feature in Mozilla Firefox OS before 2.5 does not properly restrict failed authentication attempts, which makes it easier for physically proximate attackers to obtain access by entering many passcode guesses.2016-01-082.1CVE-2015-8512
xen - xenThe hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 does not limit the number of printk console messages when logging the new callback method, which allows local HVM guest OS users to cause a denial of service via a large number of changes to the callback method (HVM_PARAM_CALLBACK_IRQ).2016-01-082.1CVE-2015-8615
google - androidBluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427.2016-01-062.9CVE-2015-6641