Report ช่องโหว่ ประจำสัปดาห์ (21 มีนาคม 2559)


บริการแจ้งเตือนช่องโหว่ เป็นข้อมูลช่องโหว่ที่อ้างอิงจากหมายเลข CVE และมีการประเมินความระดับรุนแรงของช่องโหว่ตามข้อมูล Common Vulnerabilities Scoring System (CVSS) สำหรับการแบ่งประเภทความรุนแรงของช่องโหว่ แบ่งได้เป็น 3 ระดับตามค่ารุนแรงของ CVSS Score ดังนี้:
  • High - ประเภทความรุนแรงระดับสูง ประเมินจากค่า CVSS 7.0 - 10.0
  • Medium - ประเภทความรุนแรงระดับปานกลาง ประเมินจากค่า CVSS 4.0 - 6.9
  • Low - ประเภทความรุนแรงระดับต่ำ ประเมินจากค่า CVSS 0.0 - 3.9
รายการช่องโหว่จะแสดงในรูปของตารางมีข้อมูล 5 ส่วนได้แก่ 1). ชื่อผู้ผลิต (Vendor) และ ชื่อผลิตภัณฑ์ (Product) 2). รายละเอียดช่องโหว่ซึ่งอาจรวมถึง ชื่อซอฟต์แวร์ เวอร์ชันที่ได้รับผลกระทบ และ ผลกระทบที่เกิดจากการโจมตีผ่านช่องโหว่ดังกล่าว 3). วันที่ประกาศช่องโหว่ 4). CVSS Score พร้อม link ที่มา 5). แหล่งที่มา โดยรายการช่องโหว่ดังกล่าวจะแสดงเฉพาะ รายการของซอฟต์แวร์ที่ไทยเซิร์ตติดตาม

High Vulnerabilities (ช่องโหว่ความรุนแรงระดับสูง)
ชื่อผู้ผลิต - ชื่อผลิตภัณฑ์
(Vendor - Product)
รายละเอียดช่องโหว่ วันที่ประกาศช่องโหว่ CVSS Score แหล่งที่มา
apple - mac_os_xThe NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2016-03-2310.0CVE-2016-1741
apple - iphone_oslibxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.2016-03-2310.0CVE-2016-1761
apple - safarilibxml2 in Apple iOS before 9.3, OS X before 10.11.4, Safari before 9.1, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.2016-03-2310.0CVE-2016-1762
hp - operations_orchestrationHPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.2016-03-2210.0CVE-2016-1997
hp - service_managerHPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.2016-03-2210.0CVE-2016-1998
oracle - javaUnspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component.2016-03-249.3CVE-2016-0636
apple - mac_os_xIOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2016-03-239.3CVE-2016-1749
apple - apple_tvUse-after-free vulnerability in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.2016-03-239.3CVE-2016-1750
apple - apple_tvFontParser in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document.2016-03-239.3CVE-2016-1740
apple - apple_tvThe kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS before 2.2 does not properly restrict the execute permission, which allows attackers to bypass a code-signing protection mechanism via a crafted app.2016-03-239.3CVE-2016-1751
apple - mac_os_xThe Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1744.2016-03-239.3CVE-2016-1743
apple - mac_os_xIOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1746.2016-03-239.3CVE-2016-1747
apple - mac_os_xThe Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1743.2016-03-239.3CVE-2016-1744
apple - mac_os_xIOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1747.2016-03-239.3CVE-2016-1746
apple - mac_os_xThe kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2016-03-239.3CVE-2016-1759
apple - iphone_osRace condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.2016-03-239.3CVE-2016-1757
apple - safariWebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.2016-03-239.3CVE-2016-1783
apple - apple_tvThe kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1755.2016-03-239.3CVE-2016-1754
apple - apple_tvThe kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754.2016-03-239.3CVE-2016-1755
apple - iphone_osThe kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.2016-03-239.3CVE-2016-1756
apple - mac_os_xBluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1735.2016-03-239.3CVE-2016-1736
apple - mac_os_xBluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1736.2016-03-239.3CVE-2016-1735
apple - mac_os_xAppleRAID in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2016-03-239.3CVE-2016-1733
apple - apple_tvThe kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app.2016-03-239.3CVE-2016-1752
apple - apple_tvMultiple integer overflows in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allow attackers to execute arbitrary code in a privileged context via a crafted app.2016-03-239.3CVE-2016-1753
apple - apple_tvTrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.2016-03-239.3CVE-2016-1775
apple - safariWebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.2016-03-239.3CVE-2016-1778
apple - mac_os_xdyld in Apple OS X before 10.11.4 allows attackers to bypass a code-signing protection mechanism via a modified app.2016-03-237.2CVE-2016-1738
apple - safariThe Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site.2016-03-237.1CVE-2016-1771
apple - iphone_osAppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted USB device.2016-03-237.2CVE-2016-1734


Medium Vulnerabilities (ช่องโหว่ความรุนแรงระดับปานกลาง)
ชื่อผู้ผลิต - ชื่อผลิตภัณฑ์
(Vendor - Product)
รายละเอียดช่องโหว่ วันที่ประกาศช่องโหว่ CVSS Score แหล่งที่มา
apple - mac_os_xQuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file.2016-03-236.8CVE-2016-1769
apple - mac_os_xQuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767.2016-03-236.8CVE-2016-1768
apple - mac_os_xCarbon in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dfont file.2016-03-236.8CVE-2016-1737
apple - mac_os_xQuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768.2016-03-236.8CVE-2016-1767
apple - iphone_osThe Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors.2016-03-235.0CVE-2016-1766
apple - safariThe Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted web site.2016-03-235.8CVE-2016-1786
apple - mac_os_x_serverWiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors.2016-03-235.0CVE-2016-1787
apple - mac_os_x_serverThe Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions.2016-03-235.0CVE-2016-1774
apple - mac_os_x_serverWeb Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request.2016-03-235.0CVE-2016-1776
apple - mac_os_x_serverWeb Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.2016-03-235.0CVE-2016-1777
openbsd - opensshMultiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.2016-03-225.5CVE-2016-3115
dropbear_ssh_project - dropbear_sshCRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data.2016-03-225.5CVE-2016-3116
_wp_favorite_posts_project - _wp_favorite_postsCross-site scripting (XSS) vulnerability in the WP Favorite Posts plugin before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2016-03-254.3CVE-2016-1160
apple - apple_tvIOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.2016-03-234.3CVE-2016-1748
apple - safariApple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog.2016-03-234.3CVE-2009-2197
ruby-lang - rubyThe Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.2016-03-234.6CVE-2015-7551
apple - iphone_osThe kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.2016-03-234.3CVE-2016-1758
apple - safariThe Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors.2016-03-234.3CVE-2016-1772
apple - safariThe Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.2016-03-234.3CVE-2016-1785
apple - safariWebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that specify a TCP port number, which allows remote attackers to bypass intended port restrictions via a crafted web site.2016-03-234.3CVE-2016-1782
apple - safariThe History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) via a crafted web site.2016-03-234.3CVE-2016-1784
apple - xcodeotool in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors.2016-03-234.6CVE-2016-1765
apple - mac_os_xThe Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL.2016-03-234.3CVE-2016-1770
apple - mac_os_xThe Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL.2016-03-234.3CVE-2016-1764
apple - iphone_osWebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site.2016-03-234.3CVE-2016-1780
apple - safariWebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors.2016-03-234.3CVE-2016-1781
apple - safariWebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request.2016-03-234.3CVE-2016-1779


Low Vulnerabilities (ช่องโหว่ความรุนแรงระดับต่ำ)
ชื่อผู้ผลิต - ชื่อผลิตภัณฑ์
(Vendor - Product)
รายละเอียดช่องโหว่ วันที่ประกาศช่องโหว่ CVSS Score แหล่งที่มา
mit - kerberosThe process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.2016-03-253.5CVE-2016-3119
apple - iphone_osMessages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread.2016-03-233.5CVE-2016-1763
apple - mac_os_xIOFireWireFamily in Apple OS X before 10.11.4 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.2016-03-232.1CVE-2016-1745
apple - mac_os_xThe code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.2016-03-232.1CVE-2016-1773
apple - iphone_osMessages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages.2016-03-232.6CVE-2016-1788
apple - mac_os_xAppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.2016-03-232.1CVE-2016-1732