Original release date: August 15, 2016
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
cisco — rv110w_wireless-n_vpn_firewall_firmware | The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567. | 2016-08-07 | 7.2 | CVE-2015-6396 CISCO |
cisco — rv110w_wireless-n_vpn_firewall_firmware | Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that account, aka Bug IDs CSCuv90139, CSCux58175, and CSCux73557. | 2016-08-07 | 9.0 | CVE-2015-6397 CISCO |
cisco — rv180_vpn_router_firmware | Directory traversal vulnerability in the web interface on Cisco RV180 and RV180W devices allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuz43023. | 2016-08-07 | 7.8 | CVE-2016-1429 CISCO |
cisco — rv180_vpn_router_firmware | Cisco RV180 and RV180W devices allow remote authenticated users to execute arbitrary commands as root via a crafted HTTP request, aka Bug ID CSCuz48592. | 2016-08-07 | 9.0 | CVE-2016-1430 CISCO |
cisco — unified_communications_manager _im_and_presence_service |
Cisco Unified Communications Manager IM and Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1, and 11.5(1) allows remote attackers to cause a denial of service (sipd process restart) via crafted headers in a SIP packet, aka Bug ID CSCva39072. | 2016-08-07 | 7.8 | CVE-2016-1466 CISCO |
cisco — ios | Cisco IOS 15.5(3)S3, 15.6(1)S2, 15.6(2)S1, and 15.6(2)T1 does not properly dequeue invalid NTP packets, which allows remote attackers to cause a denial of service (interface wedge) by sending many crafted NTP packets, aka Bug ID CSCva35619. | 2016-08-07 | 7.8 | CVE-2016-1478 CISCO |
dashbuilder_project — dashbuilder | SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI. | 2016-08-05 | 7.5 | CVE-2016-4999 BID REDHAT REDHAT CONFIRM CONFIRM CONFIRM |
google — android | Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug CR549470. | 2016-08-06 | 9.3 | CVE-2014-9863 CONFIRM CONFIRM |
google — android | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747998 and Qualcomm internal bug CR561841. | 2016-08-06 | 9.3 | CVE-2014-9864 CONFIRM CONFIRM |
google — android | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28748271 and Qualcomm internal bug CR550013. | 2016-08-06 | 9.3 | CVE-2014-9865 CONFIRM CONFIRM |
google — android | drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747684 and Qualcomm internal bug CR511358. | 2016-08-06 | 9.3 | CVE-2014-9866 CONFIRM CONFIRM |
google — android | drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749629 and Qualcomm internal bug CR514702. | 2016-08-06 | 9.3 | CVE-2014-9867 CONFIRM CONFIRM |
google — android | drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749728 and Qualcomm internal bug CR514711. | 2016-08-06 | 9.3 | CVE-2014-9869 CONFIRM CONFIRM CONFIRM |
google — android | The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal bug 28749743 and Qualcomm internal bug CR561044. | 2016-08-06 | 9.3 | CVE-2014-9870 CONFIRM CONFIRM CONFIRM CONFIRM |
google — android | Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28749803 and Qualcomm internal bug CR514717. | 2016-08-06 | 9.3 | CVE-2014-9871 CONFIRM CONFIRM |
google — android | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804057 and Qualcomm internal bug CR636633. | 2016-08-06 | 9.3 | CVE-2014-9887 CONFIRM CONFIRM |
google — android | Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that sends an I2C command, aka Android internal bug 28770207 and Qualcomm internal bug CR529177. | 2016-08-06 | 9.3 | CVE-2014-9890 CONFIRM CONFIRM |
google — android | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted application that makes an ioctl call, aka Android internal bug 28749283 and Qualcomm internal bug CR550061. | 2016-08-06 | 9.3 | CVE-2014-9891 CONFIRM CONFIRM |
google — android | The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android internal bug 28670333 and Qualcomm internal bug CR548711. | 2016-08-05 | 7.8 | CVE-2014-9901 CONFIRM CONFIRM |
google — android | Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management frame, aka Android internal bug 28668638 and Qualcomm internal bugs CR553937 and CR553941. | 2016-08-05 | 10.0 | CVE-2014-9902 CONFIRM CONFIRM |
google — android | The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804030 and Qualcomm internal bug CR766022. | 2016-08-06 | 9.3 | CVE-2015-8938 CONFIRM CONFIRM |
google — android | drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28398884 and Qualcomm internal bug CR779021. | 2016-08-06 | 9.3 | CVE-2015-8939 CONFIRM CONFIRM |
google — android | Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and Qualcomm internal bug CR792367. | 2016-08-06 | 9.3 | CVE-2015-8940 CONFIRM CONFIRM |
google — android | drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814502 and Qualcomm internal bug CR792473. | 2016-08-06 | 9.3 | CVE-2015-8941 CONFIRM CONFIRM |
google — android | drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814652 and Qualcomm internal bug CR803246. | 2016-08-06 | 9.3 | CVE-2015-8942 CONFIRM CONFIRM |
google — android | services/core/java/com/android/server/pm/PackageManagerService.java in the framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to increase intent-filter priority via a crafted application, aka internal bug 27450489. | 2016-08-05 | 7.5 | CVE-2016-2497 CONFIRM CONFIRM |
google — android | Integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28533562. | 2016-08-05 | 7.5 | CVE-2016-3819 CONFIRM CONFIRM |
google — android | The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 mishandles slice numbers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28673410. | 2016-08-05 | 7.5 | CVE-2016-3820 CONFIRM CONFIRM |
google — android | libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference or memory corruption) via a crafted media file, aka internal bug 28166152. | 2016-08-05 | 7.5 | CVE-2016-3821 CONFIRM CONFIRM |
google — android | exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315. | 2016-08-05 | 7.5 | CVE-2016-3822 CONFIRM CONFIRM |
google — android | codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28816956. | 2016-08-05 | 7.1 | CVE-2016-3827 CONFIRM CONFIRM |
google — android | decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS NAL units, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28835995. | 2016-08-05 | 7.1 | CVE-2016-3828 CONFIRM CONFIRM |
google — android | The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 does not initialize certain structure members, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29023649. | 2016-08-05 | 7.1 | CVE-2016-3829 CONFIRM CONFIRM |
google — android | codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device hang or reboot) via crafted ADTS data, aka internal bug 29153599. | 2016-08-05 | 7.1 | CVE-2016-3830 CONFIRM CONFIRM |
google — android | The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows attackers to bypass an unspecified protection mechanism via a crafted application, aka internal bug 28795098. | 2016-08-05 | 8.3 | CVE-2016-3832 CONFIRM CONFIRM |
google — android | The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka internal bug 29189712. | 2016-08-05 | 9.3 | CVE-2016-3833 CONFIRM CONFIRM CONFIRM |
google — android | Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153. | 2016-08-05 | 10.0 | CVE-2016-3840 CONFIRM CONFIRM |
google — android | The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. | 2016-08-06 | 7.2 | CVE-2016-3841 CONFIRM CONFIRM CONFIRM CONFIRM |
google — android | The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28377352 and Qualcomm internal bug CR1002974. | 2016-08-05 | 9.3 | CVE-2016-3842 CONFIRM |
google — android | Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071. | 2016-08-05 | 9.3 | CVE-2016-3843 CONFIRM |
google — android | mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28299517. | 2016-08-05 | 9.3 | CVE-2016-3844 CONFIRM |
google — android | The video driver in the kernel in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application, aka internal bug 28399876. | 2016-08-05 | 9.3 | CVE-2016-3845 CONFIRM |
google — android | The Serial Peripheral Interface driver in Android before 2016-08-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28817378. | 2016-08-05 | 7.6 | CVE-2016-3846 CONFIRM |
google — android | The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28919417. | 2016-08-05 | 7.6 | CVE-2016-3848 CONFIRM |
google — android | The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X devices allows attackers to gain privileges by leveraging access to a privileged process, aka internal bug 29189941. | 2016-08-05 | 9.3 | CVE-2016-3851 CONFIRM |
google — android | The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518. | 2016-08-05 | 9.3 | CVE-2016-3857 CONFIRM |
google — chrome | Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000 data. | 2016-08-07 | 7.5 | CVE-2016-5140 CONFIRM CONFIRM CONFIRM |
google — chrome | The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp and SubtleCrypto.cpp. | 2016-08-07 | 7.5 | CVE-2016-5142 CONFIRM CONFIRM CONFIRM |
google — chrome | The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144. | 2016-08-07 | 7.5 | CVE-2016-5143 CONFIRM CONFIRM CONFIRM |
google — chrome | The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5143. | 2016-08-07 | 7.5 | CVE-2016-5144 CONFIRM CONFIRM CONFIRM |
google — chrome | Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 2016-08-07 | 7.5 | CVE-2016-5146 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
haxx — libcurl | Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. | 2016-08-10 | 7.5 | CVE-2016-5421 DEBIAN MISC |
ibm — qradar_security_information_and_event_manager | IBM Security QRadar SIEM 7.1.x and 7.2.x before 7.2.7 allows remote authenticated users to execute arbitrary OS commands as root via unspecified vectors. | 2016-08-07 | 9.0 | CVE-2016-2875 CONFIRM |
juniper — junos | Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D23, 12.3X48 before 12.3X48-D25, and 15.1X49 before 15.1X49-D40 on a High-End SRX-Series chassis system with one or more Application Layer Gateways (ALGs) enabled allow remote attackers to cause a denial of service (CPU consumption, fab link failure, or flip-flop failovers) via vectors related to in-transit traffic matching ALG rules. | 2016-08-05 | 7.1 | CVE-2016-1276 CONFIRM SECTRACK |
linux — linux_kernel | The vfe31_proc_general function in drivers/media/video/msm/vfe/msm_vfe31.c in the MSM-VFE31 driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate a certain id value, which allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call. | 2016-08-07 | 7.2 | CVE-2014-9410 CONFIRM |
linux — linux_kernel | arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted application, aka Android internal bug 28803642 and Qualcomm internal bug CR642735. | 2016-08-06 | 7.2 | CVE-2014-9888 CONFIRM CONFIRM CONFIRM CONFIRM |
linux — linux_kernel | Use-after-free vulnerability in the msm_set_crop function in drivers/media/video/msm/msm_camera.c in the MSM-Camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call. | 2016-08-07 | 7.2 | CVE-2015-0568 CONFIRM |
linux — linux_kernel | drivers/media/platform/msm/broadcast/tsc.c in the TSC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via a crafted application that makes a TSC_GET_CARD_STATUS ioctl call. | 2016-08-07 | 10.0 | CVE-2015-0573 CONFIRM CONFIRM |
linux — linux_kernel | Stack-based buffer overflow in the supply_lm_input_write function in drivers/thermal/supply_lm_core.c in the MSM Thermal driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application that sends a large amount of data through the debugfs interface. | 2016-08-07 | 10.0 | CVE-2016-2063 CONFIRM CONFIRM |
linux — linux_kernel | sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted application that makes an ioctl call specifying many commands. | 2016-08-07 | 7.2 | CVE-2016-2064 CONFIRM CONFIRM |
linux — linux_kernel | sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (out-of-bounds write and memory corruption) or possibly have unspecified other impact via a crafted application that makes an ioctl call triggering incorrect use of a parameters pointer. | 2016-08-07 | 10.0 | CVE-2016-2065 CONFIRM CONFIRM |
linux — linux_kernel | The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name. | 2016-08-07 | 7.2 | CVE-2016-5340 CONFIRM CONFIRM |
linux — linux_kernel | The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 4.6.5 does not validate the buffer size, which allows local users to gain privileges by triggering an AppArmor setprocattr hook. | 2016-08-06 | 7.2 | CVE-2016-6187 CONFIRM MLIST CONFIRM MLIST CONFIRM CONFIRM |
microsoft — internet_explorer | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-3290. | 2016-08-09 | 7.6 | CVE-2016-3288 MS |
microsoft — edge | Microsoft Internet Explorer 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-3322. | 2016-08-09 | 7.6 | CVE-2016-3289 MS MS |
microsoft — internet_explorer | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-3288. | 2016-08-09 | 7.6 | CVE-2016-3290 MS |
microsoft — edge | Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka “Microsoft Browser Memory Corruption Vulnerability.” | 2016-08-09 | 7.6 | CVE-2016-3293 MS MS |
microsoft — edge | The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability.” | 2016-08-09 | 7.6 | CVE-2016-3296 MS |
microsoft — windows_8.1 | The Netlogon service in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 improperly establishes secure communications channels, which allows local users to gain privileges by leveraging access to a domain-joined machine, aka “Netlogon Elevation of Privilege Vulnerability.” | 2016-08-09 | 7.2 | CVE-2016-3300 MS |
microsoft — live_meeting | The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka “Windows Graphics Component RCE Vulnerability.” | 2016-08-09 | 9.3 | CVE-2016-3301 MS |
microsoft — live_meeting | The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka “Windows Graphics Component RCE Vulnerability,” a different vulnerability than CVE-2016-3304. | 2016-08-09 | 9.3 | CVE-2016-3303 MS |
microsoft — live_meeting | The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka “Windows Graphics Component RCE Vulnerability,” a different vulnerability than CVE-2016-3303. | 2016-08-09 | 9.3 | CVE-2016-3304 MS |
microsoft — windows_10 | The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-3309, CVE-2016-3310, and CVE-2016-3311. | 2016-08-09 | 7.2 | CVE-2016-3308 MS |
microsoft — windows_10 | The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-3308, CVE-2016-3310, and CVE-2016-3311. | 2016-08-09 | 7.2 | CVE-2016-3309 MS |
microsoft — windows_10 | The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-3308, CVE-2016-3309, and CVE-2016-3311. | 2016-08-09 | 7.2 | CVE-2016-3310 MS |
microsoft — windows_10 | The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-3308, CVE-2016-3309, and CVE-2016-3310. | 2016-08-09 | 7.2 | CVE-2016-3311 MS |
microsoft — office | Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka “Microsoft Office Memory Corruption Vulnerability.” | 2016-08-09 | 9.3 | CVE-2016-3313 MS |
microsoft — word | Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to execute arbitrary code via a crafted file, aka “Microsoft Office Memory Corruption Vulnerability.” | 2016-08-09 | 9.3 | CVE-2016-3316 MS |
microsoft — office | Microsoft Office 2010 SP2, Word 2007 SP3, Word 2010 SP2, Word for Mac 2011, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka “Microsoft Office Memory Corruption Vulnerability.” | 2016-08-09 | 9.3 | CVE-2016-3317 MS |
microsoft — office | Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted file, aka “Graphics Component Memory Corruption Vulnerability.” | 2016-08-09 | 9.3 | CVE-2016-3318 MS |
microsoft — edge | The PDF library in Microsoft Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Microsoft Edge allows remote attackers to execute arbitrary code via a crafted PDF file, aka “Microsoft PDF Remote Code Execution Vulnerability.” | 2016-08-09 | 9.3 | CVE-2016-3319 MS MS |
microsoft — edge | Microsoft Internet Explorer 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-3289. | 2016-08-09 | 7.6 | CVE-2016-3322 MS MS |
moxa — softcms | SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields. | 2016-08-07 | 7.5 | CVE-2016-5792 MISC |
mozilla — netscape_portable_runtime | Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function. | 2016-08-07 | 7.5 | CVE-2016-1951 CONFIRM MLIST CONFIRM |
openbsd — openssh | The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string. | 2016-08-07 | 7.8 | CVE-2016-6515 MLIST CONFIRM |
php — php | Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class. | 2016-08-07 | 7.5 | CVE-2016-3078 MLIST CONFIRM CONFIRM CONFIRM CONFIRM |
php — php | Double free vulnerability in the SplDoublyLinkedList::offsetSet function in ext/spl/spl_dllist.c in PHP 7.x before 7.0.6 allows remote attackers to execute arbitrary code via a crafted index. | 2016-08-07 | 7.5 | CVE-2016-3132 CONFIRM CONFIRM CONFIRM CONFIRM |
php — php | The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a ” character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted locale_get_primary_language call. | 2016-08-07 | 7.5 | CVE-2016-5093 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
php — php | Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function. | 2016-08-07 | 7.5 | CVE-2016-5094 CONFIRM MLIST CONFIRM CONFIRM |
php — php | Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from a FILTER_SANITIZE_FULL_SPECIAL_CHARS filter_var call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-5094. | 2016-08-07 | 7.5 | CVE-2016-5095 CONFIRM MLIST CONFIRM CONFIRM |
php — php | Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument. | 2016-08-07 | 7.5 | CVE-2016-5096 CONFIRM MLIST CONFIRM CONFIRM |
php — php | Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception. | 2016-08-07 | 7.5 | CVE-2016-5768 CONFIRM CONFIRM CONFIRM MLIST CONFIRM |
php — php | Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions. | 2016-08-07 | 7.5 | CVE-2016-5769 CONFIRM CONFIRM CONFIRM MLIST CONFIRM |
php — php | Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096. | 2016-08-07 | 7.5 | CVE-2016-5770 CONFIRM CONFIRM MLIST CONFIRM |
php — php | spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data. | 2016-08-07 | 7.5 | CVE-2016-5771 CONFIRM CONFIRM MLIST CONFIRM |
php — php | Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call. | 2016-08-07 | 7.5 | CVE-2016-5772 CONFIRM CONFIRM CONFIRM MLIST CONFIRM |
php — php | php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object. | 2016-08-07 | 7.5 | CVE-2016-5773 CONFIRM CONFIRM CONFIRM MLIST CONFIRM |
redhat — enterprise_linux_server | Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-4051. | 2016-08-10 | 7.5 | CVE-2016-5408 REDHAT |
sap — hana | The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550. | 2016-08-05 | 7.5 | CVE-2016-6150 BID MISC MISC |
siemens — sinema_server | Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors. | 2016-08-07 | 7.2 | CVE-2016-6486 CONFIRM MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe — experience_manager | Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, and 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2016-08-09 | 4.3 | CVE-2016-4168 CONFIRM |
adobe — experience_manager | Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain sensitive audit log event information via unspecified vectors. | 2016-08-09 | 5.0 | CVE-2016-4169 CONFIRM |
adobe — experience_manager | Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2016-08-09 | 4.3 | CVE-2016-4170 CONFIRM |
adobe — experience_manager | The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to obtain sensitive information via unspecified vectors. | 2016-08-09 | 5.0 | CVE-2016-4253 CONFIRM |
cisco — telepresence_video _communication_server |
The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID CSCuv12531. | 2016-08-07 | 6.5 | CVE-2016-1468 CISCO |
cisco — prime_infrastructure | Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a “cross-frame scripting (XFS)” issue, aka Bug ID CSCuw65846, a different vulnerability than CVE-2015-6434. | 2016-08-07 | 4.3 | CVE-2016-1474 CISCO |
debian — debian_linux | The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move. | 2016-08-06 | 4.6 | CVE-2016-3070 CONFIRM CONFIRM CONFIRM CONFIRM |
google — android | drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted mask value, aka Android internal bug 28749721 and Qualcomm internal bug CR511976. | 2016-08-06 | 6.9 | CVE-2014-9868 CONFIRM CONFIRM |
google — android | The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28750155 and Qualcomm internal bug CR590721. | 2016-08-06 | 6.8 | CVE-2014-9872 CONFIRM CONFIRM |
google — android | Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm internal bug CR556860. | 2016-08-06 | 6.8 | CVE-2014-9873 CONFIRM CONFIRM |
google — android | Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mach-msm/qdsp6v2/audio_utils.c and sound/soc/msm/qdsp6v2/q6asm.c, aka Android internal bug 28751152 and Qualcomm internal bug CR563086. | 2016-08-06 | 6.8 | CVE-2014-9874 CONFIRM CONFIRM |
google — android | drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal bug 28767589 and Qualcomm internal bug CR483310. | 2016-08-06 | 6.8 | CVE-2014-9875 CONFIRM CONFIRM |
google — android | drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28767796 and Qualcomm internal bug CR483408. | 2016-08-06 | 6.8 | CVE-2014-9876 CONFIRM CONFIRM |
google — android | drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28768281 and Qualcomm internal bug CR547231. | 2016-08-06 | 6.8 | CVE-2014-9877 CONFIRM CONFIRM |
google — android | drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769208 and Qualcomm internal bug CR547479. | 2016-08-06 | 6.8 | CVE-2014-9878 CONFIRM CONFIRM |
google — android | The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221 and Qualcomm internal bug CR524490. | 2016-08-06 | 6.8 | CVE-2014-9879 CONFIRM CONFIRM |
google — android | drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769352 and Qualcomm internal bug CR556356. | 2016-08-06 | 6.8 | CVE-2014-9880 CONFIRM CONFIRM |
google — android | drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application, aka Android internal bug 28769368 and Qualcomm internal bug CR539008. | 2016-08-06 | 6.8 | CVE-2014-9881 CONFIRM CONFIRM |
google — android | Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546 and Qualcomm internal bug CR552329. | 2016-08-06 | 6.8 | CVE-2014-9882 CONFIRM CONFIRM CONFIRM |
google — android | Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28769912 and Qualcomm internal bug CR565160. | 2016-08-06 | 6.8 | CVE-2014-9883 CONFIRM CONFIRM |
google — android | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769920 and Qualcomm internal bug CR580740. | 2016-08-06 | 6.8 | CVE-2014-9884 CONFIRM CONFIRM |
google — android | Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug 28769959 and Qualcomm internal bug CR562261. | 2016-08-06 | 6.8 | CVE-2014-9885 CONFIRM CONFIRM |
google — android | arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815575 and Qualcomm internal bug CR555030. | 2016-08-06 | 6.8 | CVE-2014-9886 CONFIRM CONFIRM |
google — android | drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803645 and Qualcomm internal bug CR674712. | 2016-08-06 | 6.8 | CVE-2014-9889 CONFIRM CONFIRM |
google — android | The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717. | 2016-08-06 | 4.3 | CVE-2014-9892 CONFIRM CONFIRM |
google — android | drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28747914 and Qualcomm internal bug CR542223. | 2016-08-06 | 4.3 | CVE-2014-9893 CONFIRM CONFIRM |
google — android | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a ” character, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28749708 and Qualcomm internal bug CR545736. | 2016-08-06 | 4.3 | CVE-2014-9894 CONFIRM CONFIRM |
google — android | drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28750150 and Qualcomm internal bug CR570757, a different vulnerability than CVE-2014-1739. | 2016-08-06 | 4.3 | CVE-2014-9895 CONFIRM CONFIRM CONFIRM CONFIRM |
google — android | drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28767593 and Qualcomm internal bug CR551795. | 2016-08-06 | 4.3 | CVE-2014-9896 CONFIRM CONFIRM |
google — android | sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28769856 and Qualcomm internal bug CR563752. | 2016-08-06 | 4.3 | CVE-2014-9897 CONFIRM CONFIRM |
google — android | arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28814690 and Qualcomm internal bug CR554575. | 2016-08-06 | 4.3 | CVE-2014-9898 CONFIRM CONFIRM |
google — android | drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28803909 and Qualcomm internal bug CR547910. | 2016-08-06 | 4.3 | CVE-2014-9899 CONFIRM CONFIRM |
google — android | The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754. | 2016-08-06 | 4.3 | CVE-2014-9900 CONFIRM CONFIRM |
google — android | packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug 20918350. | 2016-08-07 | 5.0 | CVE-2015-3854 FULLDISC FULLDISC CONFIRM |
google — android | drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803962 and Qualcomm internal bug CR770548. | 2016-08-06 | 6.8 | CVE-2015-8937 CONFIRM CONFIRM |
google — android | drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815158 and Qualcomm internal bugs CR794217 and CR836226. | 2016-08-06 | 6.8 | CVE-2015-8943 CONFIRM CONFIRM |
google — android | The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information by reading this file, aka Android internal bug 28814213 and Qualcomm internal bug CR786116. NOTE: the permissions may be intentional in most non-Android contexts. | 2016-08-06 | 4.3 | CVE-2015-8944 CONFIRM MLIST CONFIRM |
google — android | The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Qualcomm internal bug CR1002974. | 2016-08-05 | 6.9 | CVE-2016-2504 CONFIRM |
google — android | The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to gain privileges via a crafted application, aka internal bug 28815329. | 2016-08-05 | 4.6 | CVE-2016-3823 CONFIRM CONFIRM |
google — android | omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the buffer port, which allows attackers to gain privileges via a crafted application, aka internal bug 28816827. | 2016-08-05 | 4.6 | CVE-2016-3824 CONFIRM CONFIRM |
google — android | mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allocates an incorrect amount of memory, which allows attackers to gain privileges via a crafted application, aka internal bug 28816964. | 2016-08-05 | 4.6 | CVE-2016-3825 CONFIRM CONFIRM |
google — android | services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the reply size for an AudioFlinger effect command, which allows attackers to gain privileges via a crafted application, aka internal bug 29251553. | 2016-08-05 | 4.6 | CVE-2016-3826 CONFIRM CONFIRM |
google — android | The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device crash) via a NITZ time value of 2038-01-19 or later that is mishandled by the system clock, aka internal bug 29083635, related to a “Year 2038 problem.” | 2016-08-05 | 5.0 | CVE-2016-3831 CONFIRM CONFIRM |
google — android | The camera APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allow attackers to bypass intended access restrictions and obtain sensitive information about ANW buffer addresses via a crafted application, aka internal bug 28466701. | 2016-08-05 | 4.3 | CVE-2016-3834 CONFIRM CONFIRM |
google — android | The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 28920116. | 2016-08-05 | 4.3 | CVE-2016-3835 CONFIRM CONFIRM |
google — android | The SurfaceFlinger service in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application, related to lack of a default constructor in include/ui/FrameStats.h, aka internal bug 28592402. | 2016-08-05 | 4.3 | CVE-2016-3836 CONFIRM CONFIRM |
google — android | service/jni/com_android_server_wifi_WifiNative.cpp in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application that provides a MAC address with too few characters, aka internal bug 28164077. | 2016-08-05 | 4.3 | CVE-2016-3837 CONFIRM CONFIRM |
google — android | Android 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of locked-screen 911 functionality) via a crafted application that uses the app-pinning feature, aka internal bug 28761672. | 2016-08-05 | 4.3 | CVE-2016-3838 CONFIRM CONFIRM |
google — android | Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of Bluetooth 911 functionality) via a crafted application that sends a signal to a Bluetooth process, aka internal bug 28885210. | 2016-08-05 | 4.3 | CVE-2016-3839 CONFIRM CONFIRM |
google — android | The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28871433. | 2016-08-05 | 6.9 | CVE-2016-3847 CONFIRM |
google — android | The ION driver in Android before 2016-08-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28939740. | 2016-08-05 | 6.9 | CVE-2016-3849 CONFIRM |
google — android | Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted header field in a boot image, aka Android internal bug 27917291 and Qualcomm internal bug CR945164. | 2016-08-05 | 6.9 | CVE-2016-3850 CONFIRM CONFIRM |
google — android | The MediaTek Wi-Fi driver in Android before 2016-08-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29141147 and MediaTek internal bug ALPS02751738. | 2016-08-05 | 4.3 | CVE-2016-3852 CONFIRM |
google — android | Google Play services in Android before 2016-08-05 on Nexus devices allow local users to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26803208. | 2016-08-05 | 4.9 | CVE-2016-3853 CONFIRM |
google — android | drivers/media/video/msm/msm_mctl_buf.c in the Qualcomm components in Android before 2016-08-05 does not validate the image mode, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR897326. | 2016-08-06 | 6.8 | CVE-2016-3854 CONFIRM CONFIRM |
google — android | drivers/thermal/supply_lm_core.c in the Qualcomm components in Android before 2016-08-05 does not validate a certain count parameter, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR990824. | 2016-08-06 | 6.8 | CVE-2016-3855 CONFIRM CONFIRM |
google — android | netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR959631. | 2016-08-06 | 6.8 | CVE-2016-3856 CONFIRM CONFIRM CONFIRM |
google — chrome | Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data. | 2016-08-07 | 6.8 | CVE-2016-5139 CONFIRM CONFIRM CONFIRM |
google — chrome | Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.cpp and ScopedPageLoadDeferrer.cpp. | 2016-08-07 | 5.0 | CVE-2016-5141 CONFIRM CONFIRM CONFIRM |
google — chrome | Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. | 2016-08-07 | 6.8 | CVE-2016-5145 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
haxx — libcurl | curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. | 2016-08-10 | 5.0 | CVE-2016-5419 DEBIAN MISC |
haxx — libcurl | curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. | 2016-08-10 | 5.0 | CVE-2016-5420 DEBIAN MISC |
hp — release_control | HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and consequently obtain sensitive information or cause a denial of service, via unspecified vectors. | 2016-08-07 | 4.0 | CVE-2016-4374 CONFIRM |
ibm — aix | IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | 2016-08-07 | 4.3 | CVE-2016-0266 AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR CONFIRM |
ibm — vios | The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets. | 2016-08-07 | 4.3 | CVE-2016-0281 CONFIRM AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR |
ibm — general_parallel_file_system | IBM General Parallel File System (GPFS) 3.5 before 3.5.0.29 efix 6 and 4.1.1 before 4.1.1.4 efix 9, when the Spectrum Scale GUI is used with DB2 on Linux, UNIX and Windows, allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by discovering ADMIN passwords. | 2016-08-07 | 4.0 | CVE-2016-0361 CONFIRM |
ibm — rational_publishing_engine | Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by specifying an unexpected file extension. | 2016-08-07 | 5.5 | CVE-2016-2914 CONFIRM |
ibm — websphere_application_server | IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages. | 2016-08-07 | 4.3 | CVE-2016-2960 AIXAPAR CONFIRM |
ibm — connections_portlets | Open redirect vulnerability in the Connections Portlets component 5.x before 5.0.2 for IBM WebSphere Portal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 2016-08-07 | 5.8 | CVE-2016-2989 CONFIRM |
ibm — filenet_workplace | Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0.2.14 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 2016-08-07 | 4.9 | CVE-2016-5878 CONFIRM |
juniper — junos | Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to “safe mode” authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the “request system software” command with the “partition” option. | 2016-08-05 | 6.9 | CVE-2016-1278 CONFIRM BID SECTRACK |
libgd — libgd | gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function. | 2016-08-07 | 6.8 | CVE-2013-7456 CONFIRM CONFIRM MLIST CONFIRM CONFIRM CONFIRM |
libgd — libgd | gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name. | 2016-08-07 | 6.4 | CVE-2016-5116 DEBIAN MLIST CONFIRM CONFIRM |
libgd — libgd | Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. | 2016-08-07 | 6.8 | CVE-2016-5766 CONFIRM CONFIRM CONFIRM DEBIAN MLIST CONFIRM CONFIRM |
libgd — libgd | Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions. | 2016-08-07 | 6.8 | CVE-2016-5767 CONFIRM CONFIRM CONFIRM MLIST CONFIRM |
libgd — libgd | The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index. | 2016-08-07 | 5.0 | CVE-2016-6128 DEBIAN MLIST CONFIRM CONFIRM CONFIRM CONFIRM |
libgd — libgd | The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. | 2016-08-12 | 4.3 | CVE-2016-6132 DEBIAN MLIST MLIST BID CONFIRM CONFIRM |
libgd — libgd | The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image. | 2016-08-12 | 4.3 | CVE-2016-6161 DEBIAN MLIST MLIST CONFIRM |
libgd — libgd | Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors. | 2016-08-12 | 4.3 | CVE-2016-6207 MISC DEBIAN BUGTRAQ SECTRACK CONFIRM CONFIRM MISC |
libgd — libgd | gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. | 2016-08-12 | 4.3 | CVE-2016-6214 DEBIAN MLIST MLIST CONFIRM CONFIRM CONFIRM |
linux — linux_kernel | Memory leak in the airspy_probe function in drivers/media/usb/airspy/airspy.c in the airspy USB driver in the Linux kernel before 4.7 allows local users to cause a denial of service (memory consumption) via a crafted USB device that emulates many VFL_TYPE_SDR or VFL_TYPE_SUBDEV devices and performs many connect and disconnect operations. | 2016-08-06 | 4.9 | CVE-2016-5400 CONFIRM MLIST CONFIRM CONFIRM |
linux — linux_kernel | net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack. | 2016-08-06 | 4.3 | CVE-2016-5696 CONFIRM MLIST MISC CONFIRM CONFIRM |
linux — linux_kernel | net/core/skbuff.c in the Linux kernel 4.7-rc6 allows local users to cause a denial of service (panic) or possibly have unspecified other impact via certain IPv6 socket operations. | 2016-08-06 | 4.6 | CVE-2016-6162 MLIST CONFIRM |
linux — linux_kernel | fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink. | 2016-08-06 | 4.9 | CVE-2016-6197 CONFIRM MLIST CONFIRM CONFIRM |
linux — linux_kernel | The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c. | 2016-08-06 | 4.9 | CVE-2016-6198 CONFIRM CONFIRM CONFIRM MLIST CONFIRM CONFIRM CONFIRM |
linux — linux_kernel | Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a “double fetch” vulnerability. | 2016-08-06 | 4.7 | CVE-2016-6480 BUGTRAQ CONFIRM |
linux — linux_kernel | Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (heap-based buffer overflow) or possibly gain privileges by changing a certain count value, aka a “double fetch” vulnerability. | 2016-08-06 | 4.4 | CVE-2016-6516 CONFIRM MLIST CONFIRM CONFIRM |
microsoft — windows_10 | Kerberos in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows man-in-the-middle attackers to bypass authentication via vectors related to a fallback to NTLM authentication during a domain account password change, aka “Kerberos Security Feature Bypass Vulnerability.” | 2016-08-09 | 6.9 | CVE-2016-3237 MS |
microsoft — windows_10 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to hijack network traffic or bypass intended Enhanced Protected Mode (EPM) or application container protection mechanisms, and consequently render untrusted content in a browser, by leveraging how NetBIOS validates responses, aka “NetBIOS Spoofing Vulnerability.” | 2016-08-09 | 4.3 | CVE-2016-3299 MS |
microsoft — windows_10 | ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attackers to discover credentials by leveraging failure of Universal Outlook to obtain a secure connection, aka “Universal Outlook Information Disclosure Vulnerability.” | 2016-08-09 | 5.0 | CVE-2016-3312 MS |
microsoft — onenote | Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka “Microsoft OneNote Information Disclosure Vulnerability.” | 2016-08-09 | 4.3 | CVE-2016-3315 MS |
microsoft — windows_10 | Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protection mechanism by leveraging (1) administrative or (2) physical access to install a crafted boot manager, aka “Secure Boot Security Feature Bypass.” | 2016-08-09 | 4.0 | CVE-2016-3320 MS |
php — php | The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function. | 2016-08-07 | 4.3 | CVE-2015-8935 MLIST CONFIRM CONFIRM |
php — php | sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer overflow) via a long string, as demonstrated by a long URI in a configuration with custom REQUEST_URI logging. | 2016-08-07 | 6.4 | CVE-2016-5114 CONFIRM CONFIRM CONFIRM MLIST MISC CONFIRM |
sap — hana | The SQL interface in SAP HANA provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailed_error_on_connect option is not supported or is configured as “False,” which allows remote attackers to enumerate database users via a series of login attempts, aka SAP Security Note 2216869. | 2016-08-05 | 5.0 | CVE-2016-6145 MISC MISC |
sophos — mobile_control_eas_proxy | Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the resource, aka an Open Reverse Proxy vulnerability. | 2016-08-10 | 5.0 | CVE-2016-6597 BUGTRAQ BID MISC |
vmware — fusion | Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | 2016-08-07 | 4.4 | CVE-2016-5330 CONFIRM |
vmware — vcenter_server | CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 2016-08-07 | 4.3 | CVE-2016-5331 CONFIRM |
wireshark — wireshark | epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | 2016-08-07 | 4.3 | CVE-2016-5350 MLIST CONFIRM CONFIRM |
wireshark — wireshark | epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 2016-08-07 | 4.3 | CVE-2016-5351 MLIST CONFIRM CONFIRM CONFIRM |
wireshark — wireshark | epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 2016-08-07 | 4.3 | CVE-2016-5352 MLIST CONFIRM CONFIRM CONFIRM |
wireshark — wireshark | epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 2016-08-07 | 4.3 | CVE-2016-5353 MLIST CONFIRM CONFIRM CONFIRM |
wireshark — wireshark | The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 2016-08-07 | 4.3 | CVE-2016-5354 MLIST CONFIRM CONFIRM CONFIRM |
wireshark — wireshark | wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | 2016-08-07 | 4.3 | CVE-2016-5355 MLIST CONFIRM CONFIRM CONFIRM CONFIRM |
wireshark — wireshark | wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | 2016-08-07 | 4.3 | CVE-2016-5356 MLIST CONFIRM CONFIRM CONFIRM CONFIRM |
wireshark — wireshark | wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | 2016-08-07 | 4.3 | CVE-2016-5357 MLIST CONFIRM CONFIRM CONFIRM CONFIRM |
wireshark — wireshark | epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 2016-08-07 | 4.3 | CVE-2016-5358 MLIST CONFIRM CONFIRM CONFIRM |
wireshark — wireshark | epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted packet. | 2016-08-07 | 4.3 | CVE-2016-5359 MLIST CONFIRM CONFIRM CONFIRM |
wireshark — wireshark | The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 2016-08-06 | 4.3 | CVE-2016-6503 MLIST CONFIRM CONFIRM CONFIRM |
wireshark — wireshark | epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. | 2016-08-06 | 4.3 | CVE-2016-6504 MLIST CONFIRM CONFIRM CONFIRM |
wireshark — wireshark | epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet. | 2016-08-06 | 4.3 | CVE-2016-6505 MLIST CONFIRM CONFIRM CONFIRM |
wireshark — wireshark | epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | 2016-08-06 | 4.3 | CVE-2016-6506 MLIST CONFIRM CONFIRM CONFIRM |
wireshark — wireshark | epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | 2016-08-06 | 4.3 | CVE-2016-6507 MLIST CONFIRM CONFIRM CONFIRM |
wireshark — wireshark | epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet. | 2016-08-06 | 4.3 | CVE-2016-6508 MLIST CONFIRM CONFIRM CONFIRM |
wireshark — wireshark | epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 mishandles conversations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 2016-08-06 | 4.3 | CVE-2016-6509 MLIST CONFIRM CONFIRM CONFIRM |
wireshark — wireshark | Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. | 2016-08-06 | 4.3 | CVE-2016-6510 MLIST CONFIRM CONFIRM CONFIRM |
wireshark — wireshark | epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large loop) via a crafted packet. | 2016-08-06 | 4.3 | CVE-2016-6511 MLIST CONFIRM CONFIRM CONFIRM |
wireshark — wireshark | epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors. | 2016-08-06 | 4.3 | CVE-2016-6512 MLIST CONFIRM CONFIRM CONFIRM |
wireshark — wireshark | epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 2016-08-06 | 4.3 | CVE-2016-6513 MLIST CONFIRM CONFIRM CONFIRM |
wordpress — wordpress | WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address. | 2016-08-07 | 5.0 | CVE-2016-4029 CONFIRM MISC |
wordpress — wordpress | Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2016-08-07 | 4.3 | CVE-2016-6634 CONFIRM MISC |
wordpress — wordpress | Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option. | 2016-08-07 | 6.8 | CVE-2016-6635 CONFIRM CONFIRM |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache — activemq | The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue. | 2016-08-05 | 3.5 | CVE-2016-0782 CONFIRM MISC BUGTRAQ CONFIRM |
ibm — information_server_framework | Cross-site scripting (XSS) vulnerability in IBM Information Server Framework 8.5, Information Server Framework and InfoSphere Information Server Business Glossary 8.7 before FP2, Information Server Framework and InfoSphere Information Server Business Glossary 9.1 before 9.1.2.0, Information Server Framework and InfoSphere Information Governance Catalog 11.3 before 11.3.1.2, and Information Server Framework and InfoSphere Information Governance Catalog 11.5 before 11.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2016-08-07 | 3.5 | CVE-2016-0280 AIXAPAR CONFIRM |
ibm — sterling_connect_direct_for_unix | IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via standard filesystem operations. | 2016-08-07 | 2.1 | CVE-2016-0380 AIXAPAR CONFIRM |
ibm — rational_publishing_engine | Cross-site scripting (XSS) vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2016-08-07 | 3.5 | CVE-2016-2912 CONFIRM |
ibm — websphere_portal | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2016-08-07 | 3.5 | CVE-2016-2925 AIXAPAR CONFIRM |
ibm — filenet_workplace | Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace 4.0.2 allows remote authenticated users to inject arbitrary web script or HTML by uploading a file. | 2016-08-07 | 3.5 | CVE-2016-3054 CONFIRM |
ibm — tivoli_storage_flashcopy_manager_for_sql_server | IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka IBM Spectrum Protect for Databases) 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server (aka IBM Spectrum Protect Snapshot) 3.1 before 3.1.1.7 and 3.2 before 3.2.1.9 allow local users to discover a cleartext SQL Server password by reading the Task List in the MMC GUI. | 2016-08-07 | 2.1 | CVE-2016-3059 CONFIRM |
linux — linux_kernel | Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a “double fetch” vulnerability. | 2016-08-06 | 1.9 | CVE-2016-6136 CONFIRM BUGTRAQ CONFIRM CONFIRM CONFIRM CONFIRM |
linux — linux_kernel | Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a “double fetch” vulnerability. | 2016-08-06 | 1.9 | CVE-2016-6156 CONFIRM BUGTRAQ MISC CONFIRM CONFIRM |
microsoft — internet_explorer | Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka “Internet Explorer Information Disclosure Vulnerability.” | 2016-08-09 | 1.9 | CVE-2016-3321 FULLDISC BUGTRAQ MS MISC |
microsoft — edge | Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka “Microsoft Browser Information Disclosure Vulnerability,” a different vulnerability than CVE-2016-3327. | 2016-08-09 | 2.6 | CVE-2016-3326 MS MS |
microsoft — edge | Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka “Microsoft Browser Information Disclosure Vulnerability,” a different vulnerability than CVE-2016-3326. | 2016-08-09 | 2.6 | CVE-2016-3327 MS MS |
microsoft — edge | Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to determine the existence of files via a crafted webpage, aka “Internet Explorer Information Disclosure Vulnerability.” | 2016-08-09 | 2.6 | CVE-2016-3329 MS MS |
pivotal_software — redis | linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file. | 2016-08-10 | 2.1 | CVE-2013-7458 DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
sap — hana_db | The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905. | 2016-08-05 | 2.1 | CVE-2016-3640 BID MISC MISC MISC |
sap — hana_sps09 | SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging the EXPORT statement to export files, aka SAP Security Note 2252941. | 2016-08-05 | 2.1 | CVE-2016-6149 BID MISC MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
sap — sapcar | SAP SAPCAR allows local users to change the permissions of arbitrary files and consequently gain privileges via a hard link attack on files extracted from an archive, possibly related to SAP Security Note 2327384. | 2016-08-12 | Not yet calculated | CVE-2016-5847 MISC FULLDISC BUGTRAQ BID MISC |
sap — sapcar | SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attackers to cause a denial of service (program crash) via an invalid file name in an archive file, aka SAP Security Note 2312905. | 2016-08-12 | Not yet calculated | CVE-2016-5845 MISC FULLDISC BUGTRAQ BID MISC MISC |
scientific_linux — fontconfig | fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file. | 2016-08-12 | Not yet calculated | CVE-2016-5384 DEBIAN CONFIRM FEDORA MLIST |
This product is provided subject to this Notification and this Privacy & Use policy.