US-CERT Alerts – Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.
Original release date: June 29, 2016
Symantec has released security updates to address vulnerabilities in multiple products. Exploitation of some of these vulnerabilities may allow an attacker to take control of an affected system and cause a denial-of-service condition.
Users and administrators are encouraged to review Symantec Security Advisories SYM16-010 and SYM16-011 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: June 27, 2016
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple — mac_os_x | The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846. | 2016-06-19 | 9.3 | CVE-2016-1861 CONFIRM APPLE |
| cisco — rv110w_wireless-n_vpn_firewall_firmware | The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428. | 2016-06-18 | 10.0 | CVE-2016-1395 CISCO |
| dx_library_project — dx_library | The printfDx function in Takumi Yamada DX Library for Borland C++ 3.13f through 3.16b, DX Library for Gnu C++ 3.13f through 3.16b, and DX Library for Visual C++ 3.13f through 3.16b allows remote attackers to execute arbitrary code via a crafted string. | 2016-06-18 | 7.5 | CVE-2016-4819 JVNDB JVN CONFIRM |
| emc — data_domain | EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 has a default no_root_squash option for NFS exports, which makes it easier for remote attackers to obtain filesystem access by leveraging client root privileges. | 2016-06-19 | 7.2 | CVE-2016-0911 BUGTRAQ |
| emc — data_domain | EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote authenticated users to bypass intended password-change restrictions by leveraging access to (1) a different account with the same role as a target account or (2) an account’s session at an unattended workstation. | 2016-06-19 | 9.0 | CVE-2016-0912 BUGTRAQ |
| fonality — fonality | Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a (1) FTP or (2) SSH connection. | 2016-06-19 | 10.0 | CVE-2016-2362 CERT-VN |
| fonality — fonality | Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 uses weak permissions for the /var/www/rpc/surun script, which allows local users to obtain root access for unspecified command execution by leveraging access to the nobody account. | 2016-06-19 | 7.2 | CVE-2016-2363 CERT-VN |
| netcommons — netcommons | NetCommons 2.4.2.1 and earlier allows remote authenticated secretariat (aka CLERK) users to gain privileges by creating a SYSTEM_ADMIN account. | 2016-06-18 | 9.0 | CVE-2016-4813 CONFIRM JVNDB JVN |
| openssl — openssl | OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. | 2016-06-19 | 7.5 | CVE-2016-2177 CONFIRM CONFIRM |
| solarwinds — virtualization_manager | The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | 2016-06-17 | 10.0 | CVE-2016-3642 FULLDISC FULLDISC MISC |
| solarwinds — virtualization_manager | SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by “sudo cat /etc/passwd.” | 2016-06-17 | 7.2 | CVE-2016-3643 FULLDISC MISC |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple — mac_os_x | Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1862. | 2016-06-19 | 4.3 | CVE-2016-1860 CONFIRM APPLE |
| apple — mac_os_x | Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860. | 2016-06-19 | 4.3 | CVE-2016-1862 CONFIRM APPLE |
| apple — safari | The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL. | 2016-06-19 | 5.0 | CVE-2016-1864 CONFIRM CONFIRM APPLE APPLE |
| buffalo — wzr-600dhp2_firmware | Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | 2016-06-18 | 5.0 | CVE-2016-4815 CONFIRM JVNDB JVN |
| buffalo — wzr-600dhp2_firmware | BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices allow remote attackers to discover credentials and other sensitive information via unspecified vectors. | 2016-06-18 | 4.3 | CVE-2016-4816 CONFIRM JVNDB JVN |
| cisco — ios | Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476. | 2016-06-22 | 5.0 | CVE-2015-6289 CISCO |
| cisco — rv110w_wireless-n_vpn_firewall_firmware | Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583. | 2016-06-18 | 4.3 | CVE-2016-1396 CISCO |
| cisco — rv110w_wireless-n_vpn_firewall_firmware | Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523. | 2016-06-18 | 6.8 | CVE-2016-1397 CISCO |
| cisco — ios | Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun63132. | 2016-06-18 | 6.1 | CVE-2016-1424 CISCO |
| cisco — prime_network_registrar | The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694. | 2016-06-17 | 5.0 | CVE-2016-1427 CISCO |
| cisco — ios_xe | Double free vulnerability in Cisco IOS XE 3.15S, 3.16S, and 3.17S allows remote authenticated users to cause a denial of service (device restart) via a sequence of crafted SNMP read requests, aka Bug ID CSCux13174. | 2016-06-22 | 6.8 | CVE-2016-1428 CISCO |
| cisco — firepower_management_center | Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur25516. | 2016-06-17 | 4.3 | CVE-2016-1431 CISCO |
| cisco — ios_xe | Cisco IOS XE 3.15S and 3.16S on cBR-8 Converged Broadband Router devices allows remote authenticated users to cause a denial of service (NULL pointer dereference and card restart) via a crafted SNMP request, aka Bug ID CSCuu68862. | 2016-06-17 | 6.8 | CVE-2016-1432 CISCO |
| cisco — ip_phone_8800_series_firmware | The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010. | 2016-06-22 | 4.0 | CVE-2016-1434 CISCO |
| cisco — ip_phone_8800_series_firmware | Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014. | 2016-06-22 | 6.2 | CVE-2016-1435 CISCO |
| cisco — asr_5000_software | The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1 packet, aka Bug ID CSCuz46198. | 2016-06-22 | 5.0 | CVE-2016-1436 CISCO |
| cisco — prime_collaboration_deployment | SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy92549. | 2016-06-22 | 4.0 | CVE-2016-1437 CISCO |
| cisco — asyncos | Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210. | 2016-06-22 | 5.0 | CVE-2016-1438 CISCO |
| cisco — unified_contact_center_enterprise | Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center Enterprise through 10.5(2) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux59650. | 2016-06-22 | 4.3 | CVE-2016-1439 CISCO |
| citrix — ios_receiver | Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors. | 2016-06-17 | 5.8 | CVE-2016-5433 CONFIRM |
| cybozu — garoon | Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196. | 2016-06-19 | 4.3 | CVE-2015-7776 CONFIRM CONFIRM CONFIRM CONFIRM JVNDB JVN |
| cybozu — garoon | Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors. | 2016-06-19 | 5.0 | CVE-2016-1191 CONFIRM JVNDB JVN |
| cybozu — garoon | Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors. | 2016-06-19 | 4.0 | CVE-2016-1192 CONFIRM JVNDB JVN |
| cybozu — garoon | Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | 2016-06-19 | 5.8 | CVE-2016-1195 CONFIRM JVNDB JVN |
| cybozu — garoon | Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776. | 2016-06-19 | 4.0 | CVE-2016-1196 CONFIRM JVNDB JVN |
| cybozu — garoon | Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775. | 2016-06-19 | 4.3 | CVE-2016-1197 CONFIRM JVNDB JVN |
| emc — documentum_administrator | EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface. | 2016-06-22 | 6.5 | CVE-2016-0914 BUGTRAQ |
| fonality — fonality | The Chrome HUDweb plugin before 2016-05-05 for Fonality (previously trixbox Pro) 12.6 through 14.1i uses the same hardcoded private key across different customers’ installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | 2016-06-19 | 5.0 | CVE-2016-2364 CERT-VN |
| gsi — old_gsi_maps | Directory traversal vulnerability in kml2jsonp.php in Geospatial Information Authority of Japan (aka GSI) Old_GSI_Maps before January 2015 on Windows allows remote attackers to read arbitrary files via unspecified vectors. | 2016-06-18 | 5.0 | CVE-2016-4814 CONFIRM JVNDB JVN |
| h2o_project — h2o | lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 mishandles HTTP/2 disconnection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted packet. | 2016-06-18 | 5.0 | CVE-2016-4817 CONFIRM CONFIRM JVNDB JVN |
| hp — service_manager | HP Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client, Windows Client, and Service Request components. | 2016-06-18 | 6.0 | CVE-2016-4371 CONFIRM |
| ibm — elastic_storage_server | IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum Scale RAID, allows local users to gain privileges via a crafted parameter to a setuid program. | 2016-06-19 | 4.6 | CVE-2016-0392 AIXAPAR CONFIRM |
| iodata — etx-r_firmware | Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users. | 2016-06-18 | 6.8 | CVE-2016-4820 CONFIRM JVNDB JVN |
| iodata — etx-r_firmware | I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial of service (web-server crash) via unspecified vectors. | 2016-06-18 | 5.0 | CVE-2016-4821 CONFIRM JVNDB JVN |
| moxa — pt-7728_firmware | Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy. | 2016-06-19 | 4.6 | CVE-2016-4514 MISC |
| netgear — d3600_firmware | NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers’ installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | 2016-06-19 | 4.3 | CVE-2015-8288 CERT-VN CONFIRM |
| netgear — d3600_firmware | The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code. | 2016-06-19 | 4.3 | CVE-2015-8289 CERT-VN CONFIRM |
| ntt-bp — japan_connected-free_wi-fi | The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.15.1 and earlier for Android and 1.13.0 and earlier for iOS allows man-in-the-middle attackers to obtain API access via unspecified vectors. | 2016-06-19 | 5.1 | CVE-2016-4811 CONFIRM CONFIRM JVNDB JVN CONFIRM |
| nttdata — terasoluna_server_framework_for_java_web | NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname. | 2016-06-18 | 4.3 | CVE-2016-1183 CONFIRM JVNDB JVN |
| openstack — neutron | The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address. | 2016-06-17 | 6.4 | CVE-2015-8914 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST MLIST |
| openstack — neutron | The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message. | 2016-06-17 | 6.4 | CVE-2016-5362 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST MLIST |
| openstack — neutron | The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) crafted non-IP traffic. | 2016-06-17 | 6.4 | CVE-2016-5363 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST MLIST |
| osisoft — pi_af_server_2016 | OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated users to cause a denial of service (service outage) via a message. | 2016-06-19 | 4.0 | CVE-2016-4518 MISC CONFIRM |
| oslsoft — pi_sql_data_access_server_2016 | OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote authenticated users to cause a denial of service (service outage and data loss) via a message. | 2016-06-19 | 4.0 | CVE-2016-4530 MISC CONFIRM |
| trend_micro — business_security | Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors. | 2016-06-18 | 5.0 | CVE-2016-1223 JVNDB JVN CONFIRM |
| trend_micro — business_security | CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors. | 2016-06-18 | 4.3 | CVE-2016-1224 JVNDB JVN CONFIRM |
| trendmicro — internet_security | Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors. | 2016-06-19 | 5.0 | CVE-2016-1225 CONFIRM JVNDB JVN |
| trendmicro — internet_security | Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2016-06-19 | 4.3 | CVE-2016-1226 CONFIRM JVNDB JVN |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cybozu — garoon | Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-1197. | 2016-06-19 | 3.5 | CVE-2015-7775 CONFIRM JVNDB JVN |
| ibm — websphere_mq | IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program. | 2016-06-19 | 2.1 | CVE-2015-7462 CONFIRM |
| openssl — openssl | The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. | 2016-06-19 | 2.1 | CVE-2016-2178 CONFIRM CONFIRM MLIST MLIST MISC |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| advantech — webaccess | Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file. | 2016-06-24 | not yet calculated | CVE-2016-4528 MISC |
| advantech — webaccess | Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag. | 2016-06-24 | not yet calculated | CVE-2016-4525 MISC |
| alertus — desktop_notification | Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak permissions for configuration files and unspecified other files, which allows local users to suppress emergency notifications or change content via standard filesystem operations. | 2016-06-25 | not yet calculated | CVE-2016-5087 CONFIRM CERT-VN |
| apple — mdnsresponder | Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function. | 2016-06-25 | not yet calculated | CVE-2015-7987 CERT-VN CONFIRM |
| apple — mdnsresponder | The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors. | 2016-06-25 | CVE-2015-7988 CERT-VN CONFIRM |
|
| corega — cg_wlbaragm | Corega CG-WLBARAGM devices allow remote attackers to cause a denial of service (reboot) via unspecified vectors. | 2016-06-25 | not yet calculated | CVE-2016-4823 JVNDB JVN CONFIRM |
| corega — cg_wlbargl | Corega CG-WLBARGL devices allow remote authenticated users to execute arbitrary commands via unspecified vectors. | 2016-06-25 | not yet calculated | CVE-2016-4822 JVNDB JVN CONFIRM |
| corega — wifi | The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack. | 2016-06-25 | not yet calculated | CVE-2016-4824 JVNDB JVN CONFIRM |
| curl — libcurl | Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory. | 2016-06-24 | not yet calculated | CVE-2016-4802 CONFIRM SECTRACK |
| cybozu — garoon | Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors. | 2016-06-25 | not yet calculated | CVE-2016-1190 CONFIRM CONFIRM JVNDB JVN |
| cybozu — garoon | Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors. | 2016-06-25 | not yet calculated | CVE-2016-1193 CONFIRM JVNDB JVN |
| cybozu — garoon | Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors. | 2016-06-25 | not yet calculated | CVE-2016-1189 CONFIRM CONFIRM JVNDB JVN |
| cybozu — garoon | Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors. | 2016-06-25 | not yet calculatednot yet calculated | CVE-2016-1188 CONFIRM CONFIRM JVNDB JVN |
| f5 — icontrol_rest | The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sensitive information via unspecified vectors. | 2016-06-24 | not yet calculated | CVE-2016-5021 CONFIRM |
| huawei — fusioninsight | Huawei FusionInsight HD before V100R002C60SPC200 allows local users to gain root privileges via unspecified vectors. | 2016-06-24 | not yet calculated | CVE-2016-5723 CONFIRM |
| huawei — ips_module | Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows remote attackers to cause a denial of service (memory consumption and reboot) via a crafted packet. | 2016-06-24 | not yet calculated | CVE-2016-5435 CONFIRM |
| ibm — websphere_portal | Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 2016-06-25 | not yet calculated | CVE-2016-2901 CONFIRM AIXAPAR |
| oceanstor — oceanstor | OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network. | 2016-06-24 | not yet calculated | CVE-2016-5722 CONFIRM |
| schneider — powerlogic | Cross-site scripting (XSS) vulnerability in the Schneider Electric PowerLogic PM8ECC module before 2.651 for PowerMeter 800 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2016-06-25 | not yet calculated | CVE-2016-4513 MISC |
| solarwinds — virtualization_ manager | SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack. | 2016-06-24 | not yet calculated | CVE-2016-5709 FULLDISC |
| unitronics — visilogic | Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers to execute arbitrary code via a crafted filename field in a ZIP archive in a vlp file. | 2016-06-24 | not yet calculated | CVE-2016-4519 MISC MISC |
| wordpress — e-commerce_plugin | Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826. | 2016-06-25 | not yet calculated | CVE-2016-4827 CONFIRM JVNDB JVN |
| wordpress — e-commerce_plugin | Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827. | 2016-06-25 | not yet calculated | CVE-2016-4826 CONFIRM JVNDB JVN |
| wordpress — e_commerce_plugin | The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data. | 2016-06-25 | not yet calculated | CVE-2016-4825 CONFIRM JVNDB JVN |
| wordpress — e-commerce_plugin | The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account. | 2016-06-25 | not yet calculated | CVE-2016-4828 CONFIRM JVNDB JVN |
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: June 24, 2016
The Internal Revenue Service (IRS) has issued two news releases addressing new safeguards to protect taxpayers and strengthen authentication requirements. The electronic filing (e-File) PIN, an alternative signature verification tool used to assist with electronic tax filing, will no longer be available after suspicious activity was recently detected. Additionally, new requirements are in place to enhance validation for participants using the Income Verification Express Service (IVES), a service used to verify loan applicants’ incomes.
US-CERT encourages users and administrators to review the IRS news releases e-File PIN and Steps to Strengthen IVES Program for details and refer to US-CERT Security Tip ST04-013 for information on protecting your privacy.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: June 22, 2016
WordPress 4.5.2 and prior versions are affected by several security issues. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.
US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.5.3.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: June 21, 2016
Apple has released a security update to address a vulnerability in AirPort Base Station (Wi-Fi enabled devices). Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review the Apple security page for AirPort Base Station and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: June 20, 2016
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe — air_desktop_runtime | Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, and CVE-2016-4163. | 2016-06-16 | 7.5 | CVE-2016-4120 CONFIRM |
| adobe — air_desktop_runtime | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, and CVE-2016-4110. | 2016-06-16 | 7.5 | CVE-2016-4121 CONFIRM |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4122 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4123 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4124 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4125 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4126 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4127 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 10.0 | CVE-2016-4128 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 10.0 | CVE-2016-4129 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4130 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4131 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4132 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4133 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4134 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4135 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4136 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4137 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 10.0 | CVE-2016-4138 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4139 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4140 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4141 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4142 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4143 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4144 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4145 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4146 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4147 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4148 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4149 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4150 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4151 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4152 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4153 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4154 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4155 MS |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 9.3 | CVE-2016-4156 MS |
| adobe — air_desktop_runtime | Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4161, CVE-2016-4162, and CVE-2016-4163. | 2016-06-16 | 7.5 | CVE-2016-4160 CONFIRM |
| adobe — air_desktop_runtime | Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4162, and CVE-2016-4163. | 2016-06-16 | 7.5 | CVE-2016-4161 CONFIRM |
| adobe — air_desktop_runtime | Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, and CVE-2016-4163. | 2016-06-16 | 7.5 | CVE-2016-4162 CONFIRM |
| adobe — air_desktop_runtime | Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, and CVE-2016-4162. | 2016-06-16 | 7.5 | CVE-2016-4163 CONFIRM |
| adobe — brackets | The extension manager in Adobe Brackets before 1.7 allows attackers to have an unspecified impact via invalid input. | 2016-06-16 | 10.0 | CVE-2016-4165 CONFIRM |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | 2016-06-16 | 10.0 | CVE-2016-4166 MS |
| adobe — dng_software_development_kit | Adobe DNG Software Development Kit (SDK) before 1.4 2016 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 2016-06-16 | 7.5 | CVE-2016-4167 CONFIRM |
| adobe — flash_player | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016. | 2016-06-16 | 10.0 | CVE-2016-4171 CONFIRM |
| citrix — xenserver | Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to “compromise” a host by leveraging credentials for an Active Directory account. | 2016-06-13 | 7.5 | CVE-2016-5302 CONFIRM SECTRACK CONFIRM |
| fasterxml — jackson | XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors. | 2016-06-10 | 10.0 | CVE-2016-3720 FEDORA |
| google — android | Multiple integer overflows in the h264dec component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation, aka internal bug 27855419. | 2016-06-12 | 7.5 | CVE-2016-2463 CONFIRM CONFIRM |
| google — android | libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted mkv file, aka internal bug 23167726. | 2016-06-12 | 9.3 | CVE-2016-2464 CONFIRM CONFIRM CONFIRM |
| google — android | The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27407865. | 2016-06-12 | 9.3 | CVE-2016-2465 CONFIRM |
| google — android | The Qualcomm sound driver in Android before 2016-06-01 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka internal bug 27947307. | 2016-06-12 | 9.3 | CVE-2016-2466 CONFIRM |
| google — android | The Qualcomm sound driver in Android before 2016-06-01 on Nexus 5 devices allows attackers to gain privileges via a crafted application, aka internal bug 28029010. | 2016-06-12 | 9.3 | CVE-2016-2467 CONFIRM |
| google — android | The Qualcomm GPU driver in Android before 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7 devices allows attackers to gain privileges via a crafted application, aka internal bug 27475454. | 2016-06-12 | 9.3 | CVE-2016-2468 CONFIRM |
| google — android | The Qualcomm sound driver in Android before 2016-06-01 on Nexus 5, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27531992. | 2016-06-12 | 9.3 | CVE-2016-2469 CONFIRM |
| google — android | The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27662174. | 2016-06-12 | 9.3 | CVE-2016-2470 CONFIRM |
| google — android | The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27773913. | 2016-06-12 | 9.3 | CVE-2016-2471 CONFIRM |
| google — android | The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27776888. | 2016-06-12 | 9.3 | CVE-2016-2472 CONFIRM |
| google — android | The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27777501. | 2016-06-12 | 9.3 | CVE-2016-2473 CONFIRM |
| google — android | The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka internal bug 27424603. | 2016-06-12 | 9.3 | CVE-2016-2474 CONFIRM |
| google — android | mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate OMX buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27207275. | 2016-06-12 | 9.3 | CVE-2016-2476 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| google — android | mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles pointers, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27251096. | 2016-06-12 | 9.3 | CVE-2016-2477 CONFIRM CONFIRM |
| google — android | mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles pointers, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27475409. | 2016-06-12 | 9.3 | CVE-2016-2478 CONFIRM CONFIRM |
| google — android | The mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27532282. | 2016-06-12 | 9.3 | CVE-2016-2479 CONFIRM CONFIRM |
| google — android | The mm-video-v4l2 vidc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate certain OMX parameter data structures, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27532721. | 2016-06-12 | 9.3 | CVE-2016-2480 CONFIRM CONFIRM |
| google — android | The mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27532497. | 2016-06-12 | 9.3 | CVE-2016-2481 CONFIRM CONFIRM |
| google — android | The mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27661749. | 2016-06-12 | 9.3 | CVE-2016-2482 CONFIRM CONFIRM |
| google — android | The mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27662502. | 2016-06-12 | 9.3 | CVE-2016-2483 CONFIRM CONFIRM |
| google — android | libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate OMX buffer sizes for the GSM and G711 codecs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793163. | 2016-06-12 | 9.3 | CVE-2016-2484 CONFIRM CONFIRM |
| google — android | libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate OMX buffer sizes for the GSM and G711 codecs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793367. | 2016-06-12 | 9.3 | CVE-2016-2485 CONFIRM CONFIRM |
| google — android | mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate the relationship between allocated memory and the frame size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793371. | 2016-06-12 | 9.3 | CVE-2016-2486 CONFIRM CONFIRM |
| google — android | libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27833616. | 2016-06-12 | 9.3 | CVE-2016-2487 CONFIRM CONFIRM CONFIRM CONFIRM |
| google — android | The Qualcomm camera driver in Android before 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27600832. | 2016-06-12 | 9.3 | CVE-2016-2488 CONFIRM |
| google — android | The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27407629. | 2016-06-12 | 9.3 | CVE-2016-2489 CONFIRM |
| google — android | The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27533373. | 2016-06-12 | 9.3 | CVE-2016-2490 CONFIRM |
| google — android | The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27556408. | 2016-06-12 | 9.3 | CVE-2016-2491 CONFIRM |
| google — android | The MediaTek power-management driver in Android before 2016-06-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 28085410. | 2016-06-12 | 9.3 | CVE-2016-2492 CONFIRM |
| google — android | The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 26571522. | 2016-06-12 | 9.3 | CVE-2016-2493 CONFIRM |
| google — android | Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28085658. | 2016-06-12 | 9.3 | CVE-2016-2494 CONFIRM CONFIRM |
| google — android | SampleTable.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28076789. | 2016-06-12 | 7.1 | CVE-2016-2495 CONFIRM CONFIRM CONFIRM |
| google — android | The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and access arbitrary private-storage files by creating a partially overlapping window, aka internal bug 26677796. | 2016-06-12 | 10.0 | CVE-2016-2496 CONFIRM CONFIRM CONFIRM CONFIRM |
| graphicsmagick — graphicsmagick | The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. | 2016-06-10 | 10.0 | CVE-2016-5118 SECTRACK SECTRACK MLIST MLIST DEBIAN SUSE SUSE SUSE SUSE CONFIRM CONFIRM CONFIRM |
| huawei — hilink_app | The Huawei Hilink App application before 3.19.2 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008. | 2016-06-13 | 7.5 | CVE-2016-4005 CONFIRM |
| huawei — rse6500_firmware | Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint control unit devices with software before V500R002C00SPC200 and RSE6500 videoconference devices with software before V500R002C00SPC100, when an unspecified service is enabled, allows remote attackers to execute arbitrary code via a crafted packet, aka HWPSIRT-2016-05054. | 2016-06-13 | 9.3 | CVE-2016-5234 CONFIRM |
| huawei — honor_ws851_firmware | Stack-based buffer overflow in Huawei Honor WS851 routers with software 1.1.21.1 and earlier allows remote attackers to execute arbitrary commands with root privileges via unspecified vectors, aka HWPSIRT-2016-05051. | 2016-06-14 | 10.0 | CVE-2016-5365 CONFIRM |
| libexpat — expat | The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. | 2016-06-16 | 7.8 | CVE-2016-5300 MLIST MLIST DEBIAN |
| linux — linux_kernel | Integer signedness error in the MSM V4L2 video driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (array overflow and memory corruption) via a crafted application that triggers an msm_isp_axi_create_stream call. | 2016-06-12 | 9.3 | CVE-2016-2061 CONFIRM CONFIRM CONFIRM |
| linux — linux_kernel | Integer signedness error in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application that makes an ioctl call. | 2016-06-12 | 9.3 | CVE-2016-2066 CONFIRM CONFIRM CONFIRM |
| microsoft — office | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.” | 2016-06-15 | 9.3 | CVE-2016-0025 MS |
| microsoft — internet_explorer | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0200 and CVE-2016-3211. | 2016-06-15 | 9.3 | CVE-2016-0199 MS |
| microsoft — internet_explorer | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0199 and CVE-2016-3211. | 2016-06-15 | 9.3 | CVE-2016-0200 MS |
| microsoft — edge | The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-3214. | 2016-06-15 | 9.3 | CVE-2016-3199 MS |
| microsoft — chakra_javascript | The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability.” | 2016-06-15 | 7.6 | CVE-2016-3202 MS MS |
| microsoft — edge | Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to execute arbitrary code via a crafted PDF document, aka “Windows PDF Remote Code Execution Vulnerability.” | 2016-06-15 | 9.3 | CVE-2016-3203 MS MS |
| microsoft — jscript | The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-3206 and CVE-2016-3207. | 2016-06-15 | 7.6 | CVE-2016-3205 MS MS |
| microsoft — jscript | The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-3205 and CVE-2016-3207. | 2016-06-15 | 9.3 | CVE-2016-3206 MS MS |
| microsoft — jscript | The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-3205 and CVE-2016-3206. | 2016-06-15 | 7.6 | CVE-2016-3207 MS MS |
| microsoft — internet_explorer | The Microsoft (1) JScript and (2) VBScript engines, as used in Internet Explorer 11, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability.” | 2016-06-15 | 9.3 | CVE-2016-3210 MS |
| microsoft — internet_explorer | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0199 and CVE-2016-0200. | 2016-06-15 | 9.3 | CVE-2016-3211 MS |
| microsoft — internet_explorer | The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 9 through 11 has an improper fallback mechanism, which allows remote attackers to gain privileges via NetBIOS name responses, aka “WPAD Elevation of Privilege Vulnerability.” | 2016-06-15 | 9.3 | CVE-2016-3213 MS MS |
| microsoft — edge | The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-3199. | 2016-06-15 | 9.3 | CVE-2016-3214 MS |
| microsoft — edge | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability.” | 2016-06-15 | 9.3 | CVE-2016-3222 MS |
| microsoft — windows_10 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle LDAP authentication, which allows man-in-the-middle attackers to gain privileges by modifying group-policy update data within a domain-controller data stream, aka “Group Policy Elevation of Privilege Vulnerability.” | 2016-06-15 | 9.3 | CVE-2016-3223 MS |
| microsoft — windows_server_2012 | Use-after-free vulnerability in the DNS Server component in Microsoft Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka “Windows DNS Server Use After Free Vulnerability.” | 2016-06-15 | 10.0 | CVE-2016-3227 MS |
| microsoft — windows_server_2008 | Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows Server 2012 Gold and R2 allow remote authenticated users to execute arbitrary code via a crafted NetLogon request, aka “Windows Netlogon Memory Corruption Remote Code Execution Vulnerability.” | 2016-06-15 | 9.0 | CVE-2016-3228 MS |
| microsoft — windows_diagnostics_hub | The Standard Collector service in Windows Diagnostics Hub mishandles library loading, which allows local users to gain privileges via a crafted application, aka “Windows Diagnostics Hub Elevation of Privilege Vulnerability.” | 2016-06-15 | 7.2 | CVE-2016-3231 MS |
| microsoft — excel | Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.” | 2016-06-15 | 9.3 | CVE-2016-3233 MS |
| microsoft — visio | Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka “Microsoft Office OLE DLL Side Loading Vulnerability.” | 2016-06-15 | 9.3 | CVE-2016-3235 MS |
| microsoft — windows_10 | The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles proxy discovery, which allows remote attackers to redirect network traffic via unspecified vectors, aka “Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability.” | 2016-06-15 | 10.0 | CVE-2016-3236 MS |
| mozilla — firefox | The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows does not prevent MAR extracted-file modification during updater execution, which might allow local users to gain privileges via a Trojan horse file. | 2016-06-13 | 7.2 | CVE-2016-2826 CONFIRM SECTRACK CONFIRM |
| mozilla — firefox | Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. | 2016-06-13 | 9.3 | CVE-2016-2834 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM UBUNTU SECTRACK CONFIRM SUSE SUSE |
| puppetlabs — puppet | Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding. | 2016-06-10 | 7.5 | CVE-2016-2785 GENTOO CONFIRM CONFIRM |
| puppetlabs — puppet_agent | The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate. | 2016-06-10 | 7.5 | CVE-2016-2786 GENTOO CONFIRM |
| solarwinds — virtualization_manager | The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | 2016-06-17 | 10.0 | CVE-2016-3642 FULLDISC FULLDISC MISC |
| solarwinds — virtualization_manager | SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by “sudo cat /etc/passwd.” | 2016-06-17 | 7.2 | CVE-2016-3643 FULLDISC MISC |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe — creative_cloud | Untrusted search path vulnerability in the installer in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse resource in an unspecified directory. | 2016-06-16 | 6.9 | CVE-2016-4157 CONFIRM |
| adobe — creative_cloud | Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory. | 2016-06-16 | 6.9 | CVE-2016-4158 CONFIRM |
| adobe — coldfusion | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2016-06-16 | 4.3 | CVE-2016-4159 CONFIRM |
| adobe — brackets | Cross-site scripting (XSS) vulnerability in Adobe Brackets before 1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2016-06-16 | 4.3 | CVE-2016-4164 CONFIRM |
| apache — ranger | SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime. | 2016-06-13 | 6.5 | CVE-2016-2174 CONFIRM MLIST |
| apache — cloudstack | Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin. | 2016-06-10 | 5.8 | CVE-2016-3085 BUGTRAQ MISC |
| atheme — atheme | modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks. | 2016-06-13 | 5.0 | CVE-2014-9773 CONFIRM CONFIRM MLIST MLIST SUSE |
| atheme — atheme | Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding. | 2016-06-13 | 5.0 | CVE-2016-4478 CONFIRM MLIST MLIST DEBIAN SUSE |
| bmc — bladelogic_server_automation_console | The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by sending an action packet to xmlrpc after an authorization failure. | 2016-06-13 | 5.0 | CVE-2016-1542 CONFIRM MISC BUGTRAQ MISC |
| bmc — bladelogic_server_automation_console | The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure. | 2016-06-13 | 5.0 | CVE-2016-1543 CONFIRM MISC BUGTRAQ MISC |
| citrix — ios_receiver | Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors. | 2016-06-17 | 5.8 | CVE-2016-5433 CONFIRM |
| f5 — big-ip_access_policy_manager | Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, and 11.6.x before 11.6.0 HF6 and Edge Gateway 11.2.1, when using multi-domain single sign-on (SSO), allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in the SSO_ORIG_URI parameter. | 2016-06-16 | 4.0 | CVE-2016-3687 CONFIRM SECTRACK |
| ffmpeg — ffmpeg | The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file. | 2016-06-16 | 6.8 | CVE-2016-3062 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM DEBIAN |
| google — android | The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus Player, and Pixel C devices allows attackers to gain privileges for certain system calls via a crafted application, aka internal bug 26425765. | 2016-06-12 | 6.8 | CVE-2016-2475 CONFIRM |
| google — android | The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to bypass intended data-access restrictions via a crafted application, aka internal bug 27777162. | 2016-06-12 | 4.3 | CVE-2016-2498 CONFIRM |
| google — android | AudioSource.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not initialize certain data, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 27855172. | 2016-06-12 | 4.3 | CVE-2016-2499 CONFIRM CONFIRM |
| google — android | Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not properly terminate process groups, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 19285814. | 2016-06-12 | 4.3 | CVE-2016-2500 CONFIRM CONFIRM |
| huawei — hilink_app | The Huawei Wear App application before 15.0.0.307 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008. | 2016-06-13 | 6.8 | CVE-2016-3677 CONFIRM |
| huawei — mate_8_firmware | Huawei Mate 8 smartphones with software NXT-AL10 before NXT-AL10C00B182, NXT-CL00 before NXT-CL00C92B182, NXT-DL00 before NXT-DL00C17B182, and NXT-TL00 before NXT-TL00C01B182 allow remote base stations to obtain sensitive subscriber signal strength information via vectors involving improper security status verification, aka HWPSIRT-2015-12007. | 2016-06-10 | 4.3 | CVE-2016-5233 CONFIRM |
| huawei — honor_ws851_firmware | Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to modify configuration data via vectors related to a “file injection vulnerability,” aka HWPSIRT-2016-05052. | 2016-06-14 | 5.0 | CVE-2016-5366 CONFIRM |
| huawei — honor_ws851_firmware | Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors, aka HWPSIRT-2016-05053. | 2016-06-14 | 5.0 | CVE-2016-5367 CONFIRM |
| libexpat — expat | Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. | 2016-06-16 | 4.3 | CVE-2012-6702 MLIST MLIST DEBIAN |
| libimobiledevice — libimobiledevice | The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket. | 2016-06-13 | 5.0 | CVE-2016-5104 CONFIRM CONFIRM CONFIRM MLIST MLIST SUSE |
| libksba_project — libskba | ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data. | 2016-06-13 | 5.0 | CVE-2016-4353 GENTOO UBUNTU MLIST MLIST CONFIRM |
| libksba_project — libskba | ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. | 2016-06-13 | 5.0 | CVE-2016-4354 GENTOO UBUNTU MLIST MLIST CONFIRM |
| libksba_project — libskba | Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. | 2016-06-13 | 5.0 | CVE-2016-4355 GENTOO UBUNTU MLIST MLIST CONFIRM |
| libksba_project — libskba | The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data. | 2016-06-13 | 5.0 | CVE-2016-4356 GENTOO UBUNTU MLIST MLIST MLIST CONFIRM |
| libksba_project — libskba | Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356. | 2016-06-13 | 5.0 | CVE-2016-4574 UBUNTU MLIST MLIST SUSE SUSE CONFIRM |
| libksba_project — libskba | Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the “returned length of the object from _ksba_ber_parse_tl.” | 2016-06-13 | 5.0 | CVE-2016-4579 UBUNTU MLIST MLIST SUSE CONFIRM |
| libndp — libndp | libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network. | 2016-06-13 | 6.8 | CVE-2016-3698 REDHAT CONFIRM CONFIRM UBUNTU MLIST DEBIAN |
| libreswan — libreswan | programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each. | 2016-06-16 | 5.0 | CVE-2016-5361 CONFIRM MLIST MLIST |
| liferay — liferay_portal | Cross-site scripting (XSS) vulnerability in users.jsp in the Profile Search functionality in Liferay before 7.0.0 CE RC1 allows remote attackers to inject arbitrary web script or HTML via the FirstName field. | 2016-06-13 | 4.3 | CVE-2016-3670 EXPLOIT-DB MISC CONFIRM SECTRACK FULLDISC MISC |
| microsoft — outlook_web_access | Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, aka “Microsoft Exchange Information Disclosure Vulnerability.” | 2016-06-15 | 4.3 | CVE-2016-0028 MS |
| microsoft — edge | Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted document, aka “Microsoft Edge Security Feature Bypass.” | 2016-06-15 | 4.3 | CVE-2016-3198 MS |
| microsoft — edge | Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka “Windows PDF Information Disclosure Vulnerability,” a different vulnerability than CVE-2016-3215. | 2016-06-15 | 4.3 | CVE-2016-3201 MS MS |
| microsoft — internet_explorer | The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, aka “Internet Explorer XSS Filter Vulnerability.” | 2016-06-15 | 4.3 | CVE-2016-3212 MS |
| microsoft — edge | Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka “Windows PDF Information Disclosure Vulnerability,” a different vulnerability than CVE-2016-3201. | 2016-06-15 | 4.3 | CVE-2016-3215 MS MS |
| microsoft — windows_10 | GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka “Windows Graphics Component Information Disclosure Vulnerability.” | 2016-06-15 | 4.3 | CVE-2016-3216 MS |
| microsoft — windows_10 | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-3221. | 2016-06-15 | 6.9 | CVE-2016-3218 MS |
| microsoft — windows_10 | The kernel-mode driver in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability.” | 2016-06-15 | 6.9 | CVE-2016-3219 MS |
| microsoft — windows_10 | atmfd.dll in the Adobe Type Manager Font Driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “ATMFD.dll Elevation of Privilege Vulnerability.” | 2016-06-15 | 6.9 | CVE-2016-3220 MS |
| microsoft — windows_10 | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-3218. | 2016-06-15 | 6.9 | CVE-2016-3221 MS |
| microsoft — windows_10 | The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application that forwards an authentication request to an unintended service, aka “Windows SMB Server Elevation of Privilege Vulnerability.” | 2016-06-15 | 6.9 | CVE-2016-3225 MS |
| microsoft — windows_server_2008 | Active Directory in Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service hang) by creating many machine accounts, aka “Active Directory Denial of Service Vulnerability.” | 2016-06-15 | 4.0 | CVE-2016-3226 MS |
| microsoft — office | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka “Microsoft Office Information Disclosure Vulnerability.” | 2016-06-15 | 4.3 | CVE-2016-3234 MS |
| mozilla — firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2016-06-13 | 6.8 | CVE-2016-2815 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM UBUNTU SECTRACK CONFIRM SUSE SUSE |
| mozilla — firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2016-06-13 | 6.8 | CVE-2016-2818 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM UBUNTU SECTRACK CONFIRM DEBIAN SUSE SUSE |
| mozilla — firefox | Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element. | 2016-06-13 | 6.8 | CVE-2016-2819 CONFIRM UBUNTU SECTRACK CONFIRM DEBIAN SUSE SUSE |
| mozilla — firefox | Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor. | 2016-06-13 | 6.8 | CVE-2016-2821 CONFIRM UBUNTU SECTRACK CONFIRM DEBIAN SUSE SUSE |
| mozilla — firefox | Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu. | 2016-06-13 | 4.3 | CVE-2016-2822 CONFIRM UBUNTU SECTRACK CONFIRM DEBIAN SUSE SUSE |
| mozilla — firefox | The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader that writes to an array. | 2016-06-13 | 6.8 | CVE-2016-2824 CONFIRM SECTRACK CONFIRM SUSE SUSE |
| mozilla — firefox | Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL. | 2016-06-13 | 4.3 | CVE-2016-2825 CONFIRM UBUNTU SECTRACK CONFIRM SUSE SUSE |
| mozilla — firefox | Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture’s recycle pool. | 2016-06-13 | 6.8 | CVE-2016-2828 CONFIRM UBUNTU SECTRACK CONFIRM DEBIAN SUSE SUSE |
| mozilla — firefox | Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission. | 2016-06-13 | 4.3 | CVE-2016-2829 CONFIRM UBUNTU SECTRACK CONFIRM SUSE SUSE |
| mozilla — firefox | Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site. | 2016-06-13 | 5.8 | CVE-2016-2831 CONFIRM UBUNTU SECTRACK CONFIRM DEBIAN SUSE SUSE |
| mozilla — firefox | Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes. | 2016-06-13 | 4.3 | CVE-2016-2832 CONFIRM UBUNTU SECTRACK CONFIRM SUSE SUSE |
| mozilla — firefox | Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet. | 2016-06-13 | 4.3 | CVE-2016-2833 CONFIRM UBUNTU SECTRACK CONFIRM SUSE SUSE |
| ocaml — ocaml | OCamel before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function. | 2016-06-13 | 6.4 | CVE-2015-8869 CONFIRM MLIST MLIST SUSE FEDORA |
| openstack — neutron | The IPTables firewall in OpenStack Neutron 7.0.x through 7.0.4 (Liberty) and 8.0.x through 8.1.0 (Mitaka) allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address. | 2016-06-17 | 6.4 | CVE-2015-8914 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST MLIST |
| openstack — neutron | The IPTables firewall in OpenStack Neutron 7.0.x through 7.0.4 (Liberty) and 8.0.x through 8.1.0 (Mitaka) allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message. | 2016-06-17 | 6.4 | CVE-2016-5362 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST MLIST |
| openstack — neutron | The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) crafted non-IP traffic. | 2016-06-17 | 6.4 | CVE-2016-5363 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST MLIST |
| openstack_project — openstack_identity | The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token. | 2016-06-13 | 4.0 | CVE-2016-4911 CONFIRM CONFIRM CONFIRM MLIST MLIST |
| qemu — qemu | The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer. | 2016-06-14 | 4.6 | CVE-2016-5338 MLIST MLIST MLIST CONFIRM |
| quassel-irc — quassel | The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data. | 2016-06-13 | 5.0 | CVE-2016-4414 CONFIRM MLIST MLIST CONFIRM SUSE FEDORA FEDORA FEDORA |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| microsoft — windows_10 | The Search component in Microsoft Windows 7, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to cause a denial of service (performance degradation) via a crafted application, aka “Windows Search Component Denial of Service Vulnerability.” | 2016-06-15 | 1.9 | CVE-2016-3230 MS |
| microsoft — windows_server_2012 | The Virtual PCI (VPCI) virtual service provider in Microsoft Windows Server 2012 Gold and R2 allows local users to obtain sensitive information from uninitialized memory locations via a crafted application, aka “Windows Virtual PCI Information Disclosure Vulnerability.” | 2016-06-15 | 2.1 | CVE-2016-3232 MS |
| qemu — qemu | The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers. | 2016-06-16 | 2.1 | CVE-2016-2391 MLIST CONFIRM UBUNTU MLIST CONFIRM |
| qemu — qemu | Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function. | 2016-06-16 | 3.6 | CVE-2016-2538 MLIST CONFIRM UBUNTU MLIST MLIST CONFIRM |
| qemu — qemu | The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control. | 2016-06-16 | 2.1 | CVE-2016-2841 MLIST CONFIRM UBUNTU MLIST MLIST CONFIRM |
| qemu — qemu | The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode. | 2016-06-14 | 2.1 | CVE-2016-5238 MLIST MLIST CONFIRM MLIST MLIST |
| qemu — qemu | The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information. | 2016-06-14 | 2.1 | CVE-2016-5337 MLIST MLIST MLIST CONFIRM |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| borland — printfdx | The printfDx function in Takumi Yamada DX Library for Borland C++ 3.13f through 3.16b, DX Library for Gnu C++ 3.13f through 3.16b, and DX Library for Visual C++ 3.13f through 3.16b allows remote attackers to execute arbitrary code via a crafted string. | 2016-06-18 | not yet calculated | CVE-2016-4819 JVNDB JVN CONFIRM |
| buffalo — wzr-600dhp3_firmware | BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices allow remote attackers to discover credentials and other sensitive information via unspecified vectors. | 2016-06-18 | not yet calculated | CVE-2016-4816 JVNDB JVN CONFIRM |
| buffalo — wzr-600dhp3_firmware | Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | 2016-06-18 | not yet calculated | CVE-2016-4815 JVNDB JVN CONFIRM |
| cisco — firepower_management_center | Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur25516. | 2016-06-17 | not yet calculated | CVE-2016-1431 CISCO |
| cisco — ios_15.2(1)t1.11_and_ 15.2(2)t1.11 | Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun63132. | 2016-06-18 | not yet calculated | CVE-2016-1424 CISCO |
| cisco — prime_network_registrar | The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694. | 2016-06-17 | not yet calculated | CVE-2016-1427 CISCO |
| cisco — rv110w_devices | Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523. | 2016-06-18 | not yet calculated | CVE-2016-1397 CISCO |
| cisco — rv110w_devices | Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583. | 2016-06-18 | not yet calculated | CVE-2016-1396 CISCO |
| cisco — rv110w_devices | The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428. | 2016-06-18 | not yet calculated | CVE-2016-1395 CISCO |
| cisco — cbr-8_converged_broadband _router | Cisco IOS XE 3.15S and 3.16S on cBR-8 Converged Broadband Router devices allows remote authenticated users to cause a denial of service (NULL pointer dereference and card restart) via a crafted SNMP request, aka Bug ID CSCuu68862. | 2016-06-17 | not yet calculated | CVE-2016-1432 CISCO |
| h20_ — lib/http2/connection.c | lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 mishandles HTTP/2 disconnection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted packet. | 2016-06-18 | not yet calculated | CVE-2016-4817 CONFIRM CONFIRM JVNDB JVN |
| hp — service_manager_software | HP Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client, Windows Client, and Service Request components. | 2016-06-18 | not yet calculated | CVE-2016-4371 CONFIRM |
| i_o_data_device — etx_r | Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users. | 2016-06-18 | not yet calculated | CVE-2016-4820 CONFIRM JVNDB JVN |
| i_o_data_device — etx_r | I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial of service (web-server crash) via unspecified vectors. | 2016-06-18 | not yet calculated | CVE-2016-4821 CONFIRM JVNDB JVN |
| netcommons — clerk | NetCommons 2.4.2.1 and earlier allows remote authenticated secretariat (aka CLERK) users to gain privileges by creating a SYSTEM_ADMIN account. | 2016-06-18 | not yet calculated | CVE-2016-4813 CONFIRM JVNDB JVN |
| netcommons — kml2jsonp.php | Directory traversal vulnerability in kml2jsonp.php in Geospatial Information Authority of Japan (aka GSI) Old_GSI_Maps before January 2015 on Windows allows remote attackers to read arbitrary files via unspecified vectors. | 2016-06-18 | not yet calculated | CVE-2016-4814 CONFIRM JVNDB JVN |
| ntt_data_ — erasoluna_server_framework | NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname. | 2016-06-18 | not yet calculated | CVE-2016-1183 CONFIRM JVNDB JVN |
| qemu — is_rndis | The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet. | 2016-06-16 | not yet calculated | CVE-2016-2392 MLIST CONFIRM UBUNTU MLIST MLIST CONFIRM |
| trend_micro — officescan | Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors. | 2016-06-18 | not yet calculated | CVE-2016-1223 JVNDB JVN CONFIRM |
| trend_micro — worry_free_business_security | CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors. | 2016-06-18 | not yet calculated | CVE-2016-1224 JVNDB JVN CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: June 17, 2016
Google has released Chrome version 51.0.2704.103 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of one of these vulnerabilities may allow a remote attacker to obtain sensitive information from an affected system.
US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: June 16, 2016
Adobe has released security updates to address vulnerabilities in Adobe Flash Player and Adobe AIR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. The critical vulnerability in Flash Player is being used in limited, targeted attacks.
Users and administrators are encouraged to review Adobe Security Bulletins APSB16-18 and APSB16-23 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: June 15, 2016
Cisco has released security updates to address vulnerabilities in the web-based management interface of three wireless routers (models RV110W, RV130W, and RV215W). Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.
US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: June 15, 2016
VMware has released security updates to address a vulnerability in vCenter Server. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review VMware Security Advisory VMSA-2016-0009 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.