US-CERT Alerts – Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.
Original release date: June 02, 2016
Google has released Chrome version 51.0.2704.79 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: June 02, 2016
Lenovo has issued a security advisory to address a vulnerability in the Accelerator Application software. Products affected by this vulnerability include the Lenovo notebook and desktop systems preloaded with the Windows 10 operating system. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review the Lenovo Security Advisory and apply the recommended mitigation strategy.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: June 01, 2016
The Internet Crime Complaint Center (IC3) has issued an alert on extortion schemes that relate to recent high-profile data thefts. Fraudsters often use the news release of high-profile data breaches to scare victims into clicking on a link or paying a ransom.
US-CERT encourages users and administrators to review the IC3 Alert for details and refer to US-CERT Tip ST04-014 for information on social engineering and phishing attacks.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: June 01, 2016
Cisco has released security updates to address vulnerabilities in its Prime Network Analysis Module software. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: May 30, 2016
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple — apple_tv | The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1828, and CVE-2016-1830. | 2016-05-20 | 9.3 | CVE-2016-1829 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE |
| cisco — web_security_appliance | Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (proxy-process hang) via a crafted HTTP POST request, aka Bug ID CSCuo12171. | 2016-05-24 | 7.8 | CVE-2016-1380 CISCO |
| cisco — web_security_appliance | Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an HTTP file-range request for cached content, aka Bug ID CSCuw97270. | 2016-05-24 | 7.8 | CVE-2016-1381 CISCO |
| cisco — web_security_appliance_(wsa) | Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance (WSA) devices mishandles memory allocation for HTTP requests, which allows remote attackers to cause a denial of service (proxy-process reload) via a crafted request, aka Bug ID CSCuu02529. | 2016-05-24 | 7.8 | CVE-2016-1382 CISCO |
| cisco — web_security_appliance_(wsa) | Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an unspecified HTTP status code, aka Bug ID CSCur28305. | 2016-05-24 | 7.8 | CVE-2016-1383 CISCO |
| freebsd — freebsd | Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and kernel crash), or gain privileges via a negative value in the flen structure member in the arg argument in a SETFKEY ioctl call, which triggers a “two way heap and stack overflow.” | 2016-05-25 | 7.2 | CVE-2016-1886 CONFIRM FREEBSD SECTRACK MISC |
| freebsd — freebsd | Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory overwrite and kernel panic) or gain privileges via a negative buflen argument, which triggers a heap-based buffer overflow. | 2016-05-25 | 7.2 | CVE-2016-1887 FREEBSD SECTRACK MISC |
| golang — go | Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function. | 2016-05-23 | 7.2 | CVE-2016-3958 MLIST CONFIRM CONFIRM MLIST MLIST |
| huawei — mobile_broadband_hl_service | The Huawei Mobile Broadband HL Service 22.001.25.00.03 and earlier uses a weak ACL for the MobileBrServ program data directory, which allows local users to gain SYSTEM privileges by modifying VERSION.dll. | 2016-05-23 | 7.2 | CVE-2016-2855 MISC MISC FULLDISC MISC |
| huawei — mate_8_firmware | Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted application, aka HWPSIRT-2016-03020. | 2016-05-26 | 9.3 | CVE-2016-3680 CONFIRM |
| huawei — mate_8_firmware | Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted application, aka HWPSIRT-2016-03021. | 2016-05-26 | 9.3 | CVE-2016-3681 CONFIRM |
| huawei — ips_module_firmware | Buffer overflow in the Application Specific Packet Filtering (ASPF) functionality in the Huawei IPS Module, NGFW Module, NIP6300, NIP6600, Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 devices with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to “illegitimate parameters.” | 2016-05-23 | 7.5 | CVE-2016-4576 CONFIRM |
| lenovo — shareit | Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an “intent scheme URL attack.” | 2016-05-23 | 9.3 | CVE-2016-4782 CONFIRM |
| libexpat — expat | Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. | 2016-05-26 | 7.5 | CVE-2016-0718 CONFIRM UBUNTU MLIST DEBIAN |
| linux — linux_kernel | The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF instructions that reference an incorrect file descriptor. | 2016-05-23 | 7.2 | CVE-2016-4557 CONFIRM CONFIRM CONFIRM MISC MLIST CONFIRM CONFIRM |
| linux — linux_kernel | The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface. | 2016-05-23 | 7.2 | CVE-2016-4565 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux — linux_kernel | drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before 4.5.3 allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a crafted number of planes in a VIDIOC_DQBUF ioctl call. | 2016-05-23 | 7.2 | CVE-2016-4568 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux — linux_kernel | Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls. | 2016-05-23 | 7.2 | CVE-2016-4794 MLIST CONFIRM MLIST |
| linux — linux_kernel | Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions. | 2016-05-23 | 7.2 | CVE-2016-4805 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux — linux_kernel | The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem. | 2016-05-23 | 7.2 | CVE-2016-4913 CONFIRM CONFIRM MLIST MLIST CONFIRM CONFIRM |
| linux — linux_kernel | The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation. | 2016-05-23 | 7.2 | CVE-2016-4951 CONFIRM MLIST MLIST CONFIRM |
| pgpdump — pgpdump | The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the xa3x03 string. | 2016-05-26 | 7.8 | CVE-2016-4021 MISC CONFIRM BUGTRAQ FEDORA FEDORA FEDORA |
| php — php | The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file. | 2016-05-20 | 7.5 | CVE-2015-8865 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST APPLE CONFIRM CONFIRM |
| php — php | Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data. | 2016-05-21 | 7.5 | CVE-2015-8876 CONFIRM CONFIRM |
| php — php | main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses. | 2016-05-21 | 7.1 | CVE-2015-8878 CONFIRM CONFIRM |
| php — php | Double free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by triggering an error. | 2016-05-21 | 10.0 | CVE-2015-8880 CONFIRM |
| php — php | Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call. | 2016-05-20 | 7.5 | CVE-2016-4071 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST APPLE |
| php — php | The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of characters by the phar_analyze_path function in ext/phar/phar.c. | 2016-05-20 | 7.5 | CVE-2016-4072 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST APPLE |
| php — php | Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call. | 2016-05-20 | 7.5 | CVE-2016-4073 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST APPLE |
| php — php | ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive. | 2016-05-21 | 8.3 | CVE-2016-4342 CONFIRM MLIST CONFIRM CONFIRM |
| php — php | Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long argument to the utf8_encode function, leading to a heap-based buffer overflow. | 2016-05-21 | 7.5 | CVE-2016-4344 CONFIRM MLIST CONFIRM |
| php — php | Integer overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow. | 2016-05-21 | 7.5 | CVE-2016-4345 CONFIRM MLIST CONFIRM |
| php — php | Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow. | 2016-05-21 | 7.5 | CVE-2016-4346 CONFIRM MLIST CONFIRM |
| php — php | The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call. | 2016-05-21 | 7.5 | CVE-2016-4537 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| php — php | The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call. | 2016-05-21 | 7.5 | CVE-2016-4538 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| php — php | The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero. | 2016-05-21 | 7.5 | CVE-2016-4539 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| php — php | The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset. | 2016-05-21 | 7.5 | CVE-2016-4540 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| php — php | The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset. | 2016-05-21 | 7.5 | CVE-2016-4541 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| php — php | The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. | 2016-05-21 | 7.5 | CVE-2016-4542 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| php — php | The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. | 2016-05-21 | 7.5 | CVE-2016-4543 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| php — php | The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. | 2016-05-21 | 7.5 | CVE-2016-4544 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| pulsesecure — pulse_connect_secure | Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. | 2016-05-26 | 7.8 | CVE-2016-4786 CONFIRM SECTRACK |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple — apple_tv | libc in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | 2016-05-20 | 4.6 | CVE-2016-1832 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE |
| apple — apple_tv | OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 2016-05-20 | 6.8 | CVE-2016-1847 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE |
| apple — mac_os_x | QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file. | 2016-05-20 | 6.8 | CVE-2016-1848 CONFIRM APPLE |
| apple — mac_os_x | SceneKit in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file. | 2016-05-20 | 6.8 | CVE-2016-1850 CONFIRM APPLE |
| apple — mac_os_x | Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support. | 2016-05-20 | 5.0 | CVE-2016-1853 CONFIRM APPLE |
| apple — safari | WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1855, CVE-2016-1856, and CVE-2016-1857. | 2016-05-20 | 6.8 | CVE-2016-1854 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
| apple — safari | WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1856, and CVE-2016-1857. | 2016-05-20 | 6.8 | CVE-2016-1855 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
| apple — safari | WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1857. | 2016-05-20 | 6.8 | CVE-2016-1856 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
| apple — safari | WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856. | 2016-05-20 | 6.8 | CVE-2016-1857 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
| apple — safari | WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site. | 2016-05-20 | 4.3 | CVE-2016-1858 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
| apple — safari | The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 2016-05-20 | 6.8 | CVE-2016-1859 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
| cisco — adaptive_security_appliance_firmware | The XML parser in Cisco Adaptive Security Appliance (ASA) Software through 9.5.2 allows remote authenticated users to cause a denial of service (instability, memory consumption, or device reload) by leveraging (1) administrative access or (2) Clientless SSL VPN access to provide a crafted XML document, aka Bug ID CSCut14209. | 2016-05-26 | 6.8 | CVE-2016-1385 CISCO |
| cisco — telepresence_video_communication_server | Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7.2 allows remote attackers to cause a denial of service (service disruption) via a crafted URI in a SIP header, aka Bug ID CSCuy43258. | 2016-05-24 | 5.0 | CVE-2016-1400 CISCO |
| cisco — unified_computing_system | Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250. | 2016-05-20 | 4.3 | CVE-2016-1401 CISCO |
| cisco — identity_services_engine_software | The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815. | 2016-05-20 | 5.0 | CVE-2016-1402 CISCO |
| cisco — evolved_programmable_network_manager | The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409. | 2016-05-24 | 6.5 | CVE-2016-1406 CISCO |
| cisco — ios_xr | Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services (LPTS) mishandles flow-base entries, which allows remote attackers to cause a denial of service (session drop) by making many connection attempts to open TCP ports, aka Bug ID CSCux95576. | 2016-05-24 | 5.0 | CVE-2016-1407 CISCO |
| fortinet — fortisandbox_firmware | Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface (WebUI) in Fortinet FortiSandbox before 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) serial parameter to alerts/summary/profile/; the (2) urlForCreatingReport parameter to csearch/report/export/; the (3) id parameter to analysis/detail/download/screenshot; or vectors related to (4) “Fortiview threats by users search filtered by vdom” or (5) “PCAP file download generated by the VM scan feature.” | 2016-05-26 | 4.3 | CVE-2015-7360 BUGTRAQ MISC MISC CONFIRM |
| gnome — librsvg | The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document. | 2016-05-20 | 5.0 | CVE-2015-7557 CONFIRM CONFIRM MLIST |
| gnome — librsvg | librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document. | 2016-05-20 | 5.0 | CVE-2015-7558 CONFIRM CONFIRM MLIST MLIST |
| gnome — librsvg | The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document. | 2016-05-20 | 5.0 | CVE-2016-4348 CONFIRM MLIST MLIST MLIST MLIST SUSE |
| golang — go | The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries. | 2016-05-23 | 5.0 | CVE-2016-3959 MLIST CONFIRM MLIST MLIST SUSE FEDORA FEDORA FEDORA |
| hhvm — hhvm | Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive. | 2016-05-21 | 4.3 | CVE-2014-9767 CONFIRM CONFIRM CONFIRM MLIST CONFIRM |
| huawei — s12700_firmware | Huawei S12700 switches with software before V200R008C00SPC500 and S5700 switches with software before V200R005SPH010, when the debug switch is enabled, allows remote attackers to cause a denial of service or execute arbitrary code via crafted DNS packets. | 2016-05-23 | 5.1 | CVE-2016-4087 CONFIRM |
| huawei — ath | Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before UL00C00B361; CherryPlus smartphones with software TL00C00 before TL00C00B553, UL00C00 before UL00C00B553, and TL00MC01 before TL00MC01B553; and RIO smartphones with software AL00C00 before AL00C00B360 allows remote attackers to inject arbitrary web script or HTML via an email message. | 2016-05-25 | 4.3 | CVE-2016-4575 CONFIRM |
| huawei — ngfw_module_firmware | Buffer overflow in the Smart DNS functionality in the Huawei NGFW Module and Secospace USG6300, USG6500, USG6600, and USG9500 firewalls with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to “illegitimate parameters.” | 2016-05-23 | 6.8 | CVE-2016-4577 CONFIRM |
| ibm — java_sdk | Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors. | 2016-05-24 | 6.8 | CVE-2016-0264 CONFIRM AIXAPAR REDHAT REDHAT SUSE SUSE SUSE SUSE SUSE |
| lenovo — shareit | Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before 3.5.98_ww on Android before 4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka “Universal XSS (UXSS).” | 2016-05-23 | 4.3 | CVE-2016-4783 CONFIRM |
| libgd — libgd | The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function. | 2016-05-21 | 5.0 | CVE-2015-8877 CONFIRM CONFIRM CONFIRM CONFIRM |
| linux — linux_kernel | The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message. | 2016-05-23 | 5.0 | CVE-2016-4485 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux — linux_kernel | The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted application on (1) a system with more than 32 Gb of memory, related to the program reference count or (2) a 1 Tb system, related to the map reference count. | 2016-05-23 | 6.9 | CVE-2016-4558 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux — linux_kernel | The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request. | 2016-05-23 | 5.0 | CVE-2016-4580 CONFIRM MLIST CONFIRM CONFIRM |
| linux — linux_kernel | fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls. | 2016-05-23 | 4.9 | CVE-2016-4581 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| mediaelementjs — mediaelement.js | Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via the query string. | 2016-05-21 | 4.3 | CVE-2016-4567 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST |
| moodle — moodle | user/index.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 grants excessive authorization on the basis of the moodle/course:viewhiddenuserfields capability, which allows remote authenticated users to discover student e-mail addresses by leveraging the teacher role and reading a Participants list. | 2016-05-22 | 4.0 | CVE-2016-2151 CONFIRM MLIST CONFIRM |
| moodle — moodle | Multiple cross-site scripting (XSS) vulnerabilities in auth/db/auth.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an external DB profile field. | 2016-05-22 | 4.3 | CVE-2016-2152 CONFIRM MLIST CONFIRM |
| moodle — moodle | Cross-site scripting (XSS) vulnerability in the advanced-search feature in mod_data in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted field in a URL, as demonstrated by a search form field. | 2016-05-22 | 4.3 | CVE-2016-2153 CONFIRM MLIST CONFIRM |
| moodle — moodle | admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to a rule. | 2016-05-22 | 4.0 | CVE-2016-2154 CONFIRM MLIST CONFIRM |
| moodle — moodle | The grade-reporting feature in Singleview (aka Single View) in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/grade:manage capability, which allows remote authenticated users to modify “Exclude grade” settings by leveraging the Non-Editing Instructor role. | 2016-05-22 | 4.0 | CVE-2016-2155 CONFIRM MLIST CONFIRM |
| moodle — moodle | calendar/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 provides calendar-event data without considering whether an activity is hidden, which allows remote authenticated users to obtain sensitive information via a web-service request. | 2016-05-22 | 4.0 | CVE-2016-2156 CONFIRM MLIST CONFIRM |
| moodle — moodle | Cross-site request forgery (CSRF) vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage Assignment plugins. | 2016-05-22 | 6.8 | CVE-2016-2157 CONFIRM MLIST CONFIRM |
| moodle — moodle | lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request. | 2016-05-22 | 4.0 | CVE-2016-2158 CONFIRM MLIST CONFIRM |
| moodle — moodle | The save_submission function in mod/assign/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service request. | 2016-05-22 | 4.0 | CVE-2016-2159 CONFIRM MLIST CONFIRM |
| moodle — moodle | Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log. | 2016-05-22 | 5.0 | CVE-2016-2190 CONFIRM MLIST CONFIRM |
| perl — perl | The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by “ax80.” | 2016-05-25 | 5.0 | CVE-2015-8853 CONFIRM CONFIRM MLIST MLIST CONFIRM FEDORA |
| php — php | ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161. | 2016-05-21 | 6.8 | CVE-2015-8866 CONFIRM CONFIRM CONFIRM MLIST CONFIRM |
| php — php | The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | 2016-05-21 | 5.0 | CVE-2015-8867 CONFIRM CONFIRM CONFIRM CONFIRM MLIST CONFIRM |
| php — php | The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table. | 2016-05-21 | 5.0 | CVE-2015-8879 CONFIRM CONFIRM |
| php — php | ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says “Not sure if this qualifies as security issue (probably not).” | 2016-05-20 | 5.0 | CVE-2016-4070 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST APPLE |
| php — php | The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive. | 2016-05-21 | 6.8 | CVE-2016-4343 CONFIRM MLIST MISC MISC |
| plupload — plupload | Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack. | 2016-05-21 | 4.3 | CVE-2016-4566 CONFIRM CONFIRM MISC CONFIRM CONFIRM MLIST |
| pulsesecure — pulse_connect_secure | Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors. | 2016-05-26 | 6.4 | CVE-2016-4787 CONFIRM SECTRACK |
| pulsesecure — pulse_connect_secure | Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors. | 2016-05-26 | 5.0 | CVE-2016-4788 CONFIRM SECTRACK |
| pulsesecure — pulse_connect_secure | Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2016-05-26 | 4.3 | CVE-2016-4789 CONFIRM SECTRACK |
| pulsesecure — pulse_connect_secure | The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors. | 2016-05-26 | 6.4 | CVE-2016-4791 CONFIRM SECTRACK |
| pulsesecure — pulse_connect_secure | Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to disclose sign in pages via unspecified vectors. | 2016-05-26 | 5.0 | CVE-2016-4792 CONFIRM SECTRACK |
| qemu — qemu | The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list. | 2016-05-23 | 4.9 | CVE-2015-8558 MLIST CONFIRM BID MLIST MLIST CONFIRM |
| qemu — qemu | Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet. | 2016-05-23 | 4.3 | CVE-2016-4001 MLIST MLIST MLIST FEDORA FEDORA FEDORA CONFIRM |
| qemu — qemu | The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558. | 2016-05-23 | 4.9 | CVE-2016-4037 MLIST MLIST MLIST MLIST FEDORA FEDORA FEDORA CONFIRM |
| qemu — qemu | The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors. | 2016-05-20 | 4.6 | CVE-2016-4439 MLIST CONFIRM MLIST |
| quagga — quagga | The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet. | 2016-05-23 | 5.0 | CVE-2016-4049 MLIST MLIST SECTRACK MLIST SUSE |
| rubygems — safemode | The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method. | 2016-05-20 | 6.8 | CVE-2016-3693 CONFIRM CONFIRM MLIST CONFIRM CONFIRM CONFIRM |
| theforeman — foreman | Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission. | 2016-05-20 | 6.5 | CVE-2016-2100 MLIST CONFIRM CONFIRM |
| theforeman — foreman | Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/. | 2016-05-20 | 6.8 | CVE-2016-3728 CONFIRM MLIST CONFIRM CONFIRM |
| trend_micro — mobile_security | Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obtain sensitive information via a crafted certificate. | 2016-05-23 | 5.8 | CVE-2016-3664 CONFIRM MISC MISC |
| wordpress — wordpress | Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags. | 2016-05-21 | 4.3 | CVE-2015-5714 CONFIRM CONFIRM CONFIRM CONFIRM |
| wordpress — wordpress | The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors. | 2016-05-21 | 4.0 | CVE-2015-5715 CONFIRM CONFIRM CONFIRM CONFIRM |
| wordpress — wordpress | Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3440. | 2016-05-21 | 4.3 | CVE-2015-8834 CONFIRM CONFIRM |
| wordpress — wordpress | Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/class-wp-theme.php in WordPress before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a (1) stylesheet name or (2) template name to wp-admin/customize.php. | 2016-05-21 | 4.3 | CVE-2016-1564 CONFIRM CONFIRM CONFIRM MLIST MISC |
| wordpress — wordpress | Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers incorrect hostname parsing, as demonstrated by an https:example.com URL. | 2016-05-21 | 5.8 | CVE-2016-2221 CONFIRM CONFIRM CONFIRM |
| wordpress — wordpress | The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address. | 2016-05-21 | 5.0 | CVE-2016-2222 CONFIRM CONFIRM CONFIRM |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple — safari | The “Clear History and Website Data” feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory. | 2016-05-20 | 2.1 | CVE-2016-1849 CONFIRM CONFIRM APPLE APPLE |
| apple — mac_os_x | The Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows physically proximate attackers to reset expired passwords in the lock-screen state via unspecified vectors. | 2016-05-20 | 2.1 | CVE-2016-1851 CONFIRM APPLE |
| apple — iphone_os | Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state, which allows physically proximate attackers to obtain sensitive contact and photo information via unspecified vectors. | 2016-05-20 | 2.1 | CVE-2016-1852 CONFIRM APPLE |
| cmsmadesimple — cms_made_simple | CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request. | 2016-05-26 | 2.6 | CVE-2016-2784 EXPLOIT-DB BUGTRAQ CONFIRM CONFIRM FULLDISC MISC |
| linux — linux_kernel | The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. | 2016-05-23 | 2.1 | CVE-2016-4482 CONFIRM CONFIRM MLIST CONFIRM |
| linux — linux_kernel | The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. | 2016-05-23 | 2.1 | CVE-2016-4486 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux — linux_kernel | The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface. | 2016-05-23 | 2.1 | CVE-2016-4569 CONFIRM CONFIRM MLIST CONFIRM |
| linux — linux_kernel | sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions. | 2016-05-23 | 2.1 | CVE-2016-4578 CONFIRM CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| pulsesecure — pulse_connect_secure | Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2016-05-26 | 3.5 | CVE-2016-4790 CONFIRM SECTRACK |
| qemu — qemu | The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR). | 2016-05-25 | 2.1 | CVE-2016-4020 MLIST MLIST CONFIRM CONFIRM |
| qemu — qemu | The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command. | 2016-05-20 | 2.1 | CVE-2016-4441 MLIST CONFIRM MLIST |
| redhat — libvirt | The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr. | 2016-05-25 | 2.1 | CVE-2014-3672 CONFIRM CONFIRM CONFIRM SECTRACK MLIST |
| wordpress — wordpress | Cross-site scripting (XSS) vulnerability in the user list table in WordPress before 4.3.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted e-mail address, a different vulnerability than CVE-2015-5714. | 2016-05-21 | 3.5 | CVE-2015-7989 CONFIRM CONFIRM CONFIRM CONFIRM |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cisco — asa | The XML parser in Cisco Adaptive Security Appliance (ASA) Software through 9.5.2 allows remote authenticated users to cause a denial of service (instability, memory consumption, or device reload) by leveraging (1) administrative access or (2) Clientless SSL VPN access to provide a crafted XML document, aka Bug ID CSCut14209. | 2016-05-26 | not yet assigned | CVE-2016-1385 CISCO |
| cms_made_simple — smarty_cache | CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request. | 2016-05-26 | not yet assigned | CVE-2016-2784 EXPLOIT-DB BUGTRAQ CONFIRM CONFIRM FULLDISC MISC |
| fortinet — fortisandbox | Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface (WebUI) in Fortinet FortiSandbox before 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) serial parameter to alerts/summary/profile/; the (2) urlForCreatingReport parameter to csearch/report/export/; the (3) id parameter to analysis/detail/download/screenshot; or vectors related to (4) “Fortiview threats by users search filtered by vdom” or (5) “PCAP file download generated by the VM scan feature.” | 2016-05-26 | not yet assigned | CVE-2015-7360 BUGTRAQ MISC MISC CONFIRM |
| huawei — mate_8_nxt-al | Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted application, aka HWPSIRT-2016-03020. | 2016-05-26 | not yet assigned | CVE-2016-3680 CONFIRM |
| huawei — mate_8_nxt-al | Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted application, aka HWPSIRT-2016-03021. | 2016-05-26 | not yet assigned | CVE-2016-3681 CONFIRM |
| linux — expat_xml_parser | Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. | 2016-05-26 | not yet assigned | CVE-2016-0718 CONFIRM UBUNTU MLIST DEBIAN |
| linux — pgpdump | The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the xa3x03 string. | 2016-05-26 | not yet assigned | CVE-2016-4021 MISC CONFIRM BUGTRAQ FEDORA FEDORA FEDORA |
| pulse_secure — pulse_connect_secure | Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2016-05-26 | not yet assigned | CVE-2016-4790 CONFIRM SECTRACK |
| pulse_secure — pulse_connect_secure | Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2016-05-26 | not yet assigned | CVE-2016-4789 CONFIRM SECTRACK |
| pulse_secure — pulse_connect_secure | Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors. | 2016-05-26 | not yet assigned | CVE-2016-4788 CONFIRM SECTRACK |
| pulse_secure — pulse_connect_secure | Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors. | 2016-05-26 | not yet assigned | CVE-2016-4787 CONFIRM SECTRACK |
| pulse_secure — pulse_connect_secure | Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to disclose sign in pages via unspecified vectors. | 2016-05-26 | not yet assigned | CVE-2016-4792 CONFIRM SECTRACK |
| pulse_secure — pulse_connect_secure | The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors. | 2016-05-26 | not yet assigned | CVE-2016-4791 CONFIRM SECTRACK |
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: May 26, 2016
Google has released Chrome version 51.0.2704.63 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: May 23, 2016
Adobe has released a security update to address a vulnerability in Adobe Connect for Windows. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review the Adobe Security Bulletin APSB16-17 and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: May 23, 2016
Windows, OS X, Linux systems, and web browsers with WPAD enabled
Web Proxy Auto-Discovery (WPAD) Domain Name System (DNS) queries that are intended for resolution on private or enterprise DNS servers have been observed reaching public DNS servers [1]. In combination with the New generic Top Level Domain (gTLD) program’s incorporation of previously undelegated gTLDs for public registration, leaked WPAD queries could result in domain name collisions with internal network naming schemes [2] [3]. Collisions could be abused by opportunistic domain registrants to configure an external proxy for network traffic, allowing the potential for man-in-the-middle (MitM) attacks across the Internet.
WPAD is a protocol used to ensure all systems in an organization utilize the same web proxy configuration. Instead of individually modifying configurations on each device connected to a network, WPAD locates a proxy configuration file and applies the configuration automatically.
The use of WPAD is enabled by default on all Microsoft Windows operating systems and Internet Explorer browsers. WPAD is supported but not enabled by default on Mac and Linux-based operating systems, as well as, Safari, Chrome, and Firefox browsers.
With the New gTLD program, previously undelegated gTLD strings are now being delegated for public domain name registration [3]. These strings may be used by private or enterprise networks, and in certain circumstances, such as when a work computer is connected from a home or external network, WPAD DNS queries may be made in error to public DNS servers. Attackers may exploit such leaked WPAD queries by registering the leaked domain and setting up MitM proxy configuration files on the Internet.
Leaked WPAD queries could result in domain name collisions with internal network naming schemes. If an attacker registers a domain to answer leaked WPAD queries and configures a valid proxy, there is potential to conduct man-in-the-middle (MitM) attacks across the Internet.
The WPAD vulnerability is significant to corporate assets such as laptops. In some cases these assets are vulnerable even while at work but observations indicate that most assets become vulnerable when used outside an internal network (e.g. home networks, public Wi-Fi networks).
US-CERT encourages users and network administrators to implement the following recommendations to provide a more secure and efficient network infrastructure:
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: May 23, 2016
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache — xerces_c++ | Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier does not properly handle exceptions raised in the XMLReader class, which allows context-dependent attackers to have unspecified impact via an invalid character in an XML document. | 2016-05-13 | 10.0 | CVE-2016-2099 CONFIRM MLIST |
| apple — itunes | Untrusted search path vulnerability in the installer in Apple iTunes before 12.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | 2016-05-20 | 7.2 | CVE-2016-1742 CONFIRM APPLE |
| apple — mac_os_x | The AMD subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2016-05-20 | 9.3 | CVE-2016-1792 CONFIRM APPLE |
| apple — mac_os_x | AppleGraphicsControl in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app, a different vulnerability than CVE-2016-1794. | 2016-05-20 | 9.3 | CVE-2016-1793 CONFIRM APPLE |
| apple — mac_os_x | AppleGraphicsControl in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app, a different vulnerability than CVE-2016-1793. | 2016-05-20 | 9.3 | CVE-2016-1794 CONFIRM APPLE |
| apple — mac_os_x | AppleGraphicsPowerManagement in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2016-05-20 | 9.3 | CVE-2016-1795 CONFIRM APPLE |
| apple — mac_os_x | Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app. | 2016-05-20 | 9.3 | CVE-2016-1797 CONFIRM APPLE |
| apple — mac_os_x | Audio in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2016-05-20 | 9.3 | CVE-2016-1799 CONFIRM APPLE |
| apple — mac_os_x | Captive Network Assistant in Apple OS X before 10.11.5 mishandles a custom URL scheme, which allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. | 2016-05-20 | 9.3 | CVE-2016-1800 CONFIRM APPLE |
| apple — apple_tv | CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | 2016-05-20 | 9.3 | CVE-2016-1803 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE |
| apple — mac_os_x | The Multi-Touch subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2016-05-20 | 9.3 | CVE-2016-1804 CONFIRM APPLE |
| apple — mac_os_x | CoreStorage in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app. | 2016-05-20 | 9.3 | CVE-2016-1805 CONFIRM APPLE |
| apple — mac_os_x | Crash Reporter in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app. | 2016-05-20 | 9.3 | CVE-2016-1806 CONFIRM APPLE |
| apple — apple_tv | The Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2016-05-20 | 9.3 | CVE-2016-1808 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE |
| apple — mac_os_x | Disk Utility in Apple OS X before 10.11.5 uses incorrect encryption keys for disk images, which has unspecified impact and attack vectors. | 2016-05-20 | 7.8 | CVE-2016-1809 CONFIRM APPLE |
| apple — mac_os_x | The Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2016-05-20 | 9.3 | CVE-2016-1810 CONFIRM APPLE |
| apple — mac_os_x | Buffer overflow in Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app. | 2016-05-20 | 9.3 | CVE-2016-1812 CONFIRM APPLE |
| apple — apple_tv | IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | 2016-05-20 | 9.3 | CVE-2016-1813 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE |
| apple — mac_os_x | IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2016-05-20 | 9.3 | CVE-2016-1815 CONFIRM APPLE |
| apple — mac_os_x | IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | 2016-05-20 | 9.3 | CVE-2016-1816 CONFIRM APPLE |
| apple — apple_tv | IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1818 and CVE-2016-1819. | 2016-05-20 | 9.3 | CVE-2016-1817 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE |
| apple — apple_tv | IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1819. | 2016-05-20 | 9.3 | CVE-2016-1818 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE |
| apple — apple_tv | IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1818. | 2016-05-20 | 9.3 | CVE-2016-1819 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE |
| apple — mac_os_x | Buffer overflow in IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app. | 2016-05-20 | 9.3 | CVE-2016-1820 CONFIRM APPLE |
| apple — mac_os_x | IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | 2016-05-20 | 9.3 | CVE-2016-1821 CONFIRM APPLE |
| apple — mac_os_x | IOFireWireFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2016-05-20 | 9.3 | CVE-2016-1822 CONFIRM APPLE |
| apple — apple_tv | IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1824. | 2016-05-20 | 9.3 | CVE-2016-1823 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE |
| apple — apple_tv | IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1823. | 2016-05-20 | 9.3 | CVE-2016-1824 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE |
| apple — mac_os_x | IOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2016-05-20 | 9.3 | CVE-2016-1825 CONFIRM APPLE |
| apple — mac_os_x | Integer overflow in the dtrace implementation in the kernel in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app. | 2016-05-20 | 9.3 | CVE-2016-1826 CONFIRM APPLE |
| apple — apple_tv | The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1828, CVE-2016-1829, and CVE-2016-1830. | 2016-05-20 | 9.3 | CVE-2016-1827 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE |
| apple — apple_tv | The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1829, and CVE-2016-1830. | 2016-05-20 | 9.3 | CVE-2016-1828 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE |
| apple — apple_tv | The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1828, and CVE-2016-1830. | 2016-05-20 | 8.5 | CVE-2016-1829 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE |
| apple — apple_tv | The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1828, and CVE-2016-1829. | 2016-05-20 | 8.5 | CVE-2016-1830 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE |
| apple — apple_tv | The kernel in Apple iOS before 9.3.2 and OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2016-05-20 | 9.3 | CVE-2016-1831 CONFIRM CONFIRM APPLE APPLE |
| apple — mac_os_x | The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2016-05-20 | 9.3 | CVE-2016-1846 CONFIRM APPLE |
| botan_project — botan | Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow. | 2016-05-13 | 10.0 | CVE-2016-2195 DEBIAN MLIST CONFIRM |
| botan_project — botan | Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (memory overwrite and crash) or execute arbitrary code via unspecified vectors. | 2016-05-13 | 10.0 | CVE-2016-2196 MLIST CONFIRM |
| canonical — ubuntu-core-launcher | The setup_snappy_os_mounts function in the ubuntu-core-launcher package before 1.0.27.1 improperly determines the mount point of bind mounts when using snaps, which might allow remote attackers to obtain sensitive information or gain privileges via a snap with a name starting with “ubuntu-core.” | 2016-05-13 | 10.0 | CVE-2016-1580 CONFIRM UBUNTU |
| enlightenment — imlib2 | Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation. | 2016-05-13 | 7.5 | CVE-2016-4024 MLIST CONFIRM DEBIAN |
| google — chrome | Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp. | 2016-05-14 | 8.3 | CVE-2016-1661 CONFIRM CONFIRM CONFIRM |
| google — chrome | extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. | 2016-05-14 | 10.0 | CVE-2016-1662 CONFIRM CONFIRM CONFIRM |
| google — chrome | Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 2016-05-14 | 7.5 | CVE-2016-1666 CONFIRM CONFIRM CONFIRM CONFIRM |
| google — chrome | The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code. | 2016-05-14 | 9.3 | CVE-2016-1669 CONFIRM CONFIRM CONFIRM |
| lantronix — xprintserver_firmware | Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors. | 2016-05-14 | 10.0 | CVE-2016-4325 CERT-VN |
| meteocontrol — web’log_basic_100 | Meteocontrol WEB’log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for “post-admin” login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | 2016-05-14 | 7.5 | CVE-2016-2296 MISC |
| meteocontrol — web’log_basic_100 | Meteocontrol WEB’log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an “access command shell-like feature.” | 2016-05-14 | 9.7 | CVE-2016-2297 MISC |
| meteocontrol — web’log_basic_100 | Meteocontrol WEB’log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors. | 2016-05-14 | 10.0 | CVE-2016-2298 MISC |
| ninjaforms — ninja_forms | The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request. | 2016-05-14 | 7.5 | CVE-2016-1209 CONFIRM CONFIRM MISC JVNDB JVN |
| oxide_project — oxide | Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to responding synchronously to permission requests. | 2016-05-13 | 7.5 | CVE-2016-1578 UBUNTU |
| php — php | Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation. | 2016-05-16 | 7.5 | CVE-2015-4116 MISC CONFIRM CONFIRM CONFIRM |
| php — php | PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename.html attack that bypasses an intended configuration in which client users may write to only .html files. | 2016-05-16 | 7.5 | CVE-2015-4598 CONFIRM MLIST CONFIRM |
| php — php | The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a “type confusion” issue. | 2016-05-16 | 10.0 | CVE-2015-4599 CONFIRM MLIST CONFIRM CONFIRM |
| php — php | The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to “type confusion” issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods. | 2016-05-16 | 10.0 | CVE-2015-4600 CONFIRM MLIST CONFIRM CONFIRM |
| php — php | PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to “type confusion” issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600. | 2016-05-16 | 10.0 | CVE-2015-4601 MLIST CONFIRM CONFIRM |
| php — php | The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a “type confusion” issue. | 2016-05-16 | 10.0 | CVE-2015-4602 CONFIRM MLIST CONFIRM CONFIRM |
| php — php | The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a “type confusion” issue. | 2016-05-16 | 10.0 | CVE-2015-4603 CONFIRM MLIST CONFIRM |
| php — php | The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function. | 2016-05-16 | 10.0 | CVE-2015-4642 CONFIRM CONFIRM MLIST CONFIRM |
| php — php | Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022. | 2016-05-16 | 7.5 | CVE-2015-4643 CONFIRM CONFIRM MLIST CONFIRM |
| php — php | The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call. | 2016-05-16 | 10.0 | CVE-2015-5589 CONFIRM CONFIRM MLIST CONFIRM |
| php — php | Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization. | 2016-05-16 | 7.5 | CVE-2015-6834 CONFIRM CONFIRM CONFIRM CONFIRM |
| php — php | The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content. | 2016-05-16 | 7.5 | CVE-2015-6835 CONFIRM CONFIRM |
| php — php | The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c. | 2016-05-16 | 7.5 | CVE-2015-8835 CONFIRM CONFIRM |
| php — php | Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive. | 2016-05-16 | 10.0 | CVE-2016-2554 CONFIRM CONFIRM CONFIRM |
| php — php | Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call. | 2016-05-20 | 7.5 | CVE-2016-4071 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST APPLE |
| php — php | The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of characters by the phar_analyze_path function in ext/phar/phar.c. | 2016-05-20 | 7.5 | CVE-2016-4072 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST APPLE |
| sap — netweaver | The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a “Detour” attack. | 2016-05-13 | 10.0 | CVE-2010-5326 CERT MISC BID MISC MISC |
| symantec — endpoint_encryption | Unquoted Windows search path vulnerability in EEDService in Symantec Endpoint Encryption (SEE) 11.x before 11.1.1 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe. | 2016-05-13 | 7.2 | CVE-2015-8156 CONFIRM BID |
| symantec — anti-virus_engine | The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file. | 2016-05-19 | 9.4 | CVE-2016-2208 CONFIRM |
| vmware — player | VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors. | 2016-05-18 | 10.0 | CVE-2016-2077 CONFIRM |
| xen — xen | The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory. | 2016-05-18 | 7.2 | CVE-2016-4480 CONFIRM |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache — ambari | The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration. | 2016-05-18 | 4.0 | CVE-2016-0731 CONFIRM CONFIRM CONFIRM |
| apple — iphone_os | Buffer overflow in the Accessibility component in Apple iOS before 9.3.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | 2016-05-20 | 4.3 | CVE-2016-1790 CONFIRM APPLE |
| apple — mac_os_x | The AMD subsystem in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | 2016-05-20 | 4.3 | CVE-2016-1791 CONFIRM APPLE |
| apple — mac_os_x | Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds memory access) via a crafted app. | 2016-05-20 | 4.3 | CVE-2016-1796 CONFIRM APPLE |
| apple — mac_os_x | Audio in Apple OS X before 10.11.5 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app. | 2016-05-20 | 4.3 | CVE-2016-1798 CONFIRM APPLE |
| apple — apple_tv | The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 mishandles URLs in http and https requests, which allows remote attackers to obtain sensitive information via unspecified vectors. | 2016-05-20 | 5.0 | CVE-2016-1801 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
| apple — apple_tv | CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app. | 2016-05-20 | 4.3 | CVE-2016-1802 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE |
| apple — apple_tv | ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image. | 2016-05-20 | 5.0 | CVE-2016-1811 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE |
| apple — apple_tv | IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app. | 2016-05-20 | 4.3 | CVE-2016-1814 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
| apple — apple_tv | libc in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | 2016-05-20 | 4.6 | CVE-2016-1832 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE |
| apple — apple_tv | libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840. | 2016-05-20 | 6.8 | CVE-2016-1833 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE |
| apple — apple_tv | libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840. | 2016-05-20 | 6.8 | CVE-2016-1834 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE |
| apple — iphone_os | libxml2, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. | 2016-05-20 | 6.8 | CVE-2016-1835 CONFIRM CONFIRM APPLE APPLE |
| apple — apple_tv | libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840. | 2016-05-20 | 6.8 | CVE-2016-1836 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE |
| apple — apple_tv | libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840. | 2016-05-20 | 6.8 | CVE-2016-1837 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE |
| apple — apple_tv | libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1839, and CVE-2016-1840. | 2016-05-20 | 6.8 | CVE-2016-1838 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE |
| apple — apple_tv | libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, and CVE-2016-1840. | 2016-05-20 | 6.8 | CVE-2016-1839 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE |
| apple — apple_tv | libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, and CVE-2016-1839. | 2016-05-20 | 6.8 | CVE-2016-1840 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE |
| apple — apple_tv | libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 2016-05-20 | 6.8 | CVE-2016-1841 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE |
| apple — iphone_os | MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. | 2016-05-20 | 5.0 | CVE-2016-1842 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
| apple — mac_os_x | The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors. | 2016-05-20 | 5.0 | CVE-2016-1843 CONFIRM APPLE |
| apple — mac_os_x | The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors. | 2016-05-20 | 5.0 | CVE-2016-1844 CONFIRM APPLE |
| apple — apple_tv | OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 2016-05-20 | 6.8 | CVE-2016-1847 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE |
| apple — mac_os_x | QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file. | 2016-05-20 | 6.8 | CVE-2016-1848 CONFIRM APPLE |
| apple — mac_os_x | SceneKit in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file. | 2016-05-20 | 6.8 | CVE-2016-1850 CONFIRM APPLE |
| apple — mac_os_x | Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support. | 2016-05-20 | 5.0 | CVE-2016-1853 CONFIRM APPLE |
| apple — safari | WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1855, CVE-2016-1856, and CVE-2016-1857. | 2016-05-20 | 6.8 | CVE-2016-1854 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
| apple — safari | WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1856, and CVE-2016-1857. | 2016-05-20 | 6.8 | CVE-2016-1855 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
| apple — safari | WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1857. | 2016-05-20 | 6.8 | CVE-2016-1856 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
| apple — safari | WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856. | 2016-05-20 | 6.8 | CVE-2016-1857 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
| apple — safari | WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site. | 2016-05-20 | 4.3 | CVE-2016-1858 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
| apple — safari | The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 2016-05-20 | 6.8 | CVE-2016-1859 CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE |
| botan_project — botan | The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group. | 2016-05-13 | 5.0 | CVE-2014-9742 MLIST CONFIRM |
| botan_project — botan | The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data. | 2016-05-13 | 5.0 | CVE-2015-5726 DEBIAN CONFIRM |
| botan_project — botan | Botan before 1.10.13 and 1.11.x before 1.11.22 makes it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding. | 2016-05-13 | 5.0 | CVE-2015-7827 DEBIAN MLIST CONFIRM |
| botan_project — botan | The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus. | 2016-05-13 | 5.0 | CVE-2016-2194 DEBIAN MLIST MLIST CONFIRM |
| botan_project — botan | Botan before 1.10.13 and 1.11.x before 1.11.29 does not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack. | 2016-05-13 | 5.0 | CVE-2016-2849 DEBIAN MLIST CONFIRM |
| botan_project — botan | Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors. | 2016-05-13 | 5.0 | CVE-2016-2850 MLIST CONFIRM |
| cisco — ios | The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15.2(2)EA2, and 15.2(4)EA on Industrial Ethernet 4000 devices and 15.2(2)EB and 15.2(2)EB1 on Industrial Ethernet 5000 devices allows remote attackers to cause a denial of service (packet data corruption) via crafted IPv4 ICMP packets, aka Bug ID CSCuy13431. | 2016-05-13 | 5.0 | CVE-2016-1399 CISCO |
| cloudbees — jenkins | CloudBees Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables. | 2016-05-17 | 4.0 | CVE-2016-3721 CONFIRM CONFIRM CONFIRM |
| cloudbees — jenkins | CloudBees Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the “full name.” | 2016-05-17 | 4.0 | CVE-2016-3722 CONFIRM CONFIRM |
| cloudbees — jenkins | CloudBees Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints. | 2016-05-17 | 4.0 | CVE-2016-3723 CONFIRM CONFIRM |
| cloudbees — jenkins | CloudBees Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration. | 2016-05-17 | 4.0 | CVE-2016-3724 CONFIRM CONFIRM |
| cloudbees — jenkins | CloudBees Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption). | 2016-05-17 | 5.0 | CVE-2016-3725 CONFIRM CONFIRM |
| cloudbees — jenkins | Multiple open redirect vulnerabilities in CloudBees Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to “scheme-relative” URLs. | 2016-05-17 | 5.8 | CVE-2016-3726 CONFIRM CONFIRM |
| cloudbees — jenkins | The API URL computer/(master)/api/xml in CloudBees Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors. | 2016-05-17 | 4.0 | CVE-2016-3727 CONFIRM CONFIRM |
| enlightenment — imlib2 | imlib2 before 1.4.9 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) by drawing a 2×1 ellipse. | 2016-05-13 | 5.0 | CVE-2011-5326 MLIST CONFIRM CONFIRM DEBIAN |
| enlightenment — imlib2 | imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a GIF image without a colormap. | 2016-05-13 | 5.0 | CVE-2014-9762 CONFIRM CONFIRM DEBIAN |
| enlightenment — imlib2 | imlib2 before 1.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted PNM file. | 2016-05-13 | 5.0 | CVE-2014-9763 CONFIRM CONFIRM DEBIAN |
| enlightenment — imlib2 | imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a crafted GIF file. | 2016-05-13 | 5.0 | CVE-2014-9764 CONFIRM CONFIRM DEBIAN |
| enlightenment — imlib2 | Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted image, which triggers an invalid read operation. | 2016-05-13 | 5.0 | CVE-2014-9771 CONFIRM CONFIRM CONFIRM CONFIRM DEBIAN |
| enlightenment — imlib2 | Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted coordinates. | 2016-05-13 | 5.0 | CVE-2016-3993 MLIST CONFIRM CONFIRM DEBIAN |
| enlightenment — imlib2 | The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read. | 2016-05-13 | 6.4 | CVE-2016-3994 MLIST CONFIRM CONFIRM DEBIAN |
| f5 — big-ip_access_policy_manager | F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP DNS 12.x before 12.0.0 HF1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 HF10; Enterprise Manager 3.0.0 through 3.1.1; BIG-IQ Cloud and BIG-IQ Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 on the 3900, 6900, 8900, 8950, 11000, 11050, PB100 and PB200 platforms, when software SYN cookies are configured on virtual servers, allow remote attackers to cause a denial of service (High-Speed Bridge hang) via an invalid TCP segment. | 2016-05-13 | 4.3 | CVE-2015-8099 CONFIRM SECTRACK SECTRACK |
| filemaker — filemaker | The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors. | 2016-05-14 | 5.0 | CVE-2016-1208 JVNDB JVN CONFIRM |
| gnome — librsvg | The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document. | 2016-05-20 | 5.0 | CVE-2015-7557 CONFIRM CONFIRM MLIST |
| gnome — librsvg | librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document. | 2016-05-20 | 5.0 | CVE-2015-7558 CONFIRM CONFIRM MLIST MLIST |
| gnome — librsvg | The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document. | 2016-05-20 | 5.0 | CVE-2016-4348 CONFIRM MLIST MLIST MLIST MLIST SUSE |
| google — chrome | Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site. | 2016-05-14 | 6.8 | CVE-2016-1660 CONFIRM CONFIRM CONFIRM CONFIRM |
| google — chrome | The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site. | 2016-05-14 | 6.8 | CVE-2016-1663 CONFIRM CONFIRM CONFIRM |
| google — chrome | The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site. | 2016-05-14 | 4.3 | CVE-2016-1664 CONFIRM CONFIRM CONFIRM |
| google — chrome | The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code. | 2016-05-14 | 4.3 | CVE-2016-1665 CONFIRM CONFIRM CONFIRM |
| google — chrome | The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | 2016-05-14 | 6.8 | CVE-2016-1667 CONFIRM CONFIRM CONFIRM |
| google — chrome | The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | 2016-05-14 | 6.8 | CVE-2016-1668 CONFIRM CONFIRM CONFIRM |
| google — chrome | Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and (backslash) characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to net/base/escape.cc and net/base/filename_util.cc. | 2016-05-14 | 6.8 | CVE-2016-1671 MLIST CONFIRM CONFIRM CONFIRM |
| hp — system_management_homepage | HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors. | 2016-05-14 | 6.6 | CVE-2016-2015 HP |
| ibm — spss_statistics | Stack-based buffer overflow in the Initialize function in an ActiveX control in IBM SPSS Statistics 19 and 20 before 20.0.0.2-IF0008, 21 before 21.0.0.2-IF0010, 22 before 22.0.0.2-IF0011, 23 before 23.0.0.3-IF0001, and 24 before 24.0.0.0-IF0003 allows remote authenticated users to execute arbitrary code via a long argument. | 2016-05-14 | 6.0 | CVE-2015-8530 CONFIRM |
| ibm — websphere_application_server | IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.41, 8.0 before 8.0.0.13, and 8.5 before 8.5.5.10, when FIPS 140-2 is enabled, misconfigures TLS, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | 2016-05-17 | 4.3 | CVE-2016-0306 CONFIRM AIXAPAR |
| ibm — bluemix | The Auto-Scaling agent in Liberty for Java in IBM Bluemix before 2.7-20160321-1358 allows remote authenticated users to disable X.509 certificate validation, and consequently bypass an intended HTTPS trust-management feature, via unspecified vectors. | 2016-05-17 | 4.0 | CVE-2016-0323 CONFIRM |
| ibm — b2b_advanced_communications | IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 through 1.0.0.4 do not require HTTPS, which might allow remote attackers to obtain sensitive information by sniffing the network. | 2016-05-14 | 5.0 | CVE-2016-0341 CONFIRM AIXAPAR |
| ibm — cognos_tm1 | IBM Cognos TM1 10.2.2 before FP5, when the host/pmhub/pm/admin AdminGroups setting is empty, allows remote authenticated users to cause a denial of service (configuration outage) via a non-empty value. | 2016-05-14 | 4.0 | CVE-2016-0381 CONFIRM |
| jansson_project — jansson | Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data. | 2016-05-17 | 5.0 | CVE-2016-4425 CONFIRM CONFIRM CONFIRM MLIST MLIST MLIST DEBIAN |
| mariadb — mariadb | Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the –ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a “BACKRONYM” attack. | 2016-05-16 | 4.3 | CVE-2015-3152 MISC CONFIRM CONFIRM CONFIRM MISC CONFIRM MISC |
| openafs — openafs | Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes. | 2016-05-13 | 4.9 | CVE-2015-8312 CONFIRM DEBIAN CONFIRM |
| openafs — openafs | The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID. | 2016-05-13 | 4.0 | CVE-2016-2860 CONFIRM MLIST CONFIRM DEBIAN CONFIRM |
| openafs — openafs | The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic. | 2016-05-13 | 5.0 | CVE-2016-4536 CONFIRM CONFIRM MLIST |
| php — php | file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a zero root_storage value in a CDF file, related to cdf.c and readcdf.c. | 2016-05-16 | 5.0 | CVE-2014-0236 CONFIRM CONFIRM CONFIRM |
| php — php | PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename.xml attack that bypasses an intended configuration in which client users may read only .xml files. | 2016-05-16 | 6.4 | CVE-2015-3411 CONFIRM CONFIRM CONFIRM |
| php — php | PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension. | 2016-05-16 | 5.0 | CVE-2015-3412 CONFIRM CONFIRM CONFIRM |
| php — php | The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a “Python script text executable” rule. | 2016-05-16 | 5.0 | CVE-2015-4604 CONFIRM MLIST CONFIRM CONFIRM |
| php — php | The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a “Python script text executable” rule. | 2016-05-16 | 5.0 | CVE-2015-4605 CONFIRM MLIST CONFIRM CONFIRM |
| php — php | The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352. | 2016-05-16 | 5.0 | CVE-2015-4644 CONFIRM CONFIRM MLIST CONFIRM |
| php — php | The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838. | 2016-05-16 | 5.0 | CVE-2015-6837 CONFIRM CONFIRM |
| php — php | The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837. | 2016-05-16 | 5.0 | CVE-2015-6838 CONFIRM CONFIRM |
| php — php | ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. | 2016-05-16 | 4.3 | CVE-2015-8838 CONFIRM CONFIRM CONFIRM |
| php — php | Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls. | 2016-05-16 | 5.0 | CVE-2015-8873 CONFIRM CONFIRM CONFIRM |
| php — php | Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. | 2016-05-16 | 5.0 | CVE-2015-8874 CONFIRM CONFIRM |
| php — php | The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c. | 2016-05-16 | 6.4 | CVE-2016-3185 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| qemu — qemu | The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors. | 2016-05-20 | 4.6 | CVE-2016-4439 MLIST CONFIRM MLIST |
| theforeman — foreman | Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission. | 2016-05-20 | 6.5 | CVE-2016-2100 MLIST CONFIRM CONFIRM |
| theforeman — foreman | Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/. | 2016-05-20 | 6.8 | CVE-2016-3728 CONFIRM MLIST CONFIRM CONFIRM |
| x-stream — xstream | Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document. | 2016-05-17 | 5.0 | CVE-2016-3674 CONFIRM CONFIRM MLIST MLIST DEBIAN |
| xmlsoft — libxml2 | The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. | 2016-05-17 | 5.0 | CVE-2016-3627 MLIST MLIST FULLDISC SUSE |
| xmlsoft — libxml2 | The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references. | 2016-05-17 | 5.0 | CVE-2016-3705 CONFIRM FULLDISC SUSE |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache — ambari | The agent in Apache Ambari before 2.1.2 uses weak permissions for the (1) /var/lib/ambari-agent/data and (2) /var/lib/ambari-agent/keys directories, which allows local users to obtain sensitive information by reading files in the directories. | 2016-05-18 | 2.1 | CVE-2016-0707 CONFIRM |
| apple — apple_tv | Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors. | 2016-05-20 | 2.6 | CVE-2016-1807 CONFIRM CONFIRM CONFIRM CONFIRM APPLE APPLE APPLE APPLE |
| apple — safari | The “Clear History and Website Data” feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory. | 2016-05-20 | 2.1 | CVE-2016-1849 CONFIRM CONFIRM APPLE APPLE |
| apple — mac_os_x | The Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows physically proximate attackers to reset expired passwords in the lock-screen state via unspecified vectors. | 2016-05-20 | 2.1 | CVE-2016-1851 CONFIRM APPLE |
| apple — iphone_os | Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state, which allows physically proximate attackers to obtain sensitive contact and photo information via unspecified vectors. | 2016-05-20 | 2.1 | CVE-2016-1852 CONFIRM APPLE |
| google — chrome | Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID. | 2016-05-14 | 2.6 | CVE-2016-1670 CONFIRM CONFIRM CONFIRM |
| haxx — curl | The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate. | 2016-05-20 | 2.6 | CVE-2016-3739 CONFIRM CONFIRM CONFIRM SECTRACK |
| hp — base-vxfs-50 | Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and default:user: entries, which allows local users to bypass intended access restrictions by leveraging the configuration of a parent directory. | 2016-05-14 | 2.1 | CVE-2016-2016 HP |
| ibm — algo_one | Cross-site scripting (XSS) vulnerability in IBM Algorithmics Algo One Algo Risk Application (ARA) 4.9.1 through 5.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2016-05-14 | 3.5 | CVE-2016-0390 CONFIRM |
| iodata — wn-gdn/r3_firmware | The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-GDN/R3-S, and WN-GDN/R3-U devices does not limit PIN guesses, which allows remote attackers to obtain network access via a brute-force attack. | 2016-05-14 | 3.3 | CVE-2016-1206 CONFIRM JVNDB JVN |
| iodata — wn-g300r2_firmware | Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R devices with firmware 1.12 and earlier, WN-G300R2 devices with firmware 1.12 and earlier, and WN-G300R3 devices with firmware 1.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2016-05-14 | 3.5 | CVE-2016-1207 CONFIRM JVNDB JVN |
| qemu — qemu | The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command. | 2016-05-20 | 2.1 | CVE-2016-4441 MLIST CONFIRM MLIST |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cisco — ise | The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815. | 2016-05-20 | not yet calculated | CVE-2016-1402 CISCO |
| cisco — unified_computing_system_central_software | Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250. | 2016-05-20 | not yet calculated | CVE-2016-1401 CISCO |
| php — fileinfo | The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file. | 2016-05-20 | not yet calculated | CVE-2015-8865 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST APPLE CONFIRM CONFIRM |
| php — gd_graphics_library | The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function. | 2016-05-21 | not yet calculated | CVE-2015-8877 CONFIRM CONFIRM CONFIRM CONFIRM |
| php — php | Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive. | 2016-05-21 | not yet calculated | CVE-2014-9767 CONFIRM CONFIRM CONFIRM MLIST CONFIRM |
| php — php | Double free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by triggering an error. | 2016-05-21 | not yet calculated | CVE-2015-8880 CONFIRM |
| php — php | ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161. | 2016-05-21 | not yet calculated | CVE-2015-8866 CONFIRM CONFIRM CONFIRM MLIST CONFIRM |
| php — php | ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive. | 2016-05-21 | not yet calculated | CVE-2016-4342 CONFIRM MLIST CONFIRM CONFIRM |
| php — php | Integer overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow. | 2016-05-21 | not yet calculated | CVE-2016-4345 CONFIRM MLIST CONFIRM |
| php — php | Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow. | 2016-05-21 | not yet calculated | CVE-2016-4346 CONFIRM MLIST CONFIRM |
| php — php | main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses. | 2016-05-21 | not yet calculated | CVE-2015-8878 CONFIRM CONFIRM |
| php — php | Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call. | 2016-05-20 | not yet calculated | CVE-2016-4073 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST APPLE |
| php — php | The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call. | 2016-05-21 | not yet calculated | CVE-2016-4537 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| php — php | The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call. | 2016-05-21 | not yet calculated | CVE-2016-4538 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| php — php | The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. | 2016-05-21 | not yet calculated | CVE-2016-4543 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| php — php | The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. | 2016-05-21 | not yet calculated | CVE-2016-4542 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| php — php | The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. | 2016-05-21 | not yet calculated | CVE-2016-4544 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| php — php | The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset. | 2016-05-21 | not yet calculated | CVE-2016-4540 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| php — php | The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset. | 2016-05-21 | not yet calculated | CVE-2016-4541 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| php — php | The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table. | 2016-05-21 | not yet calculated | CVE-2015-8879 CONFIRM CONFIRM |
| php — php | The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | 2016-05-21 | not yet calculated | CVE-2015-8867 CONFIRM CONFIRM CONFIRM CONFIRM MLIST CONFIRM |
| php — php | The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive. | 2016-05-21 | not yet calculated | CVE-2016-4343 CONFIRM MLIST MISC MISC |
| php — php | The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero. | 2016-05-21 | not yet calculated | CVE-2016-4539 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| php — php | Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data. | 2016-05-21 | not yet calculated | CVE-2015-8876 CONFIRM CONFIRM |
| php — php | Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long argument to the utf8_encode function, leading to a heap-based buffer overflow. | 2016-05-21 | not yet calculated | CVE-2016-4344 CONFIRM MLIST CONFIRM |
| ruby — safemode_gem | The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method. | 2016-05-20 | not yet calculated | CVE-2016-3693 CONFIRM CONFIRM MLIST CONFIRM CONFIRM CONFIRM |
| wordpress — media_element | Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via the query string. | 2016-05-21 | not yet calculated | CVE-2016-4567 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST |
| wordpress — pupload | Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack. | 2016-05-21 | not yet calculated | CVE-2016-4566 CONFIRM MISC CONFIRM CONFIRM CONFIRM MLIST |
| wordpress — wordpress | Cross-site scripting (XSS) vulnerability in the user list table in WordPress before 4.3.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted e-mail address, a different vulnerability than CVE-2015-5714. | 2016-05-21 | not yet calculated | CVE-2015-7989 CONFIRM CONFIRM CONFIRM CONFIRM |
| wordpress — wordpress | Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags. | 2016-05-21 | not yet calculated | CVE-2015-5714 CONFIRM CONFIRM CONFIRM CONFIRM |
| wordpress — wordpress | Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3440. | 2016-05-21 | not yet calculated | CVE-2015-8834 CONFIRM CONFIRM |
| wordpress — wordpress | Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/class-wp-theme.php in WordPress before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a (1) stylesheet name or (2) template name to wp-admin/customize.php. | 2016-05-21 | not yet calculated | CVE-2016-1564 CONFIRM CONFIRM CONFIRM MLIST MISC |
| wordpress — wordpress | Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers incorrect hostname parsing, as demonstrated by an https:example.com URL. | 2016-05-21 | not yet calculated | CVE-2016-2221 CONFIRM CONFIRM CONFIRM |
| wordpress — wordpress | The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address. | 2016-05-21 | not yet calculated | CVE-2016-2222 CONFIRM CONFIRM CONFIRM |
| wordpress — xmlrpc | The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors. | 2016-05-21 | not yet calculated | CVE-2015-5715 CONFIRM CONFIRM CONFIRM CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: May 18, 2016
VMware has released security updates to address vulnerabilities in multiple products. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.
US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2016-0005 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.