Category Archives: US-CERT

US-CERT Alerts – Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

SB16-130: Vulnerability Summary for the Week of May 2, 2016

Original release date: May 09, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
canonical — ubuntu_core The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory. 2016-05-02 7.2 CVE-2016-1575
CONFIRM
MLIST
MISC
CONFIRM
MISC
canonical — ubuntu_core The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program. 2016-05-02 7.2 CVE-2016-1576
MISC
MISC
CONFIRM
MLIST
MISC
CONFIRM
MISC
cisco — telepresence_tc_software The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935. 2016-05-05 9.0 CVE-2016-1387
CISCO
imagemagick — imagemagick The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka “ImageTragick.” 2016-05-05 10.0 CVE-2016-3714
CERT-VN
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
CONFIRM
SECTRACK
MLIST
MLIST
imagemagick — imagemagick The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. 2016-05-05 7.1 CVE-2016-3717
CONFIRM
CONFIRM
CONFIRM
MLIST
linux — linux_kernel The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in the Linux kernel before 2.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending packets to an interface that has a 0.0.0.0 IP address, a related issue to CVE-2015-8787. 2016-05-02 7.8 CVE-2003-1604
CONFIRM
MLIST
MLIST
linux — linux_kernel The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages. 2016-05-02 7.2 CVE-2012-6689
CONFIRM
CONFIRM
MLIST
CONFIRM
MLIST
MLIST
CONFIRM
linux — linux_kernel Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. 2016-05-02 7.2 CVE-2012-6701
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copy_from_iter function in the iov_iter interface, as demonstrated by the Bluetooth subsystem. 2016-05-02 7.2 CVE-2015-2686
CONFIRM
CONFIRM
MLIST
CONFIRM
MISC
CONFIRM
linux — linux_kernel The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call. 2016-05-02 7.2 CVE-2015-8019
CONFIRM
MLIST
MISC
linux — linux_kernel Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression. 2016-05-02 7.2 CVE-2015-8830
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c. 2016-05-02 7.1 CVE-2016-2053
CONFIRM
CONFIRM
MLIST
CONFIRM
linux — linux_kernel The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux kernel before 4.3.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via crafted TCP traffic. 2016-05-02 7.8 CVE-2016-2070
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
mozilla — firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2016-04-30 10.0 CVE-2016-2804
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla — firefox_esr Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2016-04-30 10.0 CVE-2016-2805
CONFIRM
CONFIRM
mozilla — firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2016-04-30 10.0 CVE-2016-2806
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla — firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2016-04-30 10.0 CVE-2016-2807
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
openssh — openbsd The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable. 2016-04-30 7.2 CVE-2015-8325
CONFIRM
CONFIRM
CONFIRM
CONFIRM
openssl — openssl The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the “negative zero” issue. 2016-05-04 10.0 CVE-2016-2108
CONFIRM
CONFIRM
CONFIRM
openssl — openssl The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. 2016-05-04 7.8 CVE-2016-2109
CONFIRM
CONFIRM

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — subversion The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. 2016-05-05 4.9 CVE-2016-2167
SECTRACK
DEBIAN
CONFIRM
MLIST
MLIST
cisco — information_server The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059. 2016-04-30 6.4 CVE-2016-1343
CISCO
cisco — prime_collaboration_assurance Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuu34121. 2016-05-05 5.8 CVE-2016-1392
CISCO
emc — rsa_data_loss_prevention Cross-site scripting (XSS) vulnerability in EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-05-03 4.3 CVE-2016-0892
BUGTRAQ
emc — rsa_data_loss_prevention EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages. 2016-05-03 4.0 CVE-2016-0893
BUGTRAQ
emc — rsa_data_loss_prevention EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to bypass intended object access restrictions via a modified parameter. 2016-05-03 6.5 CVE-2016-0894
BUGTRAQ
emc — rsa_data_loss_prevention EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity. 2016-05-03 4.3 CVE-2016-0895
BUGTRAQ
imagemagick — imagemagick The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. 2016-05-05 5.8 CVE-2016-3715
CONFIRM
CONFIRM
CONFIRM
MLIST
linux — linux_kernel The tty_open function in drivers/tty/tty_io.c in the Linux kernel before 3.1.1 mishandles a driver-lookup failure, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted access to a device file under the /dev/pts directory. 2016-05-02 4.9 CVE-2011-5321
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability. 2016-05-02 4.9 CVE-2015-1573
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection against instruction faulting, which allows local users to cause a denial of service (panic) by triggering a fault, as demonstrated by an unaligned memory operand or a non-canonical address memory operand. 2016-05-02 4.9 CVE-2015-2672
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel The collect_mounts function in fs/namespace.c in the Linux kernel before 4.0.5 does not properly consider that it may execute after a path has been unmounted, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call. 2016-05-02 4.9 CVE-2015-4177
CONFIRM
CONFIRM
MLIST
CONFIRM
MLIST
MLIST
CONFIRM
linux — linux_kernel The fs_pin implementation in the Linux kernel before 4.0.5 does not ensure the internal consistency of a certain list data structure, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call, related to fs/fs_pin.c and include/linux/fs_pin.h. 2016-05-02 4.9 CVE-2015-4178
CONFIRM
MLIST
CONFIRM
MLIST
CONFIRM
MLIST
CONFIRM
linux — linux_kernel The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of service (NULL pointer dereference and panic) via a crafted USB device, related to the ext4_fill_super function. 2016-05-02 4.9 CVE-2015-8324
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) via crafted network traffic. 2016-05-02 5.0 CVE-2015-8746
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data. 2016-05-02 5.0 CVE-2016-2117
CONFIRM
CONFIRM
MLIST
CONFIRM
linux — linux_kernel The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. 2016-05-02 4.9 CVE-2016-2185
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
BUGTRAQ
BUGTRAQ
CONFIRM
linux — linux_kernel The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. 2016-05-02 4.9 CVE-2016-2186
CONFIRM
CONFIRM
CONFIRM
BUGTRAQ
BUGTRAQ
CONFIRM
linux — linux_kernel The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. 2016-05-02 4.9 CVE-2016-2187
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. 2016-05-02 4.9 CVE-2016-2188
CONFIRM
CONFIRM
CONFIRM
BUGTRAQ
BUGTRAQ
CONFIRM
linux — linux_kernel The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program. 2016-05-02 4.4 CVE-2016-2853
MLIST
MLIST
MISC
linux — linux_kernel The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory. 2016-05-02 4.6 CVE-2016-2854
MLIST
MLIST
MISC
linux — linux_kernel The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors. 2016-05-02 4.9 CVE-2016-3136
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions. 2016-05-02 4.9 CVE-2016-3137
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor. 2016-05-02 4.9 CVE-2016-3138
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. 2016-05-02 4.9 CVE-2016-3140
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface. 2016-05-02 4.9 CVE-2016-3689
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor. 2016-05-02 4.9 CVE-2016-3951
MLIST
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
lockon — ec_cube The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200. 2016-04-30 5.0 CVE-2016-1199
CONFIRM
CONFIRM
JVNDB
JVN
lockon — ec_cube The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199. 2016-04-30 6.5 CVE-2016-1200
CONFIRM
CONFIRM
JVNDB
JVN
lockon — ec_cube Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators. 2016-04-30 6.8 CVE-2016-1201
CONFIRM
CONFIRM
JVNDB
JVN
mozilla — firefox The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site. 2016-04-30 5.1 CVE-2016-2808
CONFIRM
CONFIRM
mozilla — firefox The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution. 2016-04-30 5.8 CVE-2016-2809
CONFIRM
CONFIRM
mozilla — firefox Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password. 2016-04-30 4.3 CVE-2016-2810
CONFIRM
CONFIRM
mozilla — firefox Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the BeginReading method. 2016-04-30 6.8 CVE-2016-2811
CONFIRM
CONFIRM
mozilla — firefox Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site. 2016-04-30 5.1 CVE-2016-2812
CONFIRM
CONFIRM
mozilla — firefox Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device’s physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780. 2016-04-30 4.3 CVE-2016-2813
CONFIRM
CONFIRM
MISC
mozilla — firefox Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table. 2016-04-30 6.8 CVE-2016-2814
CONFIRM
CONFIRM
mozilla — firefox Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type. 2016-04-30 4.3 CVE-2016-2816
CONFIRM
CONFIRM
mozilla — firefox The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted extension that accesses a (1) javascript: or (2) data: URL. 2016-04-30 4.3 CVE-2016-2817
CONFIRM
CONFIRM
mozilla — firefox The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element. 2016-04-30 4.3 CVE-2016-2820
CONFIRM
CONFIRM
openssl — openssl crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms. 2016-05-04 5.0 CVE-2000-1254
CONFIRM
MLIST
MLIST
openssl — openssl Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. 2016-05-04 5.0 CVE-2016-2105
CONFIRM
CONFIRM
openssl — openssl Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. 2016-05-04 5.0 CVE-2016-2106
CONFIRM
CONFIRM
openssl — openssl The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data. 2016-05-04 6.4 CVE-2016-2176
CONFIRM
CONFIRM
wireshark — wireshark wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted file. 2016-04-30 4.3 CVE-2016-4415
CONFIRM
MISC
CONFIRM
wireshark — wireshark epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. 2016-04-30 4.3 CVE-2016-4416
CONFIRM
CONFIRM
wireshark — wireshark Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a 0xff tag value. 2016-04-30 4.3 CVE-2016-4417
CONFIRM
CONFIRM
wireshark — wireshark epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set. 2016-04-30 4.3 CVE-2016-4418
CONFIRM
CONFIRM
wireshark — wireshark epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted packet. 2016-04-30 4.3 CVE-2016-4419
CONFIRM
CONFIRM
wireshark — wireshark The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-04-30 4.3 CVE-2016-4420
CONFIRM
wireshark — wireshark epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data. 2016-04-30 4.3 CVE-2016-4421
CONFIRM
CONFIRM

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
linux — linux_kernel mm/filemap.c in the Linux kernel before 2.6.25 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers an iovec of zero length, followed by a page fault for an iovec of nonzero length. 2016-05-02 2.1 CVE-2008-7316
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace. 2016-05-02 3.6 CVE-2014-9717
MLIST
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM
CONFIRM
linux — linux_kernel The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program. 2016-05-02 2.1 CVE-2015-1350
CONFIRM
MISC
MLIST
MLIST
linux — linux_kernel fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of a file or directory. 2016-05-02 2.1 CVE-2015-4176
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user’s file after unsynchronized hole punching and page-fault handling. 2016-05-02 1.9 CVE-2015-8839
CONFIRM
CONFIRM
MLIST
CONFIRM
openssl — openssl The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session, NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. 2016-05-04 2.6 CVE-2016-2107
CONFIRM
CONFIRM

Back to top

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
accellion — file_transfer_appliance Multiple cross-site scripting (XSS) vulnerabilities on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) getimageajax.php, (2) move_partition_frame.html, or (3) wmInfo.html. 2016-05-07 not yet calculated CVE-2016-2350
CERT-VN
MISC
accellion — file_transfer_appliance SQL injection vulnerability in home/seos/courier/security_key2.api on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote attackers to execute arbitrary SQL commands via the client_id parameter. 2016-05-07 not yet calculated CVE-2016-2351
CERT-VN
MISC
accellion — file_transfer_appliance The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows local users to add an SSH key to an arbitrary group, and consequently gain privileges, via unspecified vectors. 2016-05-07 not yet calculated CVE-2016-2353
CERT-VN
MISC
accellion — file_transfer_appliance The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote authenticated users to execute arbitrary commands by leveraging the YUM_CLIENT restricted-user role. 2016-05-07 not yet calculated CVE-2016-2352
CERT-VN
MISC
adobe — reader_and_acrobat Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via a crafted Graphics State dictionary. 2016-04-30 not yet calculated CVE-2016-1111
CONFIRM
MISC
apache — subversion The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check. 2016-05-05 not yet calculated CVE-2016-2168
SECTRACK
DEBIAN
CONFIRM
MLIST
MLIST
cisco — asa_with_firepower The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module for Cisco ASA with FirePOWER Services 5.3.1 through 6.0.0 misconfigures kernel logging, which allows remote attackers to cause a denial of service (resource consumption, and inspection outage or module outage) via a flood of crafted IP traffic, aka Bug ID CSCux19922. 2016-05-05 not yet calculated CVE-2016-1369
CISCO
cisco — finesse The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623. 2016-05-05 not yet calculated CVE-2016-1373
CISCO
cisco — firepower_system Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these appliances, allows remote attackers to cause a denial of service (packet-processing outage) via crafted packets, aka Bug ID CSCuu86214. 2016-05-05 not yet calculated CVE-2016-1368
CISCO
cool_projects — tardiff Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory. 2016-05-06 not yet calculated CVE-2015-0858
CONFIRM
DEBIAN
cool_projects — tardiff Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file. 2016-05-06 not yet calculated CVE-2015-0857
CONFIRM
CONFIRM
DEBIAN
emc — rsa_authentication_manager CRLF injection vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. 2016-05-07 not yet calculated CVE-2016-0902
BUGTRAQ
emc — rsa_authentication_manager Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0901. 2016-05-07 not yet calculated CVE-2016-0900
BUGTRAQ
emc –rsa_authentication_manager Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0900. 2016-05-07 not yet calculated CVE-2016-0901
BUGTRAQ
gnu — libtasn1 The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. 2016-05-05 not yet calculated CVE-2016-4008
MLIST
UBUNTU
UBUNTU
MLIST
FEDORA
FEDORA
FEDORA
CONFIRM
CONFIRM
hpe — network_node_manager Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2010. 2016-05-07 not yet calculated CVE-2016-2011
HP
hpe — network_node_manager Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2011. 2016-05-07 not yet calculated CVE-2016-2010
HP
hpe — network_node_manager HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to bypass authentication via unspecified vectors. 2016-05-07 not yet calculated CVE-2016-2012
HP
hpe — network_node_manager HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. 2016-05-07 not yet calculated CVE-2016-2009
HP
hpe — network_node_manager HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. 2016-05-07 not yet calculated CVE-2016-2014
HP
hpe — network_node_manager HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified vectors. 2016-05-07 not yet calculated CVE-2016-2013
HP
imagemagick — imagemagick The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. 2016-05-05 not yet calculated CVE-2016-3718
CONFIRM
CONFIRM
MLIST
CONFIRM
imagemagick — imagemagick The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. 2016-05-05 not yet calculated CVE-2016-3716
CONFIRM
CONFIRM
MLIST
CONFIRM
jq — jv The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. 2016-05-06 not yet calculated CVE-2016-4074
MISC
MLIST
MLIST
jq — jv_parse.c Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow. 2016-05-06 not yet calculated CVE-2015-8863
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
SUSE
SUSE
libarchive — libarchive Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive. 2016-05-07 not yet calculated CVE-2016-1541
CERT-VN
CONFIRM
CONFIRM
libpam_sshauth — pam_sshauth The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account. 2016-05-06 not yet calculated CVE-2016-4422
CONFIRM
DEBIAN
linux — linux_kernel Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread. 2016-05-02 not yet calculated CVE-2015-4170
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
linux — linux_kernel The adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, uses an incorrect integer data type, which allows attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and incorrect memory allocation) or possibly have unspecified other impact via a crafted IOCTL_KGSL_PERFCOUNTER_QUERY ioctl call. 2016-05-05 not yet calculated CVE-2016-2062
CONFIRM
CONFIRM
linux — linux_kernel The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_router_core.c in the IPC router kernel module for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify that a port is a client port, which allows attackers to gain privileges or cause a denial of service (race condition and list corruption) by making many BIND_CONTROL_PORT ioctl calls. 2016-05-05 not yet calculated CVE-2016-2059
CONFIRM
CONFIRM
linux — security_response The HTTPS NIO Connector allows remote attackers to cause a denial of service (thread consumption) by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability. 2016-05-06 not yet calculated CVE-2016-2094
CONFIRM
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
little_cms_2 — liblcms2 Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler. 2016-05-07 not yet calculated CVE-2013-7455
CERT-VN
MISC
CONFIRM
mcafee — livesafe Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted packed executable. 2016-05-05 not yet calculated CVE-2016-4535
EXPLOIT-DB
MISC
MISC
mcafee — virusscan_enterprise The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry handles. 2016-05-05 not yet calculated CVE-2016-4534
EXPLOIT-DB
MISC
CONFIRM
CONFIRM
FULLDISC
MISC
poppler — exponentialfunction Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document. 2016-05-06 not yet calculated CVE-2015-8868
CONFIRM
CONFIRM
CONFIRM
UBUNTU
MLIST
DEBIAN
FEDORA
FEDORA
trend_micro — email_encryption_gateway SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2016-05-05 not yet calculated CVE-2016-4351
CONFIRM
MISC
veritas — netbackup bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input. 2016-05-07 not yet calculated CVE-2015-6550
CONFIRM
veritas — netbackup The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors. 2016-05-07 not yet calculated CVE-2015-6552
CONFIRM
veritas — netbackup Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets. 2016-05-07 not yet calculated CVE-2015-6551
CONFIRM

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

ImageMagick Vulnerability

Original release date: May 04, 2016 | Last revised: May 05, 2016

ImageMagick, an open-source image processing software suite, has released versions 7.0.1-1 and 6.9.3-10 to address a vulnerability in previous software versions. Exploitation of this vulnerability may allow an attacker to take control of an affected system.

Users and administrators are encouraged to review the article ImageMagick Security Issue, the Openwall Security Blog, and Vulnerability Note VU#250519 for more information and apply the ImageMagick updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates

Original release date: May 04, 2016

Cisco has released security updates to address vulnerabilities in multiple products. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:


This product is provided subject to this Notification and this Privacy & Use policy.

Apple Releases Security Update

Original release date: May 03, 2016

Apple has released a security update for Xcode to address two vulnerabilities. Exploitation of either of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Apple security update for Xcode and update to version 7.3.1 for OS X El Capitan v10.11 and later.


This product is provided subject to this Notification and this Privacy & Use policy.

OpenSSL Releases Security Updates

Original release date: May 03, 2016

OpenSSL has released security updates to address vulnerabilities in previous versions. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

Available updates include:

  • OpenSSL 1.0.2h  for 1.0.2 users
  • OpenSSL 1.0.1t  for 1.0.1 users

US-CERT encourages users and administrators to review the OpenSSL Security Advisory page and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

SB16-123: Vulnerability Summary for the Week of April 25, 2016

Original release date: May 02, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — air Use-after-free vulnerability in the TextField object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted text property, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8653, CVE-2015-8655, CVE-2015-8821, and CVE-2015-8822. 2016-04-22 9.3 CVE-2015-8823
CONFIRM
MISC

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — analytics_appmeasurement_for_flash_library Cross-site scripting (XSS) vulnerability in Adobe Analytics AppMeasurement for Flash Library before 4.0.1, when debugTracking is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-04-22 4.3 CVE-2016-1036
CONFIRM
allround_automations — pl/sql_developer Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream. 2016-04-25 6.8 CVE-2016-2346
CERT-VN
MISC
blackberry — enterprise_server Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1918. 2016-04-22 4.3 CVE-2016-1917
CONFIRM
blackberry — enterprise_server Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1917. 2016-04-22 4.3 CVE-2016-1918
CONFIRM
blackberry — enterprise_server Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2016-04-22 4.3 CVE-2016-3126
CONFIRM
foxitsoftware — phantompdf Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted FlateDecode stream in a PDF document. 2016-04-22 6.8 CVE-2016-4059
CONFIRM
MISC
foxitsoftware — phantompdf Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to cause a denial of service (application crash) via unspecified vectors. 2016-04-22 5.0 CVE-2016-4060
CONFIRM
foxitsoftware — phantompdf Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of service (application crash) via a crafted content stream. 2016-04-22 5.0 CVE-2016-4061
CONFIRM
foxitsoftware — phantompdf Foxit Reader and PhantomPDF before 7.3.4 on Windows improperly report format errors recursively, which allows remote attackers to cause a denial of service (application hang) via a crafted PDF. 2016-04-22 4.3 CVE-2016-4062
CONFIRM
foxitsoftware — phantompdf Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via an object with a revision number of -1 in a PDF document. 2016-04-22 6.8 CVE-2016-4063
CONFIRM
MISC
MISC
foxitsoftware — phantompdf Use-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge call. 2016-04-22 6.8 CVE-2016-4064
CONFIRM
MISC
foxitsoftware — phantompdf The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted (1) JPEG, (2) GIF, or (3) BMP image. 2016-04-22 6.8 CVE-2016-4065
CONFIRM
MISC
MISC
MISC
linux — linux_kernel Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times. 2016-04-27 4.9 CVE-2015-1339
CONFIRM
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints. 2016-04-27 4.9 CVE-2015-7515
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor. 2016-04-27 4.9 CVE-2016-2384
CONFIRM
CONFIRM
CONFIRM
MLIST
linux — linux_kernel Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time. 2016-04-27 4.7 CVE-2016-2544
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
linux — linux_kernel The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call. 2016-04-27 4.7 CVE-2016-2545
CONFIRM
MLIST
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call. 2016-04-27 4.7 CVE-2016-2546
CONFIRM
MLIST
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call. 2016-04-27 4.7 CVE-2016-2547
CONFIRM
MLIST
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes. 2016-04-27 4.9 CVE-2016-2847
MLIST
CONFIRM
CONFIRM
CONFIRM
novell — service_desk Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL. 2016-04-22 6.5 CVE-2016-1593
CONFIRM
MISC
MISC
novell — service_desk Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a (1) downloadLogFiles or (2) downloadFile action. 2016-04-22 4.0 CVE-2016-1594
CONFIRM
MISC
MISC
novell — service_desk LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection attacks and obtain sensitive information via the entityName parameter. 2016-04-22 4.0 CVE-2016-1595
CONFIRM
MISC
MISC
qemu — qemu Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes. 2016-04-26 6.8 CVE-2016-4002
MLIST
CONFIRM
MLIST
MLIST
samba — samba Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors. 2016-04-24 4.3 CVE-2015-5370
CONFIRM
samba — samba The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security. 2016-04-24 4.3 CVE-2016-2110
CONFIRM
samba — samba The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel’s endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005. 2016-04-24 4.3 CVE-2016-2111
CONFIRM
samba — samba The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the “client ldap sasl wrapping” setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream. 2016-04-24 4.3 CVE-2016-2112
CONFIRM
samba — samba Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate. 2016-04-24 5.8 CVE-2016-2113
CONFIRM
samba — samba The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the “server signing = mandatory” setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream. 2016-04-24 4.3 CVE-2016-2114
CONFIRM
samba — samba Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream. 2016-04-24 4.3 CVE-2016-2115
CONFIRM
squid — squid_cache Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data. 2016-04-25 6.8 CVE-2016-4051
CONFIRM
SECTRACK
MLIST
MLIST
squid — squid_cache Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses. 2016-04-25 6.8 CVE-2016-4052
CONFIRM
SECTRACK
MLIST
MLIST
squid — squid_cache Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization. 2016-04-25 4.3 CVE-2016-4053
CONFIRM
SECTRACK
MLIST
MLIST
squid — squid_cache Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses. 2016-04-25 6.8 CVE-2016-4054
CONFIRM
SECTRACK
MLIST
MLIST
symantec — messaging_gateway The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. 2016-04-22 6.5 CVE-2016-2204
CONFIRM
BID
wireshark — wireshark epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet. 2016-04-25 4.3 CVE-2016-4006
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-04-25 4.3 CVE-2016-4076
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. 2016-04-25 4.3 CVE-2016-4077
CONFIRM
MISC
CONFIRM
CONFIRM
wireshark — wireshark The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c. 2016-04-25 4.3 CVE-2016-4078
CONFIRM
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet. 2016-04-25 4.3 CVE-2016-4079
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. 2016-04-25 4.3 CVE-2016-4080
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2016-04-25 4.3 CVE-2016-4081
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet. 2016-04-25 4.3 CVE-2016-4082
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-04-25 4.3 CVE-2016-4083
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and application crash) via a crafted packet that triggers an unexpected array size. 2016-04-25 4.3 CVE-2016-4084
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet. 2016-04-25 4.3 CVE-2016-4085
CONFIRM
CONFIRM
CONFIRM

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
blackberry — enterprise_server Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a certain Export IT screen. 2016-04-22 3.5 CVE-2016-1916
CONFIRM
novell — service_desk Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain (1) user name, (2) tf_aClientFirstName, (3) tf_aClientLastName, (4) ta_selectedTopicContent, (5) tf_orgUnitName, (6) tf_aManufacturerFullName, (7) tf_aManufacturerName, (8) tf_aManufacturerAddress, or (9) tf_aManufacturerCity parameter. 2016-04-22 3.5 CVE-2016-1596
CONFIRM
MISC
MISC
symantec — messaging_gateway The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges. 2016-04-22 2.1 CVE-2016-2203
CONFIRM
BID

Back to top

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — reader Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via a crafted Graphics State dictionary. 2016-04-30 not yet calculated CVE-2016-1111
CONFIRM
MISC
apache_struts — dynamic_method_invocation Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions. 2016-04-26 not yet calculated CVE-2016-3081
CONFIRM
SECTRACK
apache_struts — xsltresult XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter. 2016-04-26 not yet calculated CVE-2016-3082
SECTRACK
CONFIRM
atom — electron Untrusted search path vulnerability in Atom Electron before 0.33.5 allows local users to gain privileges via a Trojan horse Node.js module in a parent directory of a directory named on a require line. 2016-04-25 not yet calculated CVE-2016-1202
CONFIRM
CONFIRM
JVNDB
JVN
cisco — api The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521. 2016-04-28 not yet calculated CVE-2016-1386
CISCO
cisco — webex_meetings_server_(cwms) Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuy44695. 2016-04-28 not yet calculated CVE-2016-1389
CISCO
cisco — webex_productivity Untrusted search path vulnerability in Cisco WebEx Productivity Tools 2.40.5001.10012 allows local users to gain privileges via a Trojan horse cryptsp.dll, dwmapi.dll, msimg32.dll, ntmarta.dll, propsys.dll, riched20.dll, rpcrtremote.dll, secur32.dll, sxs.dll, or uxtheme.dll file in the current working directory, aka Bug ID CSCuy56140. 2016-04-28 not yet calculated CVE-2016-4349
MISC
cisco — xml_parser The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059. 2016-04-30 not yet calculated CVE-2016-1343
CISCO
cybozu — kintone_mobile The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application. 2016-04-25 not yet calculated CVE-2016-1185
CONFIRM
JVNDB
JVN
ec_cube — cross_site scripting_(xss) Cross-site scripting (XSS) vulnerability in the shiro8 (1) category_freearea_ addition_plugin plugin 1.0 and (2) itemdetail_freearea_ addition_plugin plugin 1.0 for EC-CUBE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-04-27 not yet calculated CVE-2016-1205
CONFIRM
JVNDB
JVN
gd_graphics_library — integer_signedness_error Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow. 2016-04-26 not yet calculated CVE-2016-3074
CONFIRM
SECTRACK
BUGTRAQ
DEBIAN
FULLDISC
MISC
ibm — db2 IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted DRDA message. 2016-04-27 not yet calculated CVE-2016-0211
CONFIRM
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
linux — arch/powerpc/kernel/process.c The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. 2016-04-27 not yet calculated CVE-2015-8845
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — arch/x86/mm/mmap.c The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits. 2016-04-27 not yet calculated CVE-2016-3672
CONFIRM
CONFIRM
CONFIRM
linux — arch/x86/mm/tlb.c Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU. 2016-04-27 not yet calculated CVE-2016-2069
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — drivers/infiniband/hw/cxgb3/iwch_cm.c drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets. 2016-04-27 not yet calculated CVE-2015-8812
CONFIRM
CONFIRM
MLIST
CONFIRM
linux — drivers/input/tablet/wacom_sys.c The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. 2016-04-27 not yet calculated CVE-2016-3139
CONFIRM
MISC
CONFIRM
CONFIRM
CONFIRM
MISC
linux — drivers/usb/core/hub.c The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device. 2016-04-27 not yet calculated CVE-2015-8816
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — drivers/usb/serial/visor.c The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint. 2016-04-27 not yet calculated CVE-2016-2782
CONFIRM
CONFIRM
MLIST
CONFIRM
linux — fork_implementation The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h. 2016-04-27 not yet calculated CVE-2016-2143
CONFIRM
CONFIRM
CONFIRM
linux — fs/pipe.c The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an “I/O vector array overrun.” NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-1805. 2016-04-27 not yet calculated CVE-2016-0774
CONFIRM
CONFIRM
linux — integer_xt_alloc_table_info Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call. 2016-04-27 not yet calculated CVE-2016-3135
CONFIRM
MISC
CONFIRM
CONFIRM
linux — ipv4_implementation The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses. 2016-04-27 not yet calculated CVE-2016-3156
CONFIRM
CONFIRM
MLIST
CONFIRM
linux — kernel/bpf/verifier.c The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions. 2016-04-27 not yet calculated CVE-2016-2383
CONFIRM
CONFIRM
MLIST
CONFIRM
linux — linux_kernel The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by leveraging incorrect tracking of descriptor ownership and sending each descriptor over a UNIX socket before closing it. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-4312. 2016-04-27 not yet calculatednot yet calculated CVE-2016-2550
CONFIRM
CONFIRM
MLIST
CONFIRM
linux — netfilter_subsystem The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call. 2016-04-27 not yet calculated CVE-2016-3134
CONFIRM
MISC
CONFIRM
CONFIRM
linux — powerpc_platforms The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. 2016-04-27 not yet calculated CVE-2015-8844
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — security/integrity/evm/evm_main.c The evm_verify_hmac function in security/integrity/evm/evm_main.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to forge MAC values via a timing side-channel attack. 2016-04-27 not yet calculated CVE-2016-2085
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux — sound/core/seq/seq_clientmgr.c The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call. 2016-04-27 not yet calculated CVE-2016-2543
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — sound/core/timer.c sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call. 2016-04-27

not yet calculated

CVE-2016-2549
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — sound/core/timer.c sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions. 2016-04-27 not yet calculated CVE-2016-2548
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — sound/usb/quirks.c The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor. 2016-04-27 not yet calculated CVE-2016-2184
CONFIRM
CONFIRM
CONFIRM
BUGTRAQ
BUGTRAQ
BUGTRAQ
CONFIRM
linux — suse_linux_enterprise_12_sp1 yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow attackers to have unspecified impact via unknown vectors. 2016-04-26 not yet calculated CVE-2016-1601
CONFIRM
CONFIRM
SUSE
lockon — ec_cube Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators. 2016-04-30 not yet calculated CVE-2016-1201
CONFIRM
CONFIRM
JVNDB
JVN
lockon — ec_cube The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200. 2016-04-30 not yet calculated CVE-2016-1199
CONFIRM
CONFIRM
JVNDB
JVN
lockon — ec_cube The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199. 2016-04-30 not yet calculated CVE-2016-1200
CONFIRM
CONFIRM
JVNDB
JVN
mozilla — android Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password. 2016-04-30 not yet calculatednot yet calculated CVE-2016-2810
CONFIRM
CONFIRM
mozilla — android Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device’s physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780. 2016-04-30 not yet calculated CVE-2016-2813
CONFIRM
CONFIRM
MISC
mozilla — browser/components/extensions/ext_tabs.js The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted extension that accesses a (1) javascript: or (2) data: URL. 2016-04-30 not yet calculated CVE-2016-2817
CONFIRM
CONFIRM
mozilla — browser_engine Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2016-04-30 not yet calculated CVE-2016-2804
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla — browser_engine Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2016-04-30 not yet calculated CVE-2016-2806
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla — browser_engine Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2016-04-30 not yet calculated CVE-2016-2807
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla — browser_engine Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2016-04-30 not yet calculated CVE-2016-2805
CONFIRM
CONFIRM
mozilla — content_security_policy_(csp) Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type. 2016-04-30 not yet calculated CVE-2016-2816
CONFIRM
CONFIRM
mozilla — firefox_healthreports The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element. 2016-04-30 not yet calculated CVE-2016-2820
CONFIRM
CONFIRM
mozilla — heap_based_buffer_overflow Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table. 2016-04-30 not yet calculated CVE-2016-2814
CONFIRM
CONFIRM
mozilla — maintenance_service_updater The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution. 2016-04-30   CVE-2016-2809
CONFIRM
CONFIRM
mozilla — serviceworker_info Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the BeginReading method. 2016-04-30 not yet calculated CVE-2016-2811
CONFIRM
CONFIRM
mozilla — serviceworker_manager Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site. 2016-04-30 not yet calculated CVE-2016-2812
CONFIRM
CONFIRM
mozilla — watch_implementation The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site. 2016-04-30 not yet calculated CVE-2016-2808
CONFIRM
CONFIRM
openssh — session.c_sshd The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable. 2016-04-30 not yet calculated CVE-2015-8325
CONFIRM
CONFIRM
CONFIRM
CONFIRM
syslink — sl_1000_(m2m)_modular_gateway flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the 5066 (aka dnsmasq) parameter. 2016-04-25 not yet calculated CVE-2016-2332
CERT-VN
syslink — sl_1000_(m2m)_modular_gateway SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers’ installations, which allows attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. 2016-04-25 not yet calculated CVE-2016-2333
CERT-VN
syslink — sl_1000_(m2m)_modular_gateway The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors. 2016-04-25 not yet calculated CVE-2016-2331
CERT-VN
varnish — stacked_installations Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request. 2016-04-25 not yet calculated CVE-2015-8852
MLIST
CONFIRM
CONFIRM
MLIST
MLIST
DEBIAN
wireshark — asn.1_ber epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set. 2016-04-30 not yet calculated CVE-2016-4418
CONFIRM
CONFIRM
wireshark — asn.1_ber epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data. 2016-04-30 not yet calculated CVE-2016-4421
CONFIRM
CONFIRM
wireshark — epan/dissectors/packet-gsm_abis_oml.c Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a 0xff tag value. 2016-04-30 not yet calculated CVE-2016-4417
CONFIRM
CONFIRM
wireshark — ieee_802.11_dissector epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. 2016-04-30 not yet calculated CVE-2016-4416
CONFIRM
CONFIRM
wireshark — ixia_ixveriwave wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted file. 2016-04-30 not yet calculated CVE-2016-4415
CONFIRM
MISC
CONFIRM
wireshark — nfs_dissector The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-04-30 not yet calculated CVE-2016-4420
CONFIRM
wireshark — spice epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted packet. 2016-04-30 not yet calculated CVE-2016-4419
CONFIRM
CONFIRM

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Google Releases Security Update for Chrome

Original release date: April 28, 2016

Google has released Chrome version 50.0.2661.94 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.

Mozilla Releases Security Updates

Original release date: April 26, 2016

Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Available updates include:

  • Firefox 46
  • FireFox ESR 38.8
  • FireFox ESR 45.1

Users and administrators are encouraged to review the Mozilla Security Advisories for Firefox and Firefox ESR and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

SB16-116: Vulnerability Summary for the Week of April 18, 2016

Original release date: April 25, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cisco — adaptive_security_appliance_software The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. 2016-04-21 7.8 CVE-2015-6360
CISCO
cisco — unified_computing_system_platform_emulator Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted arguments on a ucspe-copy command line, aka Bug ID CSCux68832. 2016-04-15 7.2 CVE-2016-1339
CISCO
cisco — unified_computing_system_platform_emulator Heap-based buffer overflow in Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted libclimeta.so filename arguments, aka Bug ID CSCux68837. 2016-04-15 7.2 CVE-2016-1340
CISCO
dhcpcd_project — dhcpcd dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634. 2016-04-17 10.0 CVE-2016-1503
CONFIRM
CONFIRM
CONFIRM
emc — unisphere An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname. 2016-04-15 10.0 CVE-2016-0889
BUGTRAQ
gnu — glibc Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. 2016-04-19 7.5 CVE-2014-9761
MLIST
CONFIRM
MLIST
MLIST
SUSE
SUSE
SUSE
SUSE
SUSE
gnu — glibc Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. 2016-04-19 7.5 CVE-2015-8778
MLIST
CONFIRM
MLIST
MLIST
DEBIAN
SUSE
SUSE
SUSE
SUSE
SUSE
gnu — glibc Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. 2016-04-19 7.5 CVE-2015-8779
MLIST
CONFIRM
MLIST
MLIST
DEBIAN
SUSE
SUSE
SUSE
SUSE
SUSE
google — android An unspecified media codec in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26220548. 2016-04-17 10.0 CVE-2016-0834
CONFIRM
google — android decoder/impeg2d_dec_hdr.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a certain negative value, aka internal bug 26070014. 2016-04-17 10.0 CVE-2016-0835
CONFIRM
CONFIRM
CONFIRM
google — android Stack-based buffer overflow in decoder/impeg2d_vld.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25812590. 2016-04-17 10.0 CVE-2016-0836
CONFIRM
CONFIRM
google — android MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via a crafted media file, aka internal bug 27208621. 2016-04-17 10.0 CVE-2016-0837
CONFIRM
CONFIRM
google — android Sonivox in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a negative number of samples, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to arm-wt-22k/lib_src/eas_wtengine.c and arm-wt-22k/lib_src/eas_wtsynth.c, aka internal bug 26366256. 2016-04-17 10.0 CVE-2016-0838
CONFIRM
CONFIRM
CONFIRM
google — android post_proc/volume_listener.c in mediaserver in Android 6.x before 2016-04-01 mishandles deleted effect context, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25753245. 2016-04-17 10.0 CVE-2016-0839
CONFIRM
CONFIRM
google — android Multiple stack-based buffer underflows in decoder/ih264d_parse_cavlc.c in mediaserver in Android 6.x before 2016-04-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26399350. 2016-04-17 10.0 CVE-2016-0840
CONFIRM
CONFIRM
google — android media/libmedia/mediametadataretriever.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mishandles cleared service binders, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26040840. 2016-04-17 10.0 CVE-2016-0841
CONFIRM
CONFIRM
google — android The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 mishandles Memory Management Control Operation (MMCO) data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25818142. 2016-04-17 10.0 CVE-2016-0842
CONFIRM
CONFIRM
google — android The Qualcomm ARM processor performance-event manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application, aka internal bug 25801197. 2016-04-17 7.2 CVE-2016-0843
CONFIRM
google — android The Qualcomm RF driver in Android 6.x before 2016-04-01 does not properly restrict access to socket ioctl calls, which allows attackers to gain privileges via a crafted application, aka internal bug 26324307. 2016-04-17 7.2 CVE-2016-0844
CONFIRM
CONFIRM
google — android libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26877992. 2016-04-17 7.2 CVE-2016-0846
CONFIRM
CONFIRM
google — android The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to spoof the originating telephone number of a call via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26864502. 2016-04-17 7.2 CVE-2016-0847
CONFIRM
CONFIRM
CONFIRM
google — android Race condition in Download Manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to bypass private-storage file-access restrictions via a crafted application that changes a symlink target, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26211054. 2016-04-17 7.2 CVE-2016-0848
CONFIRM
CONFIRM
google — android Multiple integer overflows in minzip/SysUtil.c in the Recovery Procedure in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26960931. 2016-04-17 7.2 CVE-2016-0849
CONFIRM
CONFIRM
google — chrome The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related to compiler/pipeline.cc and compiler/simplified-lowering.cc. 2016-04-18 9.3 CVE-2016-1653
CONFIRM
CONFIRM
CONFIRM
google — chrome Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension. 2016-04-18 7.5 CVE-2016-1655
CONFIRM
CONFIRM
CONFIRM
google — chrome Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2016-04-18 10.0 CVE-2016-1659
CONFIRM
CONFIRM
google — android A Texas Instruments (TI) haptic kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 25981545. 2016-04-17 9.3 CVE-2016-2409
CONFIRM
google — android A Qualcomm Power Management kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages root access, aka internal bug 26866053. 2016-04-17 9.3 CVE-2016-2411
CONFIRM
google — android include/core/SkPostConfig.h in Skia, as used in System_server in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, mishandles certain crashes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26593930. 2016-04-17 9.3 CVE-2016-2412
CONFIRM
CONFIRM
google — android media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26403627. 2016-04-17 9.3 CVE-2016-2413
CONFIRM
CONFIRM
google — android exchange/eas/EasAutoDiscover.java in the Autodiscover implementation in Exchange ActiveSync in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to obtain sensitive information via a crafted application that triggers a spoofed response to a GET request, aka internal bug 26488455. 2016-04-17 7.1 CVE-2016-2415
CONFIRM
CONFIRM
google — android media/libmedia/IOMX.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize certain metadata buffer pointers, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324358. 2016-04-17 10.0 CVE-2016-2418
CONFIRM
CONFIRM
google — android rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the /data/tombstones directory exists for the Debuggerd component, which allows attackers to gain privileges via a crafted application, aka internal bug 26403620. 2016-04-17 9.3 CVE-2016-2420
CONFIRM
CONFIRM
CONFIRM
juniper — screenos The administrative web services interface in Juniper ScreenOS before 6.3.0r21 allows remote attackers to cause a denial of service (reboot) via a crafted SSL packet. 2016-04-15 7.8 CVE-2016-1268
CONFIRM
juniper — junos Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R9, 13.2X51 before 13.2X51-D39, 13.3 before 13.3R8, 14.1 before 14.1R6, 14.1X53 before 14.1X53-D30, 14.2 before 14.2R4-S1, 15.1 before 15.1R2, 15.1X49 before 15.1X49-D30, and 16.1 before 16.1R1 allow remote attackers to cause a denial of service (socket consumption) via crafted TCP timestamps. 2016-04-15 7.8 CVE-2016-1269
CONFIRM
juniper — junos Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D25, 13.2 before 13.2R8, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.2 before 14.2R4, 15.1 before 15.1R1 or 15.1F2, and 15.1X49 before 15.1X49-D15 allow local users to gain privileges via crafted combinations of CLI commands and arguments, a different vulnerability than CVE-2015-3003, CVE-2014-3816, and CVE-2014-0615. 2016-04-15 7.2 CVE-2016-1271
CONFIRM
juniper — junos Juniper Junos OS 14.1X53 before 14.1X53-D30 on QFX Series switches allows remote attackers to cause a denial of service (PFE panic) via a high rate of unspecified VXLAN packets. 2016-04-15 7.8 CVE-2016-1274
CONFIRM
Fedora — latex2rtf Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the keywords command in a crafted TeX file. 2016-04-18 9.3 CVE-2015-8106
CONFIRM
CONFIRM
MLIST
FEDORA
FEDORA
FEDORA
linuxfoundation — foomatic-filters Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title. 2016-04-15 7.5 CVE-2010-5325
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
REDHAT
novell — opensuse Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file. 2016-04-18 9.3 CVE-2015-7552
CONFIRM
SUSE
optipng — optipng Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file. 2016-04-20 9.3 CVE-2015-7801
CONFIRM
UBUNTU
MLIST
oracle — weblogic_server Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Messaging Service. 2016-04-21 7.5 CVE-2016-0638
CONFIRM
oracle — mysql Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication. 2016-04-21 10.0 CVE-2016-0639
CONFIRM
panda — panda_security_url_filtering Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the “Panda Security URL Filtering” directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe. 2016-04-18 7.2 CVE-2015-7378
EXPLOIT-DB
FULLDISC
MISC
panda — panda_endpoint_administration_agent Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module. 2016-04-18 7.2 CVE-2016-3943
EXPLOIT-DB
FULLDISC
MISC
xen — xen Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping. 2016-04-19 7.2 CVE-2016-3960
CONFIRM

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — camel Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using (1) camel-jetty or (2) camel-servlet as a consumer in Camel routes, allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request. 2016-04-15 6.8 CVE-2015-5348
CONFIRM
BUGTRAQ
MISC
CONFIRM
dotcms — dotcms Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter. 2016-04-18 4.0 CVE-2016-3972
FULLDISC
CONFIRM
dotcms — dotcms SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter. 2016-04-19 6.5 CVE-2016-4040
CONFIRM
CONFIRM
CONFIRM
gnu — glibc The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. 2016-04-19 6.4 CVE-2015-8776
MLIST
CONFIRM
MLIST
MLIST
DEBIAN
SUSE
SUSE
SUSE
SUSE
SUSE
google — android The PORCHE_PAIRING_CONFLICT feature in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to bypass intended pairing restrictions via a crafted device, aka internal bug 26551752. 2016-04-17 5.8 CVE-2016-0850
CONFIRM
CONFIRM
google — chrome fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted JPEG 2000 data in a PDF document. 2016-04-18 5.8 CVE-2016-1651
CONFIRM
CONFIRM
MISC
CONFIRM
google — chrome Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka “Universal XSS (UXSS).” 2016-04-18 4.3 CVE-2016-1652
CONFIRM
CONFIRM
CONFIRM
google — chrome The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors. 2016-04-18 4.3 CVE-2016-1654
CONFIRM
CONFIRM
google — chrome The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors. 2016-04-18 5.0 CVE-2016-1656
CONFIRM
CONFIRM
google — chrome The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL. 2016-04-18 4.3 CVE-2016-1657
CONFIRM
CONFIRM
CONFIRM
google — chrome The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension. 2016-04-18 5.0 CVE-2016-1658
CONFIRM
CONFIRM
CONFIRM
google — android A Qualcomm video kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 26291677. 2016-04-17 6.9 CVE-2016-2410
CONFIRM
google — android The Minikin library in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider negative size values in font data, which allows remote attackers to cause a denial of service (memory corruption and reboot loop) via a crafted font, aka internal bug 26413177. 2016-04-17 4.9 CVE-2016-2414
CONFIRM
CONFIRM
CONFIRM
huawei — ar3200_firmware Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets. 2016-04-18 6.8 CVE-2016-3950
CONFIRM
juniper — junos Race condition in the Op command in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 12.3X50 before 12.3X50-D50, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.2X52 before 13.2X52-D30, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.1X53 before 14.1X53-D30, 14.2 before 14.2R4, 15.1 before 15.1F2 or 15.1R2, 15.1X49 before 15.1X49-D10 or 15.1X49-D20, and 16.1 before 16.1R1 allows remote authenticated users to gain privileges via the URL option. 2016-04-15 6.5 CVE-2016-1264
CONFIRM
juniper — junos Race condition in the RPC functionality in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.1X53 before 14.1X53-D30, 14.2 before 14.2R3-S4, 15.1 before 15.1F2, or 15.1R2, 15.1X49 before 15.1X49-D20, and 16.1 before 16.1R1 allows local users to read, delete, or modify arbitrary files via unspecified vectors. 2016-04-15 4.4 CVE-2016-1267
CONFIRM
juniper — junos The rpd daemon in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D40, 13.3 before 13.3R6, 14.1 before 14.1R4, and 14.2 before 14.2R2, when configured with BGP-based L2VPN or VPLS, allows remote attackers to cause a denial of service (daemon restart) via a crafted L2VPN family BGP update. 2016-04-15 5.0 CVE-2016-1270
CONFIRM
juniper — junos Juniper Junos OS before 13.2X51-D40, 14.x before 14.1X53-D30, and 15.x before 15.1X53-D20 on QFX5100 and QFX10002 switches do not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic encryption and authentication protection mechanisms via unspecified vectors. 2016-04-15 4.3 CVE-2016-1273
CONFIRM
libreswan — libreswan Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform. 2016-04-18 5.0 CVE-2016-3071
CONFIRM
FEDORA
FEDORA
CONFIRM
magento — magento The getOrderByStatusUrlKey function in the Mage_Rss_Helper_Order class in app/code/core/Mage/Rss/Helper/Order.php in Magento Enterprise Edition before 1.14.2.3 and Magento Community Edition before 1.9.2.3 allows remote attackers to obtain sensitive order information via the order_id in a JSON object in the data parameter in an RSS feed request to index.php/rss/order/status. 2016-04-15 5.0 CVE-2016-2212
CONFIRM
BUGTRAQ
FULLDISC
MISC
MISC
openstack — tripleo_heat_templates The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors. 2016-04-15 5.0 CVE-2015-5271
CONFIRM
CONFIRM
CONFIRM
REDHAT
oracle — peoplesoft_enterprise_human_capital_management_human_resources Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via vectors related to Fusion HR Talent Integration. 2016-04-21 4.0 CVE-2016-0407
CONFIRM
oracle — peoplesoft_enterprise_peopletools Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 through 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to the Activity Guide sub-component. 2016-04-21 4.3 CVE-2016-0408
CONFIRM
oracle — micros_c2 Unspecified vulnerability in the Oracle Retail MICROS C2 component in Oracle Retail Applications 9.89.0.0 allows local users to affect confidentiality via vectors related to POS. 2016-04-21 4.6 CVE-2016-0469
CONFIRM
oracle — business_intelligence Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality and integrity via vectors related to Analytics Scorecard. 2016-04-21 5.8 CVE-2016-0479
CONFIRM
oracle — solaris Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect integrity via vectors related to the Automated Installer sub-component. 2016-04-21 4.3 CVE-2016-0623
CONFIRM
oracle — mysql Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect integrity and availability via vectors related to DML. 2016-04-21 4.9 CVE-2016-0640
CONFIRM
oracle — mysql Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect confidentiality and availability via vectors related to MyISAM. 2016-04-21 4.9 CVE-2016-0641
CONFIRM
oracle — mysql Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated. 2016-04-21 4.3 CVE-2016-0642
CONFIRM
oracle — mysql Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect confidentiality via vectors related to DML. 2016-04-21 4.0 CVE-2016-0643
CONFIRM
oracle — mysql Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect availability via vectors related to DDL. 2016-04-21 4.0 CVE-2016-0644
CONFIRM
oracle — mysql Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect availability via vectors related to DML. 2016-04-21 4.0 CVE-2016-0646
CONFIRM
oracle — mysql Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect availability via vectors related to FTS. 2016-04-21 4.0 CVE-2016-0647
CONFIRM
oracle — mysql Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect availability via vectors related to PS. 2016-04-21 4.0 CVE-2016-0648
CONFIRM
oracle — mysql Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect availability via vectors related to PS. 2016-04-21 4.0 CVE-2016-0649
CONFIRM
oracle — mysql Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect availability via vectors related to Replication. 2016-04-21 4.0 CVE-2016-0650
CONFIRM
oracle — flexcube_direct_banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.2 and 12.0.3 allows remote attackers to affect confidentiality and integrity via vectors related to Pre-Login. 2016-04-21 5.0 CVE-2016-0672
CONFIRM
oracle — siebel_ui_framework Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to UIF Open UI. 2016-04-21 4.9 CVE-2016-0673
CONFIRM
sierra_wireless — aleos ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vectors. 2016-04-21 4.3 CVE-2015-6479
MISC
squid — squid_cache The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the –with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message. 2016-04-19 4.3 CVE-2016-2390
CONFIRM
SECTRACK
MLIST
MLIST
CONFIRM
tibco — enterprise_message_service Buffer overflow in tibemsd in the server in TIBCO Enterprise Message Service (EMS) before 8.3.0 and EMS Appliance before 2.4.0 allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via crafted inbound data. 2016-04-20 6.5 CVE-2016-3628
CONFIRM
CONFIRM
videolan — vlc_media_player Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to “seek across EOF.” 2016-04-18 4.3 CVE-2016-3941
MLIST
CONFIRM
SECTRACK
xdelta — xdelta3 Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file. 2016-04-19 6.8 CVE-2014-9765
CONFIRM
UBUNTU
MLIST
MLIST
DEBIAN
SUSE
SUSE

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — hadoop Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the file. 2016-04-19 2.1 CVE-2015-1776
MLIST
dotcms — dotcms Cross-site scripting (XSS) vulnerability in lucene_search.jsp in dotCMS before 3.5.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the query parameter to c/portal/layout. 2016-04-18 3.5 CVE-2016-3971
FULLDISC
CONFIRM
drupal — block_class Cross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the “Administer block classes” permission to inject arbitrary web script or HTML via a class name. 2016-04-15 3.5 CVE-2016-3144
MISC
CONFIRM
gnupg — libgcrypt Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations. 2016-04-19 1.9 CVE-2015-7511
MLIST
UBUNTU
DEBIAN
DEBIAN
MISC
ipswitch — moveit_dmz Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading HTML files. 2016-04-15 3.5 CVE-2015-7676
MISC
FULLDISC
MISC
novell — leap openSUSE and SUSE Linux Enterprise Server 11 SP 1 use weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading files in the directory. 2016-04-18 2.1 CVE-2016-4036
CONFIRM
SUSE
oracle — business_intelligence Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to Analytics Web General. 2016-04-21 3.5 CVE-2016-0468
CONFIRM
oracle — mysql Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer. 2016-04-21 3.5 CVE-2016-0651
CONFIRM
oracle — mysql Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to FTS. 2016-04-21 3.5 CVE-2016-0653
CONFIRM
oracle — mysql Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to InnoDB, a different vulnerability than CVE-2016-0656. 2016-04-21 3.5 CVE-2016-0654
CONFIRM
oracle — mysql Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows local users to affect availability via vectors related to InnoDB. 2016-04-21 3.5 CVE-2016-0655
CONFIRM
oracle — mysql Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to InnoDB, a different vulnerability than CVE-2016-0654. 2016-04-21 3.5 CVE-2016-0656
CONFIRM
oracle — mysql Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect confidentiality via vectors related to JSON. 2016-04-21 3.5 CVE-2016-0657
CONFIRM
oracle — mysql Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Optimizer. 2016-04-21 3.5 CVE-2016-0658
CONFIRM
oracle — mysql Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Optimizer. 2016-04-21 3.5 CVE-2016-0659
CONFIRM
oracle — mysql Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Options. 2016-04-21 3.5 CVE-2016-0661
CONFIRM
oracle — mysql Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Partition. 2016-04-21 3.5 CVE-2016-0662
CONFIRM
oracle — mysql Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Performance Schema. 2016-04-21 3.5 CVE-2016-0663
CONFIRM
oracle — mysql Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Security: Encryption. 2016-04-21 3.5 CVE-2016-0665
CONFIRM
oracle — mysql Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect availability via vectors related to Security: Privileges. 2016-04-21 3.5 CVE-2016-0666
CONFIRM
xen — xen Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area. 2016-04-15 2.1 CVE-2016-3961
CONFIRM
CONFIRM
SECTRACK

Back to top

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
389_directory_server — slapd/ connection.c slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection. 2016-04-19

Not yet calculated

CVE-2016-0741
CONFIRM
CONFIRM
BID
REDHAT
CONFIRM
accuenergy — acuvim_ii_net_firmware The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover a cleartext mail-server password via unspecified vectors. 2016-04-21

Not yet calculated

CVE-2016-2294
MISC
accuenergy — acuvim_ii_net_firmware The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL. 2016-04-21

Not yet calculated

CVE-2016-2293
MISC
adobe — analytics_appmeasurement Cross-site scripting (XSS) vulnerability in Adobe Analytics AppMeasurement for Flash Library before 4.0.1, when debugTracking is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-04-22

Not yet calculated

CVE-2016-1036
CONFIRM
adobe — flash_player Use-after-free vulnerability in the TextField object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted text property, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8653, CVE-2015-8655, CVE-2015-8821, and CVE-2015-8822. 2016-04-22

Not yet calculated

CVE-2015-8823
CONFIRM
MISC
android — aosp_mail mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 supports file:///data attachments, which allows attackers to obtain sensitive information via a crafted application, aka internal bugs 7154234 and 26989185. 2016-04-17

Not yet calculated

CVE-2016-2425
CONFIRM
CONFIRM
CONFIRM
android — framework_component server/content/ContentService.java in the Framework component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a GET_ACCOUNTS permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 26094635. 2016-04-17

Not yet calculated

CVE-2016-2426
CONFIRM
CONFIRM
android — mediaserver libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for the android.permission.DUMP permission, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via a dump request, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27046057. 2016-04-17

Not yet calculated

CVE-2016-2416
CONFIRM
CONFIRM
CONFIRM
android — mediaserver media/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize a certain key-request data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26323455. 2016-04-17

Not yet calculated

CVE-2016-2419
CONFIRM
CONFIRM
android — mediaserver media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26914474. 2016-04-17

Not yet calculated

CVE-2016-2417
CONFIRM
CONFIRM
android — setup_wizard Setup Wizard in Android 5.1.x before 5.1.1 and 6.x before 2016-04-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26154410. 2016-04-17

Not yet calculated

CVE-2016-2421
CONFIRM
android — syncstorageengine server/content/SyncStorageEngine.java in SyncStorageEngine in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mismanages certain authority data, which allows attackers to cause a denial of service (reboot loop) via a crafted application, aka internal bug 26513719. 2016-04-17

Not yet calculated

CVE-2016-2424
CONFIRM
CONFIRM
android — telephony server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26303187. 2016-04-17

Not yet calculated

CVE-2016-2423
CONFIRM
CONFIRM
android — wi-fi Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not prevent use of a Wi-Fi CA certificate in an unrelated CA role, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324357. 2016-04-17

Not yet calculated

CVE-2016-2422
CONFIRM
CONFIRM
blackberry_enterprise_server_(bes) — management_console Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1917. 2016-04-22

Not yet calculated

CVE-2016-1918
CONFIRM
blackberry_enterprise_server_(bes) — management_console Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1918. 2016-04-22

Not yet calculated

CVE-2016-1917
CONFIRM
blackberry_enterprise_server_(bes) — management_console Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2016-04-22

Not yet calculated

CVE-2016-3126
CONFIRM
blackberry_enterprise_server_(bes) — management_console Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a certain Export IT screen. 2016-04-22

Not yet calculated

CVE-2016-1916
CONFIRM
cairo — cairo_image_compositor.c The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length. 2016-04-21

Not yet calculated

CVE-2016-3190
MLIST
CONFIRM
CONFIRM
SUSE
cisco — adaptive_security_appliance_(asa) The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 allows remote attackers to cause a denial of service (device reload) via crafted DHCPv6 packets, aka Bug ID CSCus23248. 2016-04-21

Not yet calculated

CVE-2016-1367
CISCO
cisco — aireos Cisco AireOS 4.1 through 7.4.120.0, 7.5.x, and 7.6.100.0 on Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device reload) via a crafted HTTP request, aka Bug ID CSCun86747. 2016-04-21

Not yet calculated

CVE-2016-1362
CISCO
cisco — ios The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 through 3.17 allows remote attackers to modify the system time via crafted packets, aka Bug ID CSCux46898. 2016-04-20

Not yet calculated

CVE-2016-1384
CISCO
cisco — wireless_lan_controller_(wlc) Buffer overflow in the redirection functionality in Cisco Wireless LAN Controller (WLC) Software 7.2 through 7.4 before 7.4.140.0(MD) and 7.5 through 8.0 before 8.0.115.0(ED) allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCus25617. 2016-04-21

Not yet calculated

CVE-2016-1363
CISCO
cisco — wireless_lan_controller_(wlc) Cisco Wireless LAN Controller (WLC) Software 7.4 before 7.4.130.0(MD) and 7.5, 7.6, and 8.0 before 8.0.110.0(ED) allows remote attackers to cause a denial of service (device reload) via crafted Bonjour traffic, aka Bug ID CSCur66908. 2016-04-21

Not yet calculated

CVE-2016-1364
CISCO
dotcms — sql_injection SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr. 2016-04-19

Not yet calculated

CVE-2016-3688
FULLDISC
FULLDISC
MISC
CONFIRM
ecava — integraxor CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. 2016-04-21

Not yet calculated

CVE-2016-2303
MISC
ecava — integraxor Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2016-04-21   CVE-2016-2305
MISC
ecava — integraxor Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages. 2016-04-21

Not yet calculated

CVE-2016-2302
MISC
ecava — integraxor Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. 2016-04-21

Not yet calculated

CVE-2016-2304
MISC
ecava — integraxor ecava_ integraxor 2016-04-21

Not yet calculated

CVE-2016-2300
MISC
ecava — integraxor SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2016-04-21

Not yet calculated

CVE-2016-2299
MISC
ecava — integraxor SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2016-04-21

Not yet calculated

CVE-2016-2301
MISC
ecava — integraxor The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network. 2016-04-21

Not yet calculatedNot yet calculated

CVE-2016-2306
MISC
emc — vipr_srm Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators. 2016-04-20

Not yet calculated

CVE-2016-0891
BUGTRAQ
foxit — reader_and_phantompdf Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of service (application crash) via a crafted content stream. 2016-04-22

Not yet calculated

CVE-2016-4061
CONFIRM
foxit — reader_and_phantompdf Foxit Reader and PhantomPDF before 7.3.4 on Windows improperly report format errors recursively, which allows remote attackers to cause a denial of service (application hang) via a crafted PDF. 2016-04-22

Not yet calculated

CVE-2016-4062
CONFIRM
foxit — reader_and_phantompdf The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted (1) JPEG, (2) GIF, or (3) BMP image. 2016-04-22

Not yet calculated

CVE-2016-4065
CONFIRM
MISC
MISC
MISC
foxit — reader_and_phantompdf Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to cause a denial of service (application crash) via unspecified vectors. 2016-04-22

Not yet calculated

CVE-2016-4060
CONFIRM
foxit — reader_and_phantompdf Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted FlateDecode stream in a PDF document. 2016-04-22

Not yet calculated

CVE-2016-4059
CONFIRM
MISC
foxit — reader_and_phantompdf Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via an object with a revision number of -1 in a PDF document. 2016-04-22

Not yet calculated

CVE-2016-4063
CONFIRM
MISC
MISC
foxit — reader_and_phantompdf Use-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge call. 2016-04-22

Not yet calculated

CVE-2016-4064
CONFIRM
MISC
gif2png_optipng gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file. 2016-04-20

Not yet calculated

CVE-2015-7802
CONFIRM
UBUNTU
CONFIRM
giflib — util/gif2rgb.c_in_gif2rgb Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file. 2016-04-21

Not yet calculated

CVE-2016-3977
CONFIRM
CONFIRM
CONFIRM
SUSE
MISC
hexchat — common/server.c The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. 2016-04-21 Not yet calculated CVE-2013-7449
CONFIRM
CONFIRM
CONFIRM
UBUNTU
CONFIRM
honeywell — uniformance_process_history_database_(phd) Buffer overflow in RDISERVER in Honeywell Uniformance Process History Database (PHD) R310, R320, and R321 allows remote attackers to cause a denial of service (service outage) via unspecified vectors. 2016-04-21

Not yet calculated

CVE-2016-2280
MISC
hpe — data_protector HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352. 2016-04-21

Not yet calculated

CVE-2016-2005
HP
hpe — data_protector HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353. 2016-04-21

Not yet calculated

CVE-2016-2006
HP
hpe — data_protector HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354. 2016-04-21

Not yet calculated

CVE-2016-2007
HP
hpe — data_protector HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors. 2016-04-21

Not yet calculated

CVE-2016-2004
CERT-VN
HP
hpe — data_protector HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors. 2016-04-21

Not yet calculated

CVE-2016-2008
HP
hpe — p9000 HPE P9000 Command View Advanced Edition Software (CVAE) 7.x and 8.x before 8.4.0-00 and XP7 CVAE 7.x and 8.x before 8.4.0-00 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. 2016-04-20

Not yet calculated

CVE-2016-2003
HP
hpe — vertica The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417. 2016-04-20

Not yet calculated

CVE-2016-2002
HP
MISC
java — bouncy_castle_crypto_apis asn1/cms/GCMParameters.java in the Bouncy Castle Crypto APIs 1.54 for Java, as used in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, has an improper AES-GCM-ICVlen value, which makes it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application, aka internal bug 26234568. 2016-04-17

Not yet calculated

CVE-2016-2427
CONFIRM
CONFIRM
CONFIRM
lemur — vehicle_monitors_bluedriver The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by leveraging access to a device inside or adjacent to the vehicle, as demonstrated by a CAN command to disrupt braking or steering. 2016-04-21

Not yet calculated

CVE-2016-2354
CERT-VN
lexmark — atl Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory. 2016-04-21

Not yet calculated

CVE-2016-3145
CONFIRM
libav_libavcodec/ituh263dec.c The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions. 2016-04-19

Not yet calculated

CVE-2015-5479
CONFIRM
CONFIRM
MISC
UBUNTU
libtiff — gif2tiff.c Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file. 2016-04-19

Not yet calculated

CVE-2016-3186
CONFIRM
SECTRACK
SUSE
micro_focus_novell — service_desk Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL. 2016-04-22

Not yet calculated

CVE-2016-1593
CONFIRM
MISC
MISC
micro_focus_novell — service_desk LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection attacks and obtain sensitive information via the entityName parameter. 2016-04-22

Not yet calculated

CVE-2016-1595
CONFIRM
MISC
MISC
micro_focus_novell — service_desk Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a (1) downloadLogFiles or (2) downloadFile action. 2016-04-22

Not yet calculated

CVE-2016-1594
CONFIRM
MISC
MISC
micro_focus_novell — service_desk Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain (1) user name, (2) tf_aClientFirstName, (3) tf_aClientLastName, (4) ta_selectedTopicContent, (5) tf_orgUnitName, (6) tf_aManufacturerFullName, (7) tf_aManufacturerName, (8) tf_aManufacturerAddress, or (9) tf_aManufacturerCity parameter. 2016-04-22

Not yet calculated

CVE-2016-1596
CONFIRM
MISC
MISC
oracle — berkeley_db Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0682, CVE-2016-0689, CVE-2016-0692, and CVE-2016-0694. 2016-04-21

Not yet calculated

CVE-2016-3418
CONFIRM
oracle — berkeley_db Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0682, CVE-2016-0689, CVE-2016-0692, and CVE-2016-3418. 2016-04-21

Not yet calculated

CVE-2016-0694
CONFIRM
oracle — berkeley_db Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0682, CVE-2016-0689, CVE-2016-0694, and CVE-2016-3418. 2016-04-21

Not yet calculated

CVE-2016-0692
CONFIRM
oracle — berkeley_db Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0682, CVE-2016-0692, CVE-2016-0694, and CVE-2016-3418. 2016-04-21

Not yet calculated

CVE-2016-0689
CONFIRM
oracle — berkeley_db Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0689, CVE-2016-0692, CVE-2016-0694, and CVE-2016-3418. 2016-04-21

Not yet calculated

CVE-2016-0682
CONFIRM
oracle — database_server Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. 2016-04-21

Not yet calculatedNot yet calculated

CVE-2016-3454
CONFIRM
oracle — database_server Unspecified vulnerability in the Oracle OLAP component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unspecified vectors. 2016-04-21

Not yet calculated

CVE-2016-0681
CONFIRM
oracle — database_server Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerability than CVE-2016-0690. 2016-04-21

Not yet calculated

CVE-2016-0691
CONFIRM
oracle — database_server Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerability than CVE-2016-0691. 2016-04-21

Not yet calculated

CVE-2016-0690
CONFIRM
oracle — database_server Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors. 2016-04-21

Not yet calculated

CVE-2016-0677
CONFIRM
oracle — e-business_suite Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows local users to affect confidentiality and integrity via unknown vectors. 2016-04-21

Not yet calculated

CVE-2016-0697
CONFIRM
oracle — e-business_suite Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Logout. 2016-04-21

Not yet calculated

CVE-2016-3434
CONFIRM
oracle — e-business_suite Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to OAF Core. 2016-04-21   CVE-2016-3447
CONFIRM
oracle — e-business_suite Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Tasks. 2016-04-21

Not yet calculated

CVE-2016-3436
CONFIRM
oracle — e-business_suite Unspecified vulnerability in the Oracle CRM Wireless component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Call Phone Number Page. 2016-04-21

Not yet calculated

CVE-2016-3439
CONFIRM
oracle — e-business_suite Unspecified vulnerability in the Oracle CRM Wireless component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Person Address Page. 2016-04-21

Not yet calculated

CVE-2016-3437
CONFIRM
oracle — e-business_suite Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Wireless. 2016-04-21

Not yet calculated

CVE-2016-3466
CONFIRM
oracle — financial_services Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.2 and 12.0.3 allows remote attackers to affect confidentiality and integrity via vectors related to the Login sub-component. 2016-04-21

Not yet calculated

CVE-2016-0699
CONFIRM
oracle — financial_services_software Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.3 allows remote attackers to affect confidentiality and integrity via vectors related to Pre-Login. 2016-04-21

Not yet calculated

CVE-2016-3463
CONFIRM
oracle — financial_services_software Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.3 allows remote authenticated users to affect confidentiality via vectors related to Accounts. 2016-04-21

Not yet calculated

CVE-2016-3464
CONFIRM
oracle — fusion_middleware Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 12.1.2.0 allows remote attackers to affect confidentiality via vectors related to OSSL Module. 2016-04-21

Not yet calculated

CVE-2016-0671
CONFIRM
oracle — fusion_middleware Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters. 2016-04-21

Not yet calculated

CVE-2016-3455
CONFIRM
oracle — fusion_middleware Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6 allows remote attackers to affect confidentiality and integrity via vectors related to Console. 2016-04-21

Not yet calculated

CVE-2016-0696
CONFIRM
oracle — fusion_middleware Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality and integrity via vectors related to Console. 2016-04-21

Not yet calculated

CVE-2016-3416
CONFIRM
oracle — fusion_middleware Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Console, a different vulnerability than CVE-2016-0675. 2016-04-21

Not yet calculated

CVE-2016-0700
CONFIRM
oracle — fusion_middleware Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Console, a different vulnerability than CVE-2016-0700. 2016-04-21

Not yet calculated

CVE-2016-0675
CONFIRM
oracle — fusion_middleware Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via vectors related to Core Components. 2016-04-21

Not yet calculated

CVE-2016-0688
CONFIRM
oracle — java_se Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D. 2016-04-21

Not yet calculated

CVE-2016-3422
CONFIRM
oracle — java_se Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. 2016-04-21

Not yet calculatedNot yet calculated

CVE-2016-3443
CONFIRM
oracle — java_se Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment. 2016-04-21

Not yet calculated

CVE-2016-3449
CONFIRM
oracle — java_se Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization. 2016-04-21

Not yet calculated

CVE-2016-0686
CONFIRM
oracle — java_se Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component. 2016-04-21

Not yet calculated

CVE-2016-0687
CONFIRM
oracle — java_se Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP. 2016-04-21

Not yet calculated

CVE-2016-3425
CONFIRM
oracle — java_se Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security. 2016-04-21

Not yet calculated

CVE-2016-0695
CONFIRM
oracle — java_se Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. 2016-04-21

Not yet calculated

CVE-2016-3427
CONFIRM
oracle — java_se Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE. 2016-04-21

Not yet calculated

CVE-2016-3426
CONFIRM
oracle — mysql_3.0.25 Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality, integrity, and availability via vectors related to Monitoring: Server. 2016-04-21

Not yet calculated

CVE-2016-3461
CONFIRM
oracle — mysql_5.6.28 Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to InnoDB. 2016-04-21

Not yet calculated

CVE-2016-0668
CONFIRM
oracle — mysql_5.7.10 Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to DML. 2016-04-21

Not yet calculated

CVE-2016-0652
CONFIRM
oracle — mysql_5.7.11 Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Locking. 2016-04-21

Not yet calculated

CVE-2016-0667
CONFIRM
oracle — peoplesoft_enterprise_peopletools Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to PIA Search Functionality. 2016-04-21

Not yet calculated

CVE-2016-3417
CONFIRM
oracle — peoplesoft_products Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to ePerformance. 2016-04-21

Not yet calculated

CVE-2016-3460
CONFIRM
oracle — peoplesoft_products Unspecified vulnerability in the PeopleSoft Enterprise HCM ePerformance component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to Security. 2016-04-21

Not yet calculated

CVE-2016-3457
CONFIRM
oracle — peoplesoft_products Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect availability via vectors related to PIA Core Technology. 2016-04-21

Not yet calculated

CVE-2016-3435
CONFIRM
oracle — peoplesoft_products Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to File Processing. 2016-04-21

Not yet calculated

CVE-2016-0685
CONFIRM
oracle — peoplesoft_products Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to Portal. 2016-04-21   CVE-2016-3442
CONFIRM
oracle — peoplesoft_products Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to Rich Text Editor, a different vulnerability than CVE-2016-0698. 2016-04-21

Not yet calculated

CVE-2016-3423
CONFIRM
oracle — peoplesoft_products Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to Rich Text Editor, a different vulnerability than CVE-2016-3423. 2016-04-21

Not yet calculated

CVE-2016-0698
CONFIRM
oracle — peoplesoft_products Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to Search Framework. 2016-04-21

Not yet calculated

CVE-2016-0683
CONFIRM
oracle — peoplesoft_products Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Activity Guide. 2016-04-21

Not yet calculated

CVE-2016-3421
CONFIRM
oracle — peoplesoft_products Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect integrity and availability via vectors related to PIA Grids. 2016-04-21

Not yet calculated

CVE-2016-0679
CONFIRM
oracle — peoplesoft_products Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to Services Procurement. 2016-04-21

Not yet calculated

CVE-2016-0680
CONFIRM
oracle — retail_applications Unspecified vulnerability in the Oracle Retail Xstore Point of Service component in Oracle Retail Applications 5.0, 5.5, 6.0, 6.5, 7.0, and 7.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Xstore Services. 2016-04-21

Not yet calculated

CVE-2016-3429
CONFIRM
oracle — retail_applicat_retail_applications Unspecified vulnerability in the Oracle Retail MICROS ARS POS component in Oracle Retail Applications 1.5 allows remote authenticated users to affect confidentiality via vectors related to POS. 2016-04-21

Not yet calculated

CVE-2016-0684
CONFIRM
oracle — siebel_core Unspecified vulnerability in the Siebel Core – Common Components component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows local users to affect confidentiality and integrity via vectors related to Email. 2016-04-21

Not yet calculated

CVE-2016-0674
CONFIRM
oracle — sun_solaris Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to the kernel. 2016-04-21

Not yet calculated

CVE-2016-0676
CONFIRM
oracle — sun_solaris Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to Filesystem. 2016-04-21

Not yet calculated

CVE-2016-3419
CONFIRM
oracle — sun_solaris Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Filesystem. 2016-04-21

Not yet calculated

CVE-2016-3441
CONFIRM
oracle — sun_solaris Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the PAM LDAP module. 2016-04-21

Not yet calculated

CVE-2016-0693
CONFIRM
oracle — sun_solaris Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Network Configuration Service. 2016-04-21

Not yet calculated

CVE-2016-3462
CONFIRM
oracle — sun_solaris Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to ZFS. 2016-04-21

Not yet calculated

CVE-2016-3465
CONFIRM
oracle — sun_solaris Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Fwflash. 2016-04-21

Not yet calculated

CVE-2016-0669
CONFIRM
oracle — supply_chain_products_suite Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect availability via vectors related to Engineering Communication Interface. 2016-04-21

Not yet calculated

CVE-2016-3428
CONFIRM
oracle — supply_chain_products_suite Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.1, 9.3.1.2, 9.3.2, and 9.3.3 allows remote authenticated users to affect confidentiality and integrity via vectors related to Security, a different vulnerability than CVE-2016-3420. 2016-04-21

Not yet calculated

CVE-2016-3431
CONFIRM
oracle — supply_chain_products_suite Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.1, 9.3.1.2, 9.3.2, and 9.3.3 allows remote authenticated users to affect confidentiality and integrity via vectors related to Security, a different vulnerability than CVE-2016-3431. 2016-04-21

Not yet calculated

CVE-2016-3420
CONFIRM
oracle — supply_chain_products_suite Unspecified vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul component in Oracle Supply Chain Products Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Dialog Box. 2016-04-21

Not yet calculated

CVE-2016-3456
CONFIRM
oracle — supply_chain_products_suite Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to JRAD Heartbeat. 2016-04-21

Not yet calculated

CVE-2016-3438
CONFIRM
oracle — virtualization_virtualbox Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vectors related to Core. 2016-04-21

Not yet calculated

CVE-2016-0678
CONFIRM
samba — dce-rpc_layer Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors. 2016-04-24

Not yet calculated

CVE-2015-5370
CONFIRM
samba — ldap_client_library The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the “client ldap sasl wrapping” setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream. 2016-04-24

Not yet calculated

CVE-2016-2112
CONFIRM
samba — netlogon The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel’s endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005. 2016-04-24

Not yet calculated

CVE-2016-2111
CONFIRM
samba — ntlmssp The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security. 2016-04-24

Not yet calculated

CVE-2016-2110
CONFIRM
samba — samba Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream. 2016-04-24

Not yet calculated

CVE-2016-2115
CONFIRM
samba — smbl_protocol_implementation The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the “server signing = mandatory” setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream. 2016-04-24

Not yet calculated

Not yet calculated

CVE-2016-2114
CONFIRM
samba — tls_servers Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate. 2016-04-24

Not yet calculated

CVE-2016-2113
CONFIRM
symantec — management_agent The Inventory Solution component in the Management Agent in the client in Symantec Altiris IT Management Suite (ITMS) through 7.6 HF7 allows local users to bypass intended application-blacklist restrictions via unspecified vectors. 2016-04-20

Not yet calculated

CVE-2016-2202
CONFIRM
BID
symantec — messaging_gateway_(smg)_appliance The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges. 2016-04-22

Not yet calculated

CVE-2016-2203
CONFIRM
BID
symantec — messaging_gateway_(smg)_appliance The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. 2016-04-22

Not yet calculated

CVE-2016-2204
CONFIRM
BID
systemd_ tmpfiles.d/systemd.conf tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file. 2016-04-20

Not yet calculated

CVE-2015-8842
CONFIRM
CONFIRM
MLIST
MLIST
SUSE
systemd_tmpfiles.d/systemd.conf tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files. 2016-04-20

Not yet calculated

CVE-2014-9770
CONFIRM
MLIST
MLIST
SUSE
wireshark — epan/dissectors/packet-gsm_cbch.c_in_the_gsm_cbch_dissector epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet. 2016-04-25

Not yet calculated

CVE-2016-4082
CONFIRM
CONFIRM
CONFIRM
wireshark — epan/dissectors/packet-iax2.c_in_the_iax2_dissector epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2016-04-25

Not yet calculated

CVE-2016-4081
CONFIRM
CONFIRM
CONFIRM
wireshark — epan/dissectors/packet-mswsp.c_in_the_ms-wsp Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and application crash) via a crafted packet that triggers an unexpected array size. 2016-04-25

Not yet calculated

CVE-2016-4084
CONFIRM
CONFIRM
CONFIRM
wireshark — epan/dissectors/packet-mswsp.c_in_the_ms-wsp_dissector epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-04-25

Not yet calculated

CVE-2016-4083
CONFIRM
CONFIRM
CONFIRM
wireshark — epan/dissectors/packet-ncp2222.inc epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-04-25

Not yet calculated

CVE-2016-4076
CONFIRM
CONFIRM
CONFIRM
wireshark — epan/dissectors/packet-ncp2222.inc_in_the_ncp_dissector Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet. 2016-04-25

Not yet calculated

CVE-2016-4085
CONFIRM
CONFIRM
CONFIRM
wireshark — epan/dissectors/packet-pktc.c_in_the_pktc_dissector epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet. 2016-04-25

Not yet calculated

CVE-2016-4079
CONFIRM
CONFIRM
CONFIRM
wireshark — epan/dissectors/packet-pktc.c_in_the_pktc_dissector epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. 2016-04-25

Not yet calculated

CVE-2016-4080
CONFIRM
CONFIRM
CONFIRM
wireshark — epan/proto.c epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet. 2016-04-25

Not yet calculated

CVE-2016-4006
CONFIRM
CONFIRM
CONFIRM
wireshark — epan/reassemble.c_in_tshark epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. 2016-04-25

Not yet calculated

CVE-2016-4077
CONFIRM
MISC
CONFIRM
CONFIRM
wireshark — ieee_802.11_dissector The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c. 2016-04-25

Not yet calculated

CVE-2016-4078
CONFIRM
CONFIRM
CONFIRM
CONFIRM

Back to top

 


This product is provided subject to this Notification and this Privacy & Use policy.

FTC Releases Alert on Earthquake Disaster Email Scams

Original release date: April 20, 2016

The Federal Trade Commission (FTC) has released an alert on email scams that cite the recent earthquakes in Ecuador and Japan. The scam emails may contain links or attachments that direct users to phishing or malware-infected websites. Donation requests from fraudulent charitable organizations commonly appear after major natural disasters.

US-CERT encourages users to take the following measures to protect themselves:

  • Review the FTC alert and their information on Charity Scams.
  • Do not follow unsolicited web links or attachments in email messages.
  • Keep antivirus and other computer software up-to-date.
  • Check this Better Business Bureau (BBB) list for Ecuador Earthquake Relief before making any donations to this cause.
  • Verify the legitimacy of any email solicitation by contacting the organization directly through a trusted contact number. You can find trusted contact information for many charities on the BBB’s National Charity Report Index.
  • Refer to Security Tip ST04-014 – Avoiding Social Engineering and Phishing Attacks – for more information on social engineering attacks.

This product is provided subject to this Notification and this Privacy & Use policy.