Category Archives: US-CERT

US-CERT Alerts – Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

Cisco Releases Security Updates

Original release date: April 20, 2016

Cisco has released security updates to address vulnerabilities in multiple products. Exploitation of these vulnerabilities could allow a remote attacker to cause a denial-of-service condition on an affected system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:


This product is provided subject to this Notification and this Privacy & Use policy.

Oracle Releases Security Bulletin

Original release date: April 19, 2016

Oracle has released its Critical Patch Update for April 2016 to address 136 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Oracle April 2016 Critical Patch Update and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Symantec Releases Security Updates

Original release date: April 19, 2016

Symantec has released security updates to address vulnerabilities in its Messaging Gateway (SMG) Appliance software. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Symantec Security Advisory and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

SB16-109: Vulnerability Summary for the Week of April 11, 2016

Original release date: April 18, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — flash_player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1013, CVE-2016-1016, CVE-2016-1017, and CVE-2016-1031. 2016-04-08 10.0 CVE-2016-1011
CONFIRM
adobe — flash_player Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. 2016-04-08 10.0 CVE-2016-1012
CONFIRM
adobe — flash_player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1016, CVE-2016-1017, and CVE-2016-1031. 2016-04-08 10.0 CVE-2016-1013
CONFIRM
adobe — flash_player Untrusted search path vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows local users to gain privileges via a Trojan horse resource in an unspecified directory. 2016-04-08 7.2 CVE-2016-1014
CONFIRM
adobe — flash_player Use-after-free vulnerability in the Transform object implementation in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via a flash.geom.Matrix callback, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1017, and CVE-2016-1031. 2016-04-08 9.3 CVE-2016-1016
CONFIRM
MISC
adobe — flash_player Use-after-free vulnerability in the LoadVars.decode function in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1031. 2016-04-08 9.3 CVE-2016-1017
CONFIRM
MISC
adobe — flash_player Stack-based buffer overflow in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via crafted JPEG-XR data. 2016-04-08 9.3 CVE-2016-1018
CONFIRM
MISC
adobe — flash_player Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. 2016-04-08 10.0 CVE-2016-1020
CONFIRM
adobe — flash_player Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. 2016-04-08 10.0 CVE-2016-1021
CONFIRM
adobe — flash_player Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. 2016-04-08 10.0 CVE-2016-1022
CONFIRM
adobe — flash_player Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. 2016-04-08 10.0 CVE-2016-1023
CONFIRM
adobe — flash_player Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. 2016-04-08 10.0 CVE-2016-1024
CONFIRM
adobe — flash_player Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. 2016-04-08 10.0 CVE-2016-1025
CONFIRM
adobe — flash_player Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. 2016-04-08 10.0 CVE-2016-1026
CONFIRM
adobe — flash_player Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. 2016-04-08 10.0 CVE-2016-1027
CONFIRM
adobe — flash_player Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. 2016-04-08 10.0 CVE-2016-1028
CONFIRM
adobe — flash_player Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1032, and CVE-2016-1033. 2016-04-08 10.0 CVE-2016-1029
CONFIRM
adobe — flash_player Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to bypass intended access restrictions via unspecified vectors. 2016-04-08 10.0 CVE-2016-1030
CONFIRM
adobe — flash_player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1017. 2016-04-08 10.0 CVE-2016-1031
CONFIRM
adobe — flash_player Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, and CVE-2016-1033. 2016-04-08 10.0 CVE-2016-1032
CONFIRM
adobe — flash_player Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, and CVE-2016-1032. 2016-04-08 10.0 CVE-2016-1033
CONFIRM
apache — apache_directory_studio The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet. 2016-04-11 9.3 CVE-2015-5349
CONFIRM
BUGTRAQ
apache — struts Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a “%{}” sequence in a tag attribute, aka forced double OGNL evaluation. 2016-04-12 10.0 CVE-2016-0785
SECTRACK
CONFIRM
apache — ofbiz Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. 2016-04-12 7.5 CVE-2016-2170
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
BUGTRAQ
MISC
avast — avast_free_antivirus Heap-based buffer overflow in the Avast virtualization driver (aswSnx.sys) in Avast Internet Security, Pro Antivirus, Premier, and Free Antivirus before 11.1.2253 allows local users to gain privileges via a Unicode file path in an IOCTL request. 2016-04-13 10.0 CVE-2015-8620
MISC
SECTRACK
FULLDISC
MISC
claws-mail — claws-mail Stack-based buffer overflow in the conv_euctojis function in codeconv.c in Claws Mail 3.13.1 allows remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8614. 2016-04-11 7.5 CVE-2015-8708
MLIST
drupal — drupal The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a “reflected file download vulnerability.” 2016-04-12 8.5 CVE-2016-3168
CONFIRM
MLIST
MLIST
DEBIAN
git-scm — git revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow. 2016-04-08 10.0 CVE-2016-2315
CONFIRM
CONFIRM
CONFIRM
SECTRACK
MLIST
SUSE
SUSE
SUSE
SUSE
git-scm — git Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. 2016-04-08 10.0 CVE-2016-2324
CONFIRM
CONFIRM
MLIST
SUSE
SUSE
SUSE
SUSE
huawei — p7_firmware Integer overflow in Huawei P7 phones with software before P7-L07 V100R001C01B606 allows remote attackers to gain privileges via a crafted application with the system or camera permission. 2016-04-13 9.3 CVE-2015-8304
CONFIRM
huawei — mate_s_firmware Integer overflow in the graphics drivers in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, which triggers a heap-based buffer overflow. 2016-04-13 9.3 CVE-2016-1495
CONFIRM
huawei — p8_firmware The graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 allows attackers to cause a denial of service (system crash) via a crafted application, aka a “semaphore deadlock issue.” 2016-04-13 7.1 CVE-2016-1496
CONFIRM
huawei — policy_center_firmware Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to gain privileges and cause a denial of service (system crash) via a crafted URL. 2016-04-12 9.0 CVE-2016-2405
CONFIRM
huawei — s5300_firmware Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 allow remote attackers to cause a denial of service (switch restart) via crafted traffic. 2016-04-11 7.8 CVE-2016-3678
CONFIRM
kamailio — kamailio Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memory corruption and process crash) or possibly execute arbitrary code via a large SIP packet. 2016-04-11 10.0 CVE-2016-2385
EXPLOIT-DB
CONFIRM
MISC
BUGTRAQ
CONFIRM
DEBIAN
DEBIAN
MISC
lenovo — fingerprint_manager Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating local checks. 2016-04-11 7.2 CVE-2016-2393
CONFIRM
microsoft — windows_10 Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka “Hyper-V Remote Code Execution Vulnerability.” 2016-04-12 7.2 CVE-2016-0088
MS
microsoft — excel Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.” 2016-04-12 9.3 CVE-2016-0122
MS
microsoft — office Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.” 2016-04-12 9.3 CVE-2016-0127
MS
microsoft — windows_10 The Secondary Logon Service in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Secondary Logon Elevation of Privilege Vulnerability.” 2016-04-12 7.2 CVE-2016-0135
MS
microsoft — excel Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.” 2016-04-12 9.3 CVE-2016-0136
MS
microsoft — excel Microsoft Excel 2010 SP2, Word for Mac 2011, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.” 2016-04-12 9.3 CVE-2016-0139
MS
microsoft — windows_10 The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0165 and CVE-2016-0167. 2016-04-12 7.2 CVE-2016-0143
MS
microsoft — .net_framework The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold and 1511; Office 2007 SP3 and 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, and 3.5.1; Skype for Business 2016; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka “Graphics Memory Corruption Vulnerability.” 2016-04-12 9.3 CVE-2016-0145
MS
microsoft — xml_core_services Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka “MSXML 3.0 Remote Code Execution Vulnerability.” 2016-04-12 9.3 CVE-2016-0147
MS
microsoft — .net_framework Microsoft .NET Framework 4.6 and 4.6.1 mishandles library loading, which allows local users to gain privileges via a crafted application, aka “.NET Framework Remote Code Execution Vulnerability.” 2016-04-12 7.2 CVE-2016-0148
MS
microsoft — windows_10 HTTP.sys in Microsoft Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via crafted HTTP 2.0 requests, aka “HTTP.sys Denial of Service Vulnerability.” 2016-04-12 7.8 CVE-2016-0150
MS
microsoft — windows_10 The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka “Windows CSRSS Security Feature Bypass Vulnerability.” 2016-04-12 7.2 CVE-2016-0151
MS
microsoft — windows_7 OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows remote attackers to execute arbitrary code via a crafted file, aka “Windows OLE Remote Code Execution Vulnerability.” 2016-04-12 9.3 CVE-2016-0153
MS
microsoft — edge Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability.” 2016-04-12 7.6 CVE-2016-0154
MS
MS
microsoft — edge Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0156 and CVE-2016-0157. 2016-04-12 7.6 CVE-2016-0155
MS
microsoft — edge Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0155 and CVE-2016-0157. 2016-04-12 7.6 CVE-2016-0156
MS
microsoft — edge Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0155 and CVE-2016-0156. 2016-04-12 7.6 CVE-2016-0157
MS
microsoft — internet_explorer Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2016-04-12 7.6 CVE-2016-0159
MS
microsoft — internet_explorer Microsoft Internet Explorer 11 mishandles DLL loading, which allows local users to gain privileges via a crafted application, aka “DLL Loading Remote Code Execution Vulnerability.” 2016-04-12 7.2 CVE-2016-0160
MS
microsoft — internet_explorer Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2016-04-12 7.6 CVE-2016-0164
MS
microsoft — windows_10 The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0143 and CVE-2016-0167. 2016-04-12 7.2 CVE-2016-0165
MS
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2016-04-12 7.6 CVE-2016-0166
MS
microsoft — windows_10 The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0143 and CVE-2016-0165. 2016-04-12 7.2 CVE-2016-0167
MS
oar_project — oar The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options. 2016-04-11 9.0 CVE-2016-1235
CONFIRM
CONFIRM
DEBIAN
otr — pidgin-otr Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the “Authenticate buddy” menu item. 2016-04-11 10.0 CVE-2015-8833
MLIST
CONFIRM
CONFIRM
CONFIRM
MISC
MLIST
MLIST
paloaltonetworks — pan-os The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call. 2016-04-12 10.0 CVE-2016-3655
CONFIRM
paloaltonetworks — pan-os Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to cause a denial of service (device crash) or possibly execute arbitrary code via an SSL VPN request. 2016-04-12 10.0 CVE-2016-3657
CONFIRM
postgresql — postgresql The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service (server crash) via a crafted bytea value in a BRIN index page. 2016-04-11 8.5 CVE-2016-3065
CONFIRM
SECTRACK
CONFIRM
CONFIRM
prepopulate_project — prepopulate The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the REQUEST superglobal array, and consequently have unspecified impact, via a base64-encoded pp parameter. 2016-04-08 7.5 CVE-2016-3187
MISC
CONFIRM
CONFIRM
prepopulate_project — prepopulate The _prepopulate_request_walk function in the Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the (1) actions, (2) container, (3) token, (4) password, (5) password_confirm, (6) text_format, or (7) markup field type, and consequently have unspecified impact, via unspecified vectors. 2016-04-08 7.5 CVE-2016-3188
MISC
CONFIRM
CONFIRM
redhat — openstack The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the default credentials. 2016-04-11 7.5 CVE-2015-5329
REDHAT
spip — spip SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function. 2016-04-08 7.5 CVE-2016-3153
CONFIRM
CONFIRM
DEBIAN
spip — spip The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object. 2016-04-08 7.5 CVE-2016-3154
CONFIRM
CONFIRM
DEBIAN

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — robohelp Adobe RoboHelp Server 9 before 9.0.1 mishandles SQL queries, which allows attackers to obtain sensitive information via unspecified vectors. 2016-04-12 5.0 CVE-2016-1035
CONFIRM
apache — ranger Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header. 2016-04-11 4.3 CVE-2015-0265
MLIST
CONFIRM
MISC
BID
apache — ranger The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs. 2016-04-11 6.5 CVE-2015-0266
MLIST
CONFIRM
MISC
BID
apache — ofbiz Cross-site scripting (XSS) vulnerability in the DisplayEntityField.getDescription method in ModelFormField.java in Apache OFBiz before 12.04.06 and 13.07.x before 13.07.03 allows remote attackers to inject arbitrary web script or HTML via the description attribute of a display-entity element. 2016-04-12 4.3 CVE-2015-3268
CONFIRM
CONFIRM
CONFIRM
CONFIRM
BUGTRAQ
MISC
apache — ranger The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API. 2016-04-12 4.0 CVE-2015-5167
MLIST
CONFIRM
BID
apache — wicket Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 might allow remote attackers to inject arbitrary web script or HTML via a ModalWindow title. 2016-04-12 4.3 CVE-2015-5347
CONFIRM
SECTRACK
CONFIRM
apache — wicket Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted “value” attribute in a <input> element. 2016-04-12 4.3 CVE-2015-7520
SECTRACK
CONFIRM
apache — openmeetings The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time. 2016-04-11 5.0 CVE-2016-0783
CONFIRM
CONFIRM
BUGTRAQ
MISC
MISC
apache — openmeetings Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry. 2016-04-11 4.0 CVE-2016-0784
CONFIRM
EXPLOIT-DB
CONFIRM
BUGTRAQ
MLIST
MISC
MISC
apache — struts Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display. 2016-04-12 4.3 CVE-2016-2162
SECTRACK
CONFIRM
apache — openmeetings Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event. 2016-04-11 4.3 CVE-2016-2163
CONFIRM
CONFIRM
BUGTRAQ
MISC
apache — openmeetings The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file. 2016-04-11 5.0 CVE-2016-2164
CONFIRM
CONFIRM
BUGTRAQ
MISC
apache — qpid_proton The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors. 2016-04-12 5.8 CVE-2016-2166
CONFIRM
CONFIRM
CONFIRM
BUGTRAQ
MISC
apache — jetspeed The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the REST API. 2016-04-11 6.4 CVE-2016-2171
CONFIRM
MLIST
MISC
apache — struts Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter. 2016-04-12 4.3 CVE-2016-4003
CONFIRM
SECTRACK
CONFIRM
atlassian — confluence Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check. 2016-04-11 4.3 CVE-2015-8398
BUGTRAQ
atlassian — confluence Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action. 2016-04-11 4.0 CVE-2015-8399
BUGTRAQ
cacti — cacti SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action. 2016-04-12 6.5 CVE-2016-3172
MLIST
MLIST
MISC
cacti — cacti SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter. 2016-04-11 6.5 CVE-2016-3659
FULLDISC
MISC
MISC
cisco — ip_interoperability_and_collaboration_system Cross-site scripting (XSS) vulnerability in Cisco IP Interoperability and Collaboration System 4.10(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy12339. 2016-04-08 4.3 CVE-2016-1375
CISCO
cisco — unity_connection Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776. 2016-04-12 4.3 CVE-2016-1377
CISCO
dhcpcd_project — dhcpcd The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response. 2016-04-11 5.0 CVE-2012-6698
CONFIRM
CONFIRM
MLIST
MLIST
DEBIAN
dhcpcd_project — dhcpcd The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response. 2016-04-11 5.0 CVE-2012-6699
CONFIRM
CONFIRM
MLIST
MLIST
DEBIAN
dhcpcd_project — dhcpcd The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response. 2016-04-11 5.0 CVE-2012-6700
CONFIRM
CONFIRM
MLIST
MLIST
DEBIAN
django — django The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://[email protected]. 2016-04-08 4.3 CVE-2016-2512
CONFIRM
CONFIRM
REDHAT
drupal — drupal Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, related to path manipulation. 2016-04-12 5.8 CVE-2016-3164
CONFIRM
MLIST
MLIST
DEBIAN
drupal — drupal The Form API in Drupal 6.x before 6.38 ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has “#access” set to FALSE in the server-side form definition. 2016-04-12 5.0 CVE-2016-3165
CONFIRM
MLIST
MLIST
DEBIAN
drupal — drupal CRLF injection vulnerability in the drupal_set_header function in Drupal 6.x before 6.38, when used with PHP before 5.1.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers. 2016-04-12 4.3 CVE-2016-3166
CONFIRM
MLIST
MLIST
DEBIAN
drupal — drupal Open redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the “destination” parameter. 2016-04-12 5.8 CVE-2016-3167
CONFIRM
MLIST
MLIST
DEBIAN
drupal — drupal The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array. 2016-04-12 6.8 CVE-2016-3169
CONFIRM
MLIST
MLIST
DEBIAN
drupal — drupal The “have you forgotten your password” links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in. 2016-04-12 5.0 CVE-2016-3170
CONFIRM
MLIST
MLIST
DEBIAN
drupal — drupal Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation. 2016-04-12 6.8 CVE-2016-3171
CONFIRM
MLIST
MLIST
DEBIAN
fortinet — fortios The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the “redirect” parameter to “login.” 2016-04-08 4.3 CVE-2016-3978
SECTRACK
CONFIRM
FULLDISC
google — kubernetes Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name. 2016-04-11 5.0 CVE-2015-7528
CONFIRM
CONFIRM
CONFIRM
REDHAT
REDHAT
huawei — policy_center_firmware SQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to system databases. 2016-04-11 6.5 CVE-2016-3675
CONFIRM
huawei — e3276s_firmware Huawei E3276s USB modems with software before E3276s-150TCPU-V200R002B436D09SP00C00 allow man-in-the-middle attackers to intercept, spoof, or modify network traffic via unspecified vectors related to a fake network. 2016-04-11 5.8 CVE-2016-3676
CONFIRM
jasper_project — jasper Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137. 2016-04-13 6.8 CVE-2016-1577
CONFIRM
UBUNTU
MLIST
jasper_project — jasper Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file. 2016-04-13 4.3 CVE-2016-2116
CONFIRM
UBUNTU
MLIST
lenovo — emc_firmware The management interface in LenovoEMC EZ Media & Backup (hm3), ix2/ix2-dl, ix4-300d, px12-400r/450r, px6-300d, px2-300d, px4-300r, px4-400d, px4-400r, and px4-300d NAS devices with firmware before 4.1.204.33661 allows remote attackers to obtain sensitive device information via unspecified vectors. 2016-04-11 5.0 CVE-2015-8108
CONFIRM
mantisbt — mantisbt Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request. 2016-04-11 5.0 CVE-2014-9759
CONFIRM
CONFIRM
MLIST
MLIST
mcafee — advanced_threat_defense McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process. 2016-04-08 5.0 CVE-2016-3983
CONFIRM
microsoft — windows_10 The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka “Windows SAM and LSAD Downgrade Vulnerability” or “BADLOCK.” 2016-04-12 4.3 CVE-2016-0128
MS
MISC
microsoft — edge Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka “Microsoft Edge Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0161. 2016-04-12 4.3 CVE-2016-0158
MS
microsoft — edge Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka “Microsoft Edge Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0158. 2016-04-12 4.3 CVE-2016-0161
MS
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka “Internet Explorer Information Disclosure Vulnerability.” 2016-04-12 4.3 CVE-2016-0162
MS
paloaltonetworks — pan-os The GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote attackers to cause a denial of service (service crash) via a crafted request. 2016-04-12 5.0 CVE-2016-3656
CONFIRM
postgresql — postgresql PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role. 2016-04-11 5.0 CVE-2016-2193
CONFIRM
CONFIRM
CONFIRM
puppetlabs — puppet_enterprise Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protection mechanism by leveraging the Puppet communications protocol. 2016-04-11 6.5 CVE-2015-7330
CONFIRM
SECTRACK
qemu — qemu Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance crash) via an invalid opcode in a SCSI command descriptor block. 2016-04-11 4.3 CVE-2015-5158
GENTOO
MLIST
SECTRACK
BID
redhat — enterprise_linux The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors. 2016-04-08 5.0 CVE-2015-5229
CONFIRM
CONFIRM
CONFIRM
REDHAT
samba — samba The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka “BADLOCK.” 2016-04-12 4.3 CVE-2016-2118
CONFIRM
sap — java_as The Java Startup Framework (aka jstart) in SAP JAVA AS 7.4 allows remote attackers to cause a denial of service via a crafted HTTP request, aka SAP Security Note 2259547. 2016-04-08 5.0 CVE-2016-3980
MISC
siemens — scalance_s613 Siemens SCALANCE S613 allows remote attackers to cause a denial of service (web-server outage) via traffic to TCP port 443. 2016-04-08 5.0 CVE-2016-3963
CONFIRM
silverstripe — silverstripe Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm. 2016-04-13 4.3 CVE-2015-8606
CONFIRM
MLIST
MLIST
MLIST
FULLDISC
zimbra — zimbra_collaboration_server Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest. 2016-04-08 6.8 CVE-2015-6541
EXPLOIT-DB
CONFIRM
FULLDISC

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
django — django The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests. 2016-04-08 2.6 CVE-2016-2513
CONFIRM
CONFIRM
REDHAT
microsoft — windows_10 Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka “Hyper-V Information Disclosure Vulnerability.” 2016-04-12 2.1 CVE-2016-0089
MS
microsoft — windows_10 Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka “Hyper-V Information Disclosure Vulnerability.” 2016-04-12 2.1 CVE-2016-0090
MS
novell — leap The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments. 2016-04-08 2.1 CVE-2015-5969
SUSE
CONFIRM
SUSE
SUSE
SUSE
qemu — qemu The net_checksum_calculate function in net/checksum.c in QEMU allows guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. 2016-04-11 2.1 CVE-2016-2857
MLIST
MLIST
CONFIRM

Back to top

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — creative_cloud_desktop The Sync Process in the JavaScript API for Creative Cloud Libraries in Adobe Creative Cloud Desktop Application before 3.6.0.244 allows remote attackers to read or write to arbitrary files via unspecified vectors. 2016-04-12 not yet calculated CVE-2016-1034
CONFIRM
android — aosp_mail mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 supports file:///data attachments, which allows attackers to obtain sensitive information via a crafted application, aka internal bugs 7154234 and 26989185. 2016-04-17 not yet calculated CVE-2016-2425
CONFIRM
CONFIRM
CONFIRM
android — autodiscover exchange/eas/EasAutoDiscover.java in the Autodiscover implementation in Exchange ActiveSync in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to obtain sensitive information via a crafted application that triggers a spoofed response to a GET request, aka internal bug 26488455. 2016-04-17 not yet calculated CVE-2016-2415
CONFIRM
CONFIRM
android — bluetooth The PORCHE_PAIRING_CONFLICT feature in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to bypass intended pairing restrictions via a crafted device, aka internal bug 26551752. 2016-04-17 not yet calculated CVE-2016-0850
CONFIRM
CONFIRM
android — dhcpcd dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634. 2016-04-17 not yet calculated CVE-2016-1503
CONFIRM
CONFIRM
CONFIRM
android — download_manager Race condition in Download Manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to bypass private-storage file-access restrictions via a crafted application that changes a symlink target, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26211054. 2016-04-17 not yet calculated CVE-2016-0848
CONFIRM
CONFIRM
android — framework server/content/ContentService.java in the Framework component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a GET_ACCOUNTS permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 26094635. 2016-04-17 not yet calculated CVE-2016-2426
CONFIRM
CONFIRM
android — imemory libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26877992. 2016-04-17 not yet calculated CVE-2016-0846
CONFIRM
CONFIRM
android — java asn1/cms/GCMParameters.java in the Bouncy Castle Crypto APIs 1.54 for Java, as used in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, has an improper AES-GCM-ICVlen value, which makes it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application, aka internal bug 26234568. 2016-04-17 not yet calculated CVE-2016-2427
CONFIRM
CONFIRM
CONFIRM
android — libstagefright The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 mishandles Memory Management Control Operation (MMCO) data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25818142. 2016-04-17 not yet calculated CVE-2016-0842
CONFIRM
CONFIRM
android — mediaserver An unspecified media codec in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26220548. 2016-04-17 not yet calculated CVE-2016-0834
CONFIRM
android — mediaserver decoder/impeg2d_dec_hdr.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a certain negative value, aka internal bug 26070014. 2016-04-17 not yet calculated CVE-2016-0835
CONFIRM
CONFIRM
CONFIRM
android — mediaserver libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for the android.permission.DUMP permission, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via a dump request, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27046057. 2016-04-17 not yet calculated CVE-2016-2416
CONFIRM
CONFIRM
CONFIRM
android — mediaserver media/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize a certain key-request data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26323455. 2016-04-17 not yet calculated CVE-2016-2419
CONFIRM
CONFIRM
android — mediaserver media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26914474. 2016-04-17 not yet calculated CVE-2016-2417
CONFIRM
CONFIRM
android — mediaserver media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26403627. 2016-04-17 not yet calculated CVE-2016-2413
CONFIRM
CONFIRM
android — mediaserver media/libmedia/IOMX.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize certain metadata buffer pointers, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324358. 2016-04-17 not yet calculated CVE-2016-2418
CONFIRM
CONFIRM
android — mediaserver media/libmedia/mediametadataretriever.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mishandles cleared service binders, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26040840. 2016-04-17 not yet calculated CVE-2016-0841
CONFIRM
CONFIRM
android — mediaserver MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via a crafted media file, aka internal bug 27208621. 2016-04-17 not yet calculated CVE-2016-0837
CONFIRM
CONFIRM
android — mediaserver Multiple stack-based buffer underflows in decoder/ih264d_parse_cavlc.c in mediaserver in Android 6.x before 2016-04-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26399350. 2016-04-17 not yet calculated CVE-2016-0840
CONFIRM
CONFIRM
android — mediaserver post_proc/volume_listener.c in mediaserver in Android 6.x before 2016-04-01 mishandles deleted effect context, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25753245. 2016-04-17 not yet calculated CVE-2016-0839
CONFIRM
CONFIRM
android — mediaserver Sonivox in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a negative number of samples, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to arm-wt-22k/lib_src/eas_wtengine.c and arm-wt-22k/lib_src/eas_wtsynth.c, aka internal bug 26366256. 2016-04-17 not yet calculated CVE-2016-0838
CONFIRM
CONFIRM
CONFIRM
android — mediaserver Stack-based buffer overflow in decoder/impeg2d_vld.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25812590. 2016-04-17 not yet calculated CVE-2016-0836
CONFIRM
CONFIRM
android — qualcomm A Qualcomm Power Management kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages root access, aka internal bug 26866053. 2016-04-17 not yet calculated CVE-2016-2411
CONFIRM
android — qualcomm A Qualcomm video kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 26291677. 2016-04-17 not yet calculated CVE-2016-2410
CONFIRM
android — qualcomm_arm_processor The Qualcomm ARM processor performance-event manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application, aka internal bug 25801197. 2016-04-17 not yet calculated CVE-2016-0843
CONFIRM
android — qualcomm_rf_driver The Qualcomm RF driver in Android 6.x before 2016-04-01 does not properly restrict access to socket ioctl calls, which allows attackers to gain privileges via a crafted application, aka internal bug 26324307. 2016-04-17 not yet calculated CVE-2016-0844
CONFIRM
CONFIRM
android — recovery_procedure Multiple integer overflows in minzip/SysUtil.c in the Recovery Procedure in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26960931. 2016-04-17 not yet calculated CVE-2016-0849
CONFIRM
CONFIRM
android — rootdir/init.rc rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the /data/tombstones directory exists for the Debuggerd component, which allows attackers to gain privileges via a crafted application, aka internal bug 26403620. 2016-04-17 not yet calculated CVE-2016-2420
CONFIRM
CONFIRM
CONFIRM
android — setup_wizard Setup Wizard in Android 5.1.x before 5.1.1 and 6.x before 2016-04-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26154410. 2016-04-17 not yet calculated CVE-2016-2421
CONFIRM
android — skia include/core/SkPostConfig.h in Skia, as used in System_server in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, mishandles certain crashes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26593930. 2016-04-17 not yet calculated CVE-2016-2412
CONFIRM
CONFIRM
android — syncstorageengine server/content/SyncStorageEngine.java in SyncStorageEngine in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mismanages certain authority data, which allows attackers to cause a denial of service (reboot loop) via a crafted application, aka internal bug 26513719. 2016-04-17 not yet calculated CVE-2016-2424
CONFIRM
CONFIRM
android — telecom_component The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to spoof the originating telephone number of a call via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26864502. 2016-04-17 not yet calculated CVE-2016-0847
CONFIRM
CONFIRM
CONFIRM
android — telephony server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26303187. 2016-04-17 not yet calculated CVE-2016-2423
CONFIRM
CONFIRM
android — the_minikin_library The Minikin library in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider negative size values in font data, which allows remote attackers to cause a denial of service (memory corruption and reboot loop) via a crafted font, aka internal bug 26413177. 2016-04-17 not yet calculated CVE-2016-2414
CONFIRM
CONFIRM
CONFIRM
CONFIRM
android — ti_haptic_kernal_driver A Texas Instruments (TI) haptic kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 25981545. 2016-04-17 not yet calculated CVE-2016-2409
CONFIRM
android — wi-fi Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not prevent use of a Wi-Fi CA certificate in an unrelated CA role, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324357. 2016-04-17 not yet calculated CVE-2016-2422
CONFIRM
CONFIRM
apache — camel-jetty Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using (1) camel-jetty or (2) camel-servlet as a consumer in Camel routes, allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request. 2016-04-15 not yet calculated CVE-2015-5348
CONFIRM
BUGTRAQ
MISC
CONFIRM
apache — jetspeed Cross-site scripting (XSS) vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to portal. 2016-04-11   CVE-2016-0712
CONFIRM
MLIST
apache — jetspeed Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by “../../webapps/x.jsp.” 2016-04-11 not yet calculated CVE-2016-0709
EXPLOIT-DB
CONFIRM
MLIST
MISC
MISC
MISC
apache — jetspeed Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a (1) link, (2) page, or (3) folder resource. 2016-04-11 not yet calculated CVE-2016-0711
CONFIRM
MLIST
apache — jetspeed Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/. 2016-04-11 not yet calculated CVE-2016-0710
EXPLOIT-DB
CONFIRM
MLIST
MISC
MISC
MISC
apache — ranger Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy. 2016-04-11 not yet calculated CVE-2016-0735
MLIST
apache — ranger The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid username. 2016-04-12 not yet calculated CVE-2016-0733
MLIST
CONFIRM
CONFIRM
BID
apache — subversion_mod_dav_svn Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow. 2016-04-14 not yet calculated CVE-2015-5343
SECTRACK
DEBIAN
CONFIRM
avast — avast Avast allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted PE file, related to authenticode parsing. 2016-04-11 not yet calculated CVE-2016-3986
EXPLOIT-DB
MISC
MISC
big-ip — big-ip F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP DNS 12.0.0 before build 1.14.628; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, and 11.6.0 before build 6.204.442; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 build 685-HF10; BIG-IQ Cloud, Device, and Security 4.2.0 through 4.5.0; and BIG-IQ ADC 4.5.0 do not properly regenerate certificates and keys when deploying cloud images in Amazon Web Services (AWS), Azure or Verizon cloud services environments, which allows attackers to obtain sensitive information or cause a denial of service (disruption) by leveraging a target instance configuration. 2016-04-13 not yet calculated CVE-2016-2084
CONFIRM
SECTRACK
big-ip — big-ip The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 HF6 and BIG-IP Edge Gateway 11.0.0 through 11.3.0 might allow remote attackers to obtain sensitive SessionId information by leveraging access to the Location HTTP header in a redirect. 2016-04-13 not yet calculated CVE-2016-3686
CONFIRM
SECTRACK
big-ip — traffic_management_microkernel_(tmm) The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and BIG-IP PEM before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.0 HF6 and BIG-IP PSM before 11.4.1 HF10 does not properly handle TCP options, which allows remote attackers to cause a denial of service via unspecified vectors, related to the tm.minpathmtu database variable. 2016-04-11 not yet calculated CVE-2015-8240
CONFIRM
SECTRACK
big-ip_ltm — configuration_utility Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x before 11.2.1 HF11, 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; BIG-IP AAM 11.4.0 before HF8 and 11.4.1 before HF6; BIG-IP AFM and PEM 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; and BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF11 and 11.3.0 allows remote authenticated users to upload files via uploadImage.php. 2016-04-12 not yet calculated CVE-2015-8021
CONFIRM
SECTRACK
cacti — auth_login.php auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database. 2016-04-13 not yet calculated CVE-2016-2313
CONFIRM
SUSE
SUSE
SUSE
CONFIRM
cacti — graphs_new.php SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action. 2016-04-11 not yet calculated CVE-2015-8604
SECTRACK
MLIST
MLIST
FULLDISC
MISC
MISC
cisco — ios Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP) port, aka Bug ID CSCum62591. 2016-04-13 not yet calculated CVE-2016-1378
CISCO
cisco — ios Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (CRC and symbol errors, and interface flap) via crafted bit patterns in packets, aka Bug ID CSCuv78548. 2016-04-12 not yet calculated CVE-2016-1376
CISCO
cisco — ucs Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856. 2016-04-13 not yet calculated CVE-2016-1352
CISCO
cisco — ucs Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted arguments on a ucspe-copy command line, aka Bug ID CSCux68832. 2016-04-15 not yet calculated CVE-2016-1339
CISCO
cisco — ucs Heap-based buffer overflow in Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted libclimeta.so filename arguments, aka Bug ID CSCux68837. 2016-04-15 not yet calculated CVE-2016-1340
CISCO
citrix — administration_web_ui_servlets Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2016-04-14 not yet calculated CVE-2015-7999
CONFIRM
claws_mail — codeconv.c Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion. 2016-04-11 not yet calculated CVE-2015-8614
CONFIRM
MLIST
MLIST
CONFIRM
SUSE
CONFIRM
dell — openmanage_server_administrator_(omsa) Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a .. (dot dot backslash) in the file parameter to ViewFile. 2016-04-12 not yet calculated CVE-2016-4004
EXPLOIT-DB
drupal — drupal The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files. 2016-04-12 not yet calculated CVE-2016-3162
CONFIRM
MLIST
MLIST
DEBIAN
drupal — drupal The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same method. 2016-04-12 not yet calculated CVE-2016-3163
CONFIRM
MLIST
MLIST
DEBIAN
drupal — block_class_module Cross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the “Administer block classes” permission to inject arbitrary web script or HTML via a class name. 2016-04-15 not yet calculated CVE-2016-3144
MISC
CONFIRM
ec-cube — cyber-will_social-button Cross-site scripting (XSS) vulnerability in the Cyber-Will Social-button Premium plugin before 1.1 for EC-CUBE 2.13.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-04-08   CVE-2016-1180
CONFIRM
CONFIRM
JVNDB
JVN
emc — emc An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname. 2016-04-15 not yet calculated CVE-2016-0889
BUGTRAQ
emc — emc EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application’s failure to detect an RSA signature failure during a TLS session. 2016-04-12 not yet calculated CVE-2016-0887
BUGTRAQ
eset — nod32 Heap-based buffer overflow in the Archive support module in ESET NOD32 before update 11861 allows remote attackers to execute arbitrary code via a large number of languages in an EPOC installation file of type SIS_FILE_MULTILANG. 2016-04-11 not yet calculated CVE-2015-8841
MISC
CONFIRM
MISC
foomatic — foomatic-rip/filters Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327. 2016-04-14 not yet calculated CVE-2015-8560
UBUNTU
UBUNTU
MLIST
MLIST
DEBIAN
CONFIRM
CONFIRM
foomatic — rip/filters Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title. 2016-04-15  not yet calculated CVE-2010-5325
CONFIRM
CONFIRM
MLIST
MLIST
REDHAT
CONFIRM
forman — forman Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual report show/delete pages or (b) APIs. 2016-04-11 not yet calculated CVE-2015-5233
REDHAT
CONFIRM
CONFIRM
foxit_reader — foxit_cloud_update_service The Foxit Cloud Update Service (FoxitCloudUpdateService) in Foxit Reader 6.1 through 6.2.x and 7.x before 7.2.2, when an update to the Cloud plugin is available, allows local users to gain privileges by writing crafted data to a shared memory region, which triggers memory corruption. 2016-04-13 not yet calculated CVE-2015-8843
CONFIRM
MISC
freebsd — freebsd Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service (kernel panic) via an i386_set_ldt system call, which triggers a heap-based buffer overflow. 2016-04-11 not yet calculated CVE-2016-1885
EXPLOIT-DB
FREEBSD
SECTRACK
BUGTRAQ
BUGTRAQ
MISC
FULLDISC
FULLDISC
MISC
giflib — giffix.c Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service (program crash) via crafted image and logical screen width fields in a GIF file. 2016-04-13 not yet calculated CVE-2015-7555
BUGTRAQ
FULLDISC
MISC
FEDORA
git — git-remote-ext The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule. 2016-04-13 not yet calculated CVE-2015-7545
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
UBUNTU
MLIST
MLIST
MLIST
REDHAT
SUSE
google — chrome Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka “Universal XSS (UXSS).” 2016-04-18 not yet calculated CVE-2016-1652
CONFIRM
CONFIRM
CONFIRM
google — chrome fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted JPEG 2000 data in a PDF document. 2016-04-18 not yet calculated CVE-2016-1651
CONFIRM
CONFIRM
MISC
CONFIRM
google — chrome Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension. 2016-04-18 not yet calculated CVE-2016-1655
CONFIRM
CONFIRM
CONFIRM
google — chrome Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2016-04-18 not yet calculated CVE-2016-1659
CONFIRM
CONFIRM
google — chrome The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors. 2016-04-18 not yet calculated CVE-2016-1656
CONFIRM
CONFIRM
google — chrome The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension. 2016-04-18 not yet calculated CVE-2016-1658
CONFIRM
CONFIRM
CONFIRM
google — chrome The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related to compiler/pipeline.cc and compiler/simplified-lowering.cc. 2016-04-18 not yet calculated CVE-2016-1653
CONFIRM
CONFIRM
CONFIRM
google — chrome The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors. 2016-04-18 not yet calculated CVE-2016-1654
CONFIRM
CONFIRM
google — chrome The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL. 2016-04-18 not yet calculated CVE-2016-1657
CONFIRM
CONFIRM
CONFIRM
hawk — hawk Hawk before 3.1.3 and 4.x before 4.1.1 allow remote attackers to cause a denial of service (CPU consumption or partial outage) via a long (1) header or (2) URI that is matched against an improper regular expression. 2016-04-13 not yet calculated CVE-2016-2515
MISC
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
horde_groupware — horde_groupware Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to xplorer/gollem/manager.php. 2016-04-13 not yet calculated CVE-2016-2228
CONFIRM
CONFIRM
MLIST
MLIST
DEBIAN
MLIST
MLIST
FEDORA
FEDORA
CONFIRM
horde_groupware — renderVarInpu Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields. 2016-04-13 not yet calculated CVE-2015-8807
CONFIRM
CONFIRM
MLIST
MLIST
DEBIAN
MLIST
MLIST
FEDORA
FEDORA
hpe_universal_cmdb_foundation — hpe_universal_cmdb_foundation HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain sensitive information or conduct URL redirection attacks via unspecified vectors. 2016-04-12 not yet calculated CVE-2016-2001
HP
huawei — campus_series_switches Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH008, and V200R006C00 before V200R006SPH002; S9300, S7700, and S9700 Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH009, and V200R006C00 before V200R006SPH003; S5720HI and S5720EI Campus series switches with software V200R006C00 before V200R006SPH002; and S2300 and S3300 Campus series switches with software V100R006C05 before V100R006SPH022 allows remote authenticated users to cause a denial of service (memory consumption and device restart) by logging in and out of the (1) HTTPS or (2) SFTP server, related to SSL session information. 2016-04-14 not yet calculated CVE-2015-8677
CONFIRM
huawei — campus_series_switches Memory leak in Huawei S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI, and S5300LI Campus series switches with software V200R001C00 before V200R001SPH018, V200R002C00 before V200R003SPH011, and V200R003C00 before V200R003SPH011; S9300, S7700, and S9700 Campus series switches with software V200R001C00 before V200R001SPH023, V200R002C00 before V200R003SPH011, and V200R003C00 before V200R003SPH011; and S2300 and S3300 Campus series switches with software V100R006C05 before V100R006SPH022 allows remote attackers to cause a denial of service (memory consumption and reboot) via a large number of ICMPv6 packets. 2016-04-14 not yet calculated CVE-2015-8676
CONFIRM
huawei — fusioncompute Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive “role and permission” information via unspecified vectors. 2016-04-14 not yet calculated CVE-2015-8336
CONFIRM
huawei — huawei_utps Untrusted search path vulnerability in Huawei UTPS before UTPS-V200R003B015D15SP00C983 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in an unspecified directory. 2016-04-13 not yet calculated CVE-2016-2780
CONFIRM
huawei — p8_smartphones The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and GRA-CL10 before GRA-CL10C92B350 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to obtain sensitive information from stack memory or cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access. 2016-04-13 not yet calculated CVE-2015-8682
CONFIRM
inspircd — dns.cpp The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a “32” (whitespace) character in a hostname. 2016-04-12 not yet calculated CVE-2015-8702
CONFIRM
CONFIRM
CONFIRM
DEBIAN
ipswitch — moveit_file_transfer Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading HTML files. 2016-04-15 not yet calculated CVE-2015-7676
MISC
FULLDISC
MISC
juniper — junos_os Juniper Junos OS 14.1X53 before 14.1X53-D30 on QFX Series switches allows remote attackers to cause a denial of service (PFE panic) via a high rate of unspecified VXLAN packets. 2016-04-15 not yet calculated CVE-2016-1274
CONFIRM
juniper — junos_os Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R9, 13.2X51 before 13.2X51-D39, 13.3 before 13.3R8, 14.1 before 14.1R6, 14.1X53 before 14.1X53-D30, 14.2 before 14.2R4-S1, 15.1 before 15.1R2, 15.1X49 before 15.1X49-D30, and 16.1 before 16.1R1 allow remote attackers to cause a denial of service (socket consumption) via crafted TCP timestamps. 2016-04-15 not yet calculated CVE-2016-1269
CONFIRM
juniper — junos_os Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D25, 13.2 before 13.2R8, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.2 before 14.2R4, 15.1 before 15.1R1 or 15.1F2, and 15.1X49 before 15.1X49-D15 allow local users to gain privileges via crafted combinations of CLI commands and arguments, a different vulnerability than CVE-2015-3003, CVE-2014-3816, and CVE-2014-0615. 2016-04-15 not yet calculated CVE-2016-1271
CONFIRM
juniper — junos_os Juniper Junos OS before 13.2X51-D40, 14.x before 14.1X53-D30, and 15.x before 15.1X53-D20 on QFX5100 and QFX10002 switches do not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic encryption and authentication protection mechanisms via unspecified vectors. 2016-04-15 not yet calculated CVE-2016-1273
CONFIRM
juniper — junos_os Race condition in the Op command in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 12.3X50 before 12.3X50-D50, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.2X52 before 13.2X52-D30, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.1X53 before 14.1X53-D30, 14.2 before 14.2R4, 15.1 before 15.1F2 or 15.1R2, 15.1X49 before 15.1X49-D10 or 15.1X49-D20, and 16.1 before 16.1R1 allows remote authenticated users to gain privileges via the URL option. 2016-04-15 not yet calculatednot yet calculated CVE-2016-1264
CONFIRM
juniper — junos_os Race condition in the RPC functionality in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.1X53 before 14.1X53-D30, 14.2 before 14.2R3-S4, 15.1 before 15.1F2, or 15.1R2, 15.1X49 before 15.1X49-D20, and 16.1 before 16.1R1 allows local users to read, delete, or modify arbitrary files via unspecified vectors. 2016-04-15 not yet calculated CVE-2016-1267
CONFIRM
juniper — junos_os The rpd daemon in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D40, 13.3 before 13.3R6, 14.1 before 14.1R4, and 14.2 before 14.2R2, when configured with BGP-based L2VPN or VPLS, allows remote attackers to cause a denial of service (daemon restart) via a crafted L2VPN family BGP update. 2016-04-15 not yet calculated CVE-2016-1270
CONFIRM
juniper — screenos The administrative web services interface in Juniper ScreenOS before 6.3.0r21 allows remote attackers to cause a denial of service (reboot) via a crafted SSL packet. 2016-04-15 not yet calculated CVE-2016-1268
CONFIRM
libpng — pngwutil.c Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read. 2016-04-14 not yet calculated CVE-2015-8540
BID
MLIST
MLIST
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
FEDORA
libssh — libssh libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a “bits/bytes confusion bug.” 2016-04-13 not yet calculated CVE-2016-0739
CONFIRM
CONFIRM
UBUNTU
DEBIAN
REDHAT
FEDORA
FEDORA
libssh — package_cb.c The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet. 2016-04-13 not yet calculated CVE-2015-3146
CONFIRM
CONFIRM
CONFIRM
UBUNTU
DEBIAN
FEDORA
FEDORA
libssh2 — kex.c The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a “bits/bytes confusion bug.” 2016-04-13 not yet calculated CVE-2016-0787
CONFIRM
CONFIRM
DEBIAN
SUSE
FEDORA
FEDORA
libtiff — nextdecode The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif. 2016-04-13 not yet calculated CVE-2014-9655
DEBIAN
MLIST
libtiff — pillow Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file. 2016-04-13 not yet calculated CVE-2016-0775
CONFIRM
CONFIRM
DEBIAN
libtiff — pillow Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. 2016-04-13 not yet calculated CVE-2016-0740
CONFIRM
CONFIRM
DEBIAN
libtiff — pillow OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image. 2016-04-13 not yet calculated CVE-2016-0757
CONFIRM
REDHAT
libtiff — tif_getimage.c The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image. 2016-04-13 not yet calculated CVE-2015-8683
MLIST
MLIST
DEBIAN
libtiff — tif_getimage.c tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image. 2016-04-13 not yet calculated CVE-2015-8665
MLIST
MLIST
DEBIAN
libtiff — tif_next.c The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif. 2016-04-13 not yet calculated CVE-2015-8784
CONFIRM
MLIST
MLIST
DEBIAN
CONFIRM
libtiff — tif_next.c The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif. 2016-04-13 not yet calculated CVE-2015-1547
DEBIAN
MLIST
MLIST
libvirt — storage/storage_backend_fs.c Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name. 2016-04-11 not yet calculated CVE-2015-5313
MLIST
CONFIRM
FEDORA
CONFIRM
libvirt — virstoragevolcreatexml The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool. 2016-04-14 not yet calculated CVE-2015-5247
UBUNTU
CONFIRM
libvirt– networkreloadiptablesrules The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query. 2016-04-14 not yet calculated CVE-2011-4600
CONFIRM
UBUNTU
CONFIRM
CONFIRM
libxml2 — dict.c dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the “<!DOCTYPE html” substring in a crafted HTML document. 2016-04-13 not yet calculated CVE-2015-8806
MISC
BID
MLIST
libxml2 — htmlparser.c The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment. 2016-04-11 not yet calculated CVE-2015-8710
MISC
CONFIRM
CONFIRM
BID
MLIST
MLIST
MLIST
DEBIAN
magento_enterprise_edition — getorderbystatusurlkey The getOrderByStatusUrlKey function in the Mage_Rss_Helper_Order class in app/code/core/Mage/Rss/Helper/Order.php in Magento Enterprise Edition before 1.14.2.3 and Magento Community Edition before 1.9.2.3 allows remote attackers to obtain sensitive order information via the order_id in a JSON object in the data parameter in an RSS feed request to index.php/rss/order/status. 2016-04-15 not yet calculated CVE-2016-2212
CONFIRM
BUGTRAQ
FULLDISC
MISC
MISC
mcafee — mcafee The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys. 2016-04-08 not yet calculated CVE-2016-3984
EXPLOIT-DB
CONFIRM
SECTRACK
FULLDISC
MISC
mercurial — mercurial Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository. 2016-04-13 not yet calculated CVE-2016-3068
CONFIRM
CONFIRM
DEBIAN
SUSE
SUSE
SUSE
FEDORA
FEDORA
mercurial — mercurial Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository. 2016-04-13 not yet calculated CVE-2016-3069
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
DEBIAN
SUSE
SUSE
SUSE
FEDORA
FEDORA
mercurial — mercurial The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records. 2016-04-13 not yet calculated CVE-2016-3630
CONFIRM
CONFIRM
CONFIRM
DEBIAN
SUSE
SUSE
SUSE
FEDORA
FEDORA
mod_auth_mellon — am_read_post The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data. 2016-04-15 not yet calculated CVE-2016-2145
MLIST
CONFIRM
FEDORA
mod_auth_mellon — am_read_post The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data. 2016-04-15 not yet calculated CVE-2016-2146
MLIST
CONFIRM
FEDORA
nvidia — the_escape_interface The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information from kernel memory, cause a denial of service (crash), or possibly gain privileges via unspecified vectors, which trigger uninitialized or out-of-bounds memory access. 2016-04-12 not yet calculated CVE-2016-2557
CONFIRM
CONFIRM
nvidia — the_escape_interface The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information, cause a denial of service (crash), or gain privileges via unspecified vectors related to an untrusted pointer, which trigger uninitialized or out-of-bounds memory access. 2016-04-12 not yet calculated CVE-2016-2558
CONFIRM
CONFIRM
nvidia — the_escape_interface The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows improperly allows access to restricted functionality, which allows local users to gain privileges via unspecified vectors. 2016-04-12 not yet calculated CVE-2016-2556
CONFIRM
CONFIRM
openstack_compute — libvirt_driver The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk. 2016-04-12 not yet calculated CVE-2016-2140
CONFIRM
CONFIRM
MLIST
opensuse — opensuse Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with “illegal options.” 2016-04-13 not yet calculated CVE-2016-4007
CONFIRM
SUSE
optipng — bmp_read_rows The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image. 2016-04-13 not yet calculated CVE-2016-2191
CONFIRM
BUGTRAQ
MLIST
DEBIAN
FULLDISC
MISC
optipng — optipng Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file. 2016-04-13 not yet calculated CVE-2016-3981
CONFIRM
DEBIAN
MISC
optipng — optipng Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow. 2016-04-13 not yet calculated CVE-2016-3982
CONFIRM
DEBIAN
MISC
palo_alto_networks — pan-os The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command parameter. 2016-04-12 not yet calculated CVE-2016-3654
CONFIRM
pillow — pillow Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file. 2016-04-13 not yet calculated CVE-2016-2533
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
DEBIAN
pillow — pillow Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow. 2016-04-13 not yet calculated CVE-2016-4009
CONFIRM
CONFIRM
CONFIRM
pixman — pixman-bits-image.c Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values. 2016-04-13 not yet calculated CVE-2014-9766
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
UBUNTU
MLIST
MLIST
pulse — connect_secure The Terminal Services Remote Desktop Protocol (RDP) client session restrictions feature in Pulse Connect Secure (aka PCS) 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access restrictions via unspecified vectors. 2016-04-11 not yet calculated CVE-2016-3985
CONFIRM
SECTRACK
qemu — qemu Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command. 2016-04-11 not yet calculated CVE-2016-1568
SECTRACK
MLIST
MLIST
CONFIRM
redis — getnum_function Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. 2016-04-13 not yet calculated CVE-2015-8080
CONFIRM
CONFIRM
MISC
MLIST
MLIST
DEBIAN
REDHAT
REDHAT
redmine — app/controllers/application_controller.rb Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted back_url parameter, as demonstrated by “@attacker.com,” a different vulnerability than CVE-2014-1985. 2016-04-12 not yet calculated CVE-2015-8474
CONFIRM
CONFIRM
BID
CONFIRM
DEBIAN
redmine — app/views/journals/index.builder app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed. 2016-04-12 not yet calculated CVE-2015-8537
CONFIRM
CONFIRM
DEBIAN
redmine — app/views/timelog/_form.html.erb app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form. 2016-04-12 not yet calculated CVE-2015-8346
CONFIRM
CONFIRM
CONFIRM
DEBIAN
redmine — issues_api The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects. 2016-04-12 not yet calculated CVE-2015-8473
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
BID
DEBIAN
red_hat — satellite Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the list_1680466951_oldfilterval parameter to systems/PhysicalList.do or (2) unspecified vectors involving systems/VirtualSystemsList.do. 2016-04-14 not yet calculated CVE-2016-2103
CONFIRM
REDHAT
red_hat — spacewalk/red_hat_satellite Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a (3) snapshot tag or (4) system group in System Set Manager (SSM). 2016-04-14 not yet calculated CVE-2016-3079
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
REDHAT
red_hat_cloudforms — postgresql_database Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files. 2016-04-11 not yet calculated CVE-2015-7502
CONFIRM
REDHAT
REDHAT
roundup — schema.py schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details. 2016-04-13 not yet calculated CVE-2014-6276
CONFIRM
DEBIAN
CONFIRM
saltstack — salt_2015 Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream. 2016-04-12 not yet calculated CVE-2016-1866
CONFIRM
SUSE
sap — netweaver_java_as The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784. 2016-04-14 not yet calculated CVE-2016-4015
MISC
MISC
sap — netweaver_java_as XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service via a crafted XML request, aka SAP Security Note 2254389. 2016-04-14 not yet calculated CVE-2016-4014
MISC
MISC
sap — sap_hana The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710. 2016-04-14 not yet calculated CVE-2016-4017
MISC
sap — sap_hana The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and conduct unspecified other attacks via unspecified vectors, aka SAP Security Note 2262742. 2016-04-14 not yet calculated CVE-2016-4018
MISC
sap — sap_manufacturing_integration_and_intelligence_(mii) Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) allows remote attackers to inject arbitrary web script or HTML via vectors related to UR Control, aka SAP Security Note 2201295. 2016-04-14 not yet calculated CVE-2016-4016
MISC
MISC
spacewalk_and_red_hat_satellite — spacewalk-java Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7811. 2016-04-14 not yet calculated CVE-2015-0284
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
REDHAT
trend_micro — password_manager The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB. 2016-04-11 not yet calculated CVE-2016-3987
EXPLOIT-DB
MISC
SECTRACK
MISC
CONFIRM
tripleo_heat — tripleo-heat-templates The TripleO Heat templates (tripleo-heat-templates) does not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors. 2016-04-15 not yet calculated CVE-2015-5271
CONFIRM
CONFIRM
CONFIRM
REDHAT
tripleo_heat — tripleo-heat-templates The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter. 2016-04-11 not yet calculated CVE-2015-5303
CONFIRM
REDHAT
trytond — model/modelstorage.py model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records. 2016-04-13 not yet calculated CVE-2015-0861
CONFIRM
CONFIRM
DEBIAN
vmware — vcenter_server Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site. 2016-04-15 not yet calculated CVE-2016-2076
CONFIRM
xen — xen Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries, related to a “write path.” 2016-04-14 not yet calculated CVE-2015-8554
CONFIRM
SECTRACK
BID
CONFIRM
xen — xen The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. 2016-04-13 not yet calculated CVE-2016-3159
CONFIRM
CONFIRM
SECTRACK
FEDORA
FEDORA
xen — xen The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka “Linux pciback missing sanity checks.” 2016-04-13 not yet calculated CVE-2015-8552
CONFIRM
SECTRACK
BID
xen — xen The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka “Linux pciback missing sanity checks.” 2016-04-13 not yet calculated CVE-2015-8551
CONFIRM
SECTRACK
BID
xen — xen The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. 2016-04-13 not yet calculated CVE-2016-3158
CONFIRM
CONFIRM
CONFIRM
SECTRACK
FEDORA
FEDORA
xen — xen The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows guest local OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access. 2016-04-12 not yet calculated CVE-2016-3157
CONFIRM
xen — xen Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777. 2016-04-13 not yet calculated CVE-2015-8553
CONFIRM
xen — xen Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability. 2016-04-14 not yet calculated CVE-2015-8550
CONFIRM
SECTRACK
BID
xen — xsave/xrstor Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors. 2016-04-13 not yet calculated CVE-2015-8555
CONFIRM
SECTRACK
BID
CONFIRM
xen_linux_kernel — xen_linux_kernel Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area. 2016-04-15 not yet calculated CVE-2016-3961
CONFIRM
CONFIRM
SECTRACK
xymon — xymon lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue. 2016-04-13 not yet calculated CVE-2016-2057
CONFIRM
BUGTRAQ
DEBIAN
MISC
xymon — xymon Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long filename, involving handling a “config” command. 2016-04-13   CVE-2016-2054
CONFIRM
CONFIRM
BUGTRAQ
DEBIAN
MISC
MLIST
xymon — xymon Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the “detailed status” page, or (2) remote authenticated users to inject arbitrary web script or HTML via an acknowledgement message, which is not properly handled in the “status” page. 2016-04-13 not yet calculated CVE-2016-2058
CONFIRM
BUGTRAQ
DEBIAN
MISC
xymon — xymon xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c. 2016-04-13 not yet calculated CVE-2016-2056
CONFIRM
BUGTRAQ
DEBIAN
MISC
xymon — xymon xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a “config” command. 2016-04-13 not yet calculated CVE-2016-2055
CONFIRM
BUGTRAQ
DEBIAN
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

VMWare Releases Security Updates

Original release date: April 14, 2016

VMware has released security updates to address a vulnerability in vCenter Server, vCloud Director, vRealize Automation Identity Appliance, and the Client Integration Plugin. Exploitation of this vulnerability may allow a remote attacker to obtain sensitive information.

Users and administrators are encouraged to review VMware Security Advisory VMSA-2016-0004 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

TA16-105A: Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced

Original release date: April 14, 2016

Systems Affected

Microsoft Windows with Apple QuickTime installed

Overview

According to Trend Micro, Apple will no longer be providing security updates for QuickTime for Windows, leaving this software vulnerable to exploitation. [1]

Description

All software products have a lifecycle. Apple will no longer be providing security updates for QuickTime for Windows. [1]

The Zero Day Initiative has issued advisories for two vulnerabilities found in QuickTime for Windows. [2] [3]

Impact

Computer systems running unsupported software are exposed to elevated cybersecurity dangers, such as increased risks of malicious attacks or electronic data loss. Exploitation of QuickTime for Windows vulnerabilities could allow remote attackers to take control of affected systems.

Solution

Computers running QuickTime for Windows will continue to work after support ends. However, using unsupported software may increase the risks from viruses and other security threats. Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets. The only mitigation available is to uninstall QuickTime for Windows. Users can find instructions for uninstalling QuickTime for Windows on the Apple Uninstall QuickTime page. [4]

References

Revision History

  • April 14, 2016: Initial Release

This product is provided subject to this Notification and this Privacy & Use policy.

IRS Warns Taxpayers About Scams as Tax Deadline Approaches

Original release date: April 13, 2016

The Internal Revenue Service (IRS) has issued a press release to warn of a potential increase in scams targeting taxpayers around the April 18 tax deadline. Before and after the deadline, scammers may tempt or pressure taxpayers into revealing personal information. US-CERT and IRS recommend taxpayers prepare for heightened risk this tax season and remain vigilant year-round.

US-CERT encourages users and administrators to review the IRS news release for details and refer to US-CERT Security Tip ST15-001 for information on tax-themed phishing attacks.


This product is provided subject to this Notification and this Privacy & Use policy.

Google Releases Security Update for Chrome

Original release date: April 13, 2016

Google has released Chrome version 50.0.2661.75 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Chrome Releases page and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Update

Original release date: April 13, 2016

Cisco has released a security update to address a vulnerability in its Cisco Unified Computing System (UCS) Central Software. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.

Samba Security Updates Address Badlock Vulnerabilities

Original release date: April 12, 2016

The Samba Team has released security updates that address vulnerabilities, collectively known as Badlock, affecting both Windows operating systems and Samba in UNIX-like platforms. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system or create a denial-of-service condition.

Users and administrators are encouraged to review Samba Release News and Vulnerability Note VU#813296 for more information and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.