Category Archives: US-CERT

US-CERT Alerts – Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

FTC Releases Alert on Louisiana Flood Disaster Scams

August 23, 2016 007admin Leave a comment

Original release date: August 23, 2016

The Federal Trade Commission (FTC) has released an alert on scams that cite the recent flood disaster in Louisiana. These charity scams take many forms, including emails containing links or attachments that direct users to phishing or malware-infected websites. Donation requests from fraudulent charitable organizations commonly appear after major natural disasters.

US-CERT encourages users to take the following measures to protect themselves:

Review the FTC alert and its information on Charity Scams.
Do not follow unsolicited web links or attachments in email messages.
Keep antivirus and other computer software up-to-date.
Check this Better Business Bureau (BBB) list for helping Louisiana flood victims before making any donations to this cause.
Verify the legitimacy of any email solicitation by contacting the organization directly through a trusted contact number. You can find trusted contact information for many charities on the BBB National Charity Report Index.
Refer to Security Tip ST04-014 – Avoiding Social Engineering and Phishing Attacks – for more information on social engineering attacks.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Fortinet Releases Security Advisory

August 22, 2016 007admin Leave a comment

Original release date: August 22, 2016

Fortinet has released a security advisory to highlight a vulnerability in versions of FortiGate firmware that were released before August 2012. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. Using unpatched software increases risks from viruses and other security threats, and attackers may target vulnerabilities for months or even years after patches are available.

US-CERT encourages users and administrators to review the Fortinet Advisory and apply the necessary update. See US-CERT Security Tip on Understanding Patches for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

SB16-235: Vulnerability Summary for the Week of August 15, 2016

August 22, 2016 007admin Leave a comment

Original release date: August 22, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
apple — iphone_os	IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.	2016-08-18	9.3	CVE-2016-4654 CONFIRM
cisco — application_policy_infrastructure_controller_enterprise_module	The Grapevine update process in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0 allows remote authenticated users to execute arbitrary commands as root via a crafted upgrade parameter, aka Bug ID CSCux15507.	2016-08-18	8.5	CVE-2016-1365 CISCO
cisco — firepower_management_center	The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute arbitrary commands as root via crafted HTTP requests, aka Bug ID CSCur25513.	2016-08-18	9.0	CVE-2016-1457 CISCO
cisco — firepower_management_center	The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 allows remote authenticated users to increase user-account privileges via crafted HTTP requests, aka Bug ID CSCur25483.	2016-08-18	9.0	CVE-2016-1458 CISCO
cisco — adaptive_security_appliance_software	Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON.	2016-08-18	8.5	CVE-2016-6366 CONFIRM CISCO CONFIRM

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
cisco — adaptive_security_appliance_software	Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA.	2016-08-18	6.8	CVE-2016-6367 CONFIRM CISCO CONFIRM
fontconfig_project — fontconfig	fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.	2016-08-12	4.6	CVE-2016-5384 DEBIAN CONFIRM FEDORA MLIST
sap — sapcar_archive_tool	SAP SAPCAR allows local users to change the permissions of arbitrary files and consequently gain privileges via a hard link attack on files extracted from an archive, possibly related to SAP Security Note 2327384.	2016-08-12	4.4	CVE-2016-5847 MISC FULLDISC BUGTRAQ BID MISC

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
sap — sapcar_archive_tool	SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attackers to cause a denial of service (program crash) via an invalid file name in an archive file, aka SAP Security Note 2312905.	2016-08-12	2.1	CVE-2016-5845 MISC FULLDISC BUGTRAQ BID MISC MISC

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
apache — sentry	Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions.	2016-08-19	Not yet calculated	CVE-2016-0760 MLIST BID
apache — swf_panel	Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter.	2016-08-19	Not yet calculated	CVE-2016-3089 CONFIRM BUGTRAQ CONFIRM
citrix — xenapp_6	Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission.	2016-08-19	Not yet calculated	CVE-2016-6493 CONFIRM BID SECTRACK
ubuntu — libdbd_mysql_perl	Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.	2016-08-19	Not yet calculated	CVE-2015-8949 DEBIAN MLIST MLIST MISC CONFIRM CONFIRM CONFIRM
f5_big_ip_ltm — configuration_utility	The Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, and Link Controller 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AFM and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF16 and 11.3.0; and BIG-IP PSM 11.x before 11.2.1 HF16, 11.3.x, and 11.4.x before 11.4.1 HF10 allows remote authenticated users with certain permissions to gain privileges by leveraging an Access Policy Manager customization configuration section that allows file uploads.	2016-08-19	Not yet calculated	CVE-2015-8022 SECTRACK CONFIRM
f5_big_ip_ltm — ipsec_ike	The default configuration of the IPsec IKE peer listener in F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP DNS 12.x before 12.0.0 HF2; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 before HF16; BIG-IP GTM 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1; and BIG-IP PSM 11.4.0 through 11.4.1 improperly enables the anonymous IPsec IKE peer configuration object, which allows remote attackers to establish an IKE Phase 1 negotiation and possibly conduct brute-force attacks against Phase 2 negotiations via unspecified vectors.	2016-08-19	Not yet calculated	CVE-2016-5736 SECTRACK CONFIRM
foreman — api_host	Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts permission containing a filter to obtain sensitive network interface information via a request to API routes beneath “hosts,” as demonstrated by a GET request to api/v2/hosts/secrethost/interfaces.	2016-08-19	Not yet calculated	CVE-2016-5390 CONFIRM BID CONFIRM CONFIRM
foreman — app_assets_javascripts_host_edit_interfaces_js	Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the host interface form.	2016-08-19	Not yet calculated	CVE-2016-6320 CONFIRM BID CONFIRM CONFIRM CONFIRM
foreman — app_helpers_form_helper_rb	Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary web script or HTML via the label parameter.	2016-08-19	Not yet calculated	CVE-2016-6319 CONFIRM CONFIRM BID CONFIRM CONFIRM CONFIRM
foreman — information_disclosure	Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.	2016-08-19	Not yet calculated	CVE-2016-4995 CONFIRM CONFIRM CONFIRM
foreman –organization_locations_apis	The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that organization.	2016-08-19	Not yet calculated	CVE-2016-4451 CONFIRM CONFIRM CONFIRM
foreman –organization_locations_apis_uis	The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors.	2016-08-19	Not yet calculated	CVE-2016-4475 CONFIRM CONFIRM BID CONFIRM
fortinet — fortimanager	Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2016-08-19	Not yet calculated	CVE-2016-3195 CONFIRM
fortinet — fortimanager	Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.	2016-08-19	Not yet calculated	CVE-2016-3193 CONFIRM
fortinet — fortimanager_5x	Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2016-08-19	Not yet calculated	CVE-2016-3194 CONFIRM
heap-based_buffer — parse_packet function	Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet.	2016-08-19	Not yet calculated	CVE-2016-6254 CONFIRM DEBIAN CONFIRM
ubuntu– libdbd_mysql_perl	Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.	2016-08-19	Not yet calculated	CVE-2014-9906 CONFIRM DEBIAN MLIST MLIST CONFIRM CONFIRM

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Cisco Releases Security Updates

August 20, 2016 007admin Leave a comment

Original release date: August 20, 2016

Cisco has released security updates to address vulnerabilities in several products. Exploitation of some of these vulnerabilities could allow an unauthenticated remote attacker to take control of an affected system.

Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:

Cisco Firepower Management Center Privilege Escalation Vulnerability
Cisco Firepower Management Center Remote Command Execution Vulnerability
Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability
Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability
Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms AMPDU Denial of Service Vulnerability
Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms CLI Privilege Escalation Vulnerability
Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms 802.11 Protocol Denial of Service Vulnerability
Cisco Adaptive Security Appliance CLI Remote Code Execution Vulnerability
Cisco Firepower Management Center Cross-Site Scripting Vulnerability
Cisco IP Phone 8800 Series Denial of Service Vulnerability
Cisco Identity Services Engine Admin Dashboard Page Cross-Site Scripting Vulnerability
Cisco Smart Call Home Transport Gateway Cross-Site Scripting Vulnerability
Cisco Unified Communications Manager Information Disclosure Vulnerability
Cisco WebEx Meetings Server Information Disclosure Vulnerability

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

SB16-228: Vulnerability Summary for the Week of August 8, 2016

August 15, 2016 007admin Leave a comment

Original release date: August 15, 2016

High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
cisco — rv110w_wireless-n_vpn_firewall_firmware	The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.	2016-08-07	7.2	CVE-2015-6396 CISCO
cisco — rv110w_wireless-n_vpn_firewall_firmware	Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that account, aka Bug IDs CSCuv90139, CSCux58175, and CSCux73557.	2016-08-07	9.0	CVE-2015-6397 CISCO
cisco — rv180_vpn_router_firmware	Directory traversal vulnerability in the web interface on Cisco RV180 and RV180W devices allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuz43023.	2016-08-07	7.8	CVE-2016-1429 CISCO
cisco — rv180_vpn_router_firmware	Cisco RV180 and RV180W devices allow remote authenticated users to execute arbitrary commands as root via a crafted HTTP request, aka Bug ID CSCuz48592.	2016-08-07	9.0	CVE-2016-1430 CISCO
cisco — unified_communications_manager _im_and_presence_service	Cisco Unified Communications Manager IM and Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1, and 11.5(1) allows remote attackers to cause a denial of service (sipd process restart) via crafted headers in a SIP packet, aka Bug ID CSCva39072.	2016-08-07	7.8	CVE-2016-1466 CISCO
cisco — ios	Cisco IOS 15.5(3)S3, 15.6(1)S2, 15.6(2)S1, and 15.6(2)T1 does not properly dequeue invalid NTP packets, which allows remote attackers to cause a denial of service (interface wedge) by sending many crafted NTP packets, aka Bug ID CSCva35619.	2016-08-07	7.8	CVE-2016-1478 CISCO
dashbuilder_project — dashbuilder	SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI.	2016-08-05	7.5	CVE-2016-4999 BID REDHAT REDHAT CONFIRM CONFIRM CONFIRM
google — android	Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug CR549470.	2016-08-06	9.3	CVE-2014-9863 CONFIRM CONFIRM
google — android	drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747998 and Qualcomm internal bug CR561841.	2016-08-06	9.3	CVE-2014-9864 CONFIRM CONFIRM
google — android	drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28748271 and Qualcomm internal bug CR550013.	2016-08-06	9.3	CVE-2014-9865 CONFIRM CONFIRM
google — android	drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747684 and Qualcomm internal bug CR511358.	2016-08-06	9.3	CVE-2014-9866 CONFIRM CONFIRM
google — android	drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749629 and Qualcomm internal bug CR514702.	2016-08-06	9.3	CVE-2014-9867 CONFIRM CONFIRM
google — android	drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749728 and Qualcomm internal bug CR514711.	2016-08-06	9.3	CVE-2014-9869 CONFIRM CONFIRM CONFIRM
google — android	The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal bug 28749743 and Qualcomm internal bug CR561044.	2016-08-06	9.3	CVE-2014-9870 CONFIRM CONFIRM CONFIRM CONFIRM
google — android	Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28749803 and Qualcomm internal bug CR514717.	2016-08-06	9.3	CVE-2014-9871 CONFIRM CONFIRM
google — android	drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804057 and Qualcomm internal bug CR636633.	2016-08-06	9.3	CVE-2014-9887 CONFIRM CONFIRM
google — android	Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that sends an I2C command, aka Android internal bug 28770207 and Qualcomm internal bug CR529177.	2016-08-06	9.3	CVE-2014-9890 CONFIRM CONFIRM
google — android	drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted application that makes an ioctl call, aka Android internal bug 28749283 and Qualcomm internal bug CR550061.	2016-08-06	9.3	CVE-2014-9891 CONFIRM CONFIRM
google — android	The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android internal bug 28670333 and Qualcomm internal bug CR548711.	2016-08-05	7.8	CVE-2014-9901 CONFIRM CONFIRM
google — android	Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management frame, aka Android internal bug 28668638 and Qualcomm internal bugs CR553937 and CR553941.	2016-08-05	10.0	CVE-2014-9902 CONFIRM CONFIRM
google — android	The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804030 and Qualcomm internal bug CR766022.	2016-08-06	9.3	CVE-2015-8938 CONFIRM CONFIRM
google — android	drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28398884 and Qualcomm internal bug CR779021.	2016-08-06	9.3	CVE-2015-8939 CONFIRM CONFIRM
google — android	Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and Qualcomm internal bug CR792367.	2016-08-06	9.3	CVE-2015-8940 CONFIRM CONFIRM
google — android	drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814502 and Qualcomm internal bug CR792473.	2016-08-06	9.3	CVE-2015-8941 CONFIRM CONFIRM
google — android	drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814652 and Qualcomm internal bug CR803246.	2016-08-06	9.3	CVE-2015-8942 CONFIRM CONFIRM
google — android	services/core/java/com/android/server/pm/PackageManagerService.java in the framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to increase intent-filter priority via a crafted application, aka internal bug 27450489.	2016-08-05	7.5	CVE-2016-2497 CONFIRM CONFIRM
google — android	Integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28533562.	2016-08-05	7.5	CVE-2016-3819 CONFIRM CONFIRM
google — android	The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 mishandles slice numbers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28673410.	2016-08-05	7.5	CVE-2016-3820 CONFIRM CONFIRM
google — android	libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference or memory corruption) via a crafted media file, aka internal bug 28166152.	2016-08-05	7.5	CVE-2016-3821 CONFIRM CONFIRM
google — android	exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315.	2016-08-05	7.5	CVE-2016-3822 CONFIRM CONFIRM
google — android	codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28816956.	2016-08-05	7.1	CVE-2016-3827 CONFIRM CONFIRM
google — android	decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS NAL units, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28835995.	2016-08-05	7.1	CVE-2016-3828 CONFIRM CONFIRM
google — android	The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 does not initialize certain structure members, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29023649.	2016-08-05	7.1	CVE-2016-3829 CONFIRM CONFIRM
google — android	codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device hang or reboot) via crafted ADTS data, aka internal bug 29153599.	2016-08-05	7.1	CVE-2016-3830 CONFIRM CONFIRM
google — android	The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows attackers to bypass an unspecified protection mechanism via a crafted application, aka internal bug 28795098.	2016-08-05	8.3	CVE-2016-3832 CONFIRM CONFIRM
google — android	The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka internal bug 29189712.	2016-08-05	9.3	CVE-2016-3833 CONFIRM CONFIRM CONFIRM
google — android	Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153.	2016-08-05	10.0	CVE-2016-3840 CONFIRM CONFIRM
google — android	The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.	2016-08-06	7.2	CVE-2016-3841 CONFIRM CONFIRM CONFIRM CONFIRM
google — android	The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28377352 and Qualcomm internal bug CR1002974.	2016-08-05	9.3	CVE-2016-3842 CONFIRM
google — android	Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071.	2016-08-05	9.3	CVE-2016-3843 CONFIRM
google — android	mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28299517.	2016-08-05	9.3	CVE-2016-3844 CONFIRM
google — android	The video driver in the kernel in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application, aka internal bug 28399876.	2016-08-05	9.3	CVE-2016-3845 CONFIRM
google — android	The Serial Peripheral Interface driver in Android before 2016-08-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28817378.	2016-08-05	7.6	CVE-2016-3846 CONFIRM
google — android	The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28919417.	2016-08-05	7.6	CVE-2016-3848 CONFIRM
google — android	The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X devices allows attackers to gain privileges by leveraging access to a privileged process, aka internal bug 29189941.	2016-08-05	9.3	CVE-2016-3851 CONFIRM
google — android	The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518.	2016-08-05	9.3	CVE-2016-3857 CONFIRM
google — chrome	Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000 data.	2016-08-07	7.5	CVE-2016-5140 CONFIRM CONFIRM CONFIRM
google — chrome	The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp and SubtleCrypto.cpp.	2016-08-07	7.5	CVE-2016-5142 CONFIRM CONFIRM CONFIRM
google — chrome	The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144.	2016-08-07	7.5	CVE-2016-5143 CONFIRM CONFIRM CONFIRM
google — chrome	The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5143.	2016-08-07	7.5	CVE-2016-5144 CONFIRM CONFIRM CONFIRM
google — chrome	Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.	2016-08-07	7.5	CVE-2016-5146 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
haxx — libcurl	Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.	2016-08-10	7.5	CVE-2016-5421 DEBIAN MISC
ibm — qradar_security_information_and_event_manager	IBM Security QRadar SIEM 7.1.x and 7.2.x before 7.2.7 allows remote authenticated users to execute arbitrary OS commands as root via unspecified vectors.	2016-08-07	9.0	CVE-2016-2875 CONFIRM
juniper — junos	Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D23, 12.3X48 before 12.3X48-D25, and 15.1X49 before 15.1X49-D40 on a High-End SRX-Series chassis system with one or more Application Layer Gateways (ALGs) enabled allow remote attackers to cause a denial of service (CPU consumption, fab link failure, or flip-flop failovers) via vectors related to in-transit traffic matching ALG rules.	2016-08-05	7.1	CVE-2016-1276 CONFIRM SECTRACK
linux — linux_kernel	The vfe31_proc_general function in drivers/media/video/msm/vfe/msm_vfe31.c in the MSM-VFE31 driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate a certain id value, which allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call.	2016-08-07	7.2	CVE-2014-9410 CONFIRM
linux — linux_kernel	arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted application, aka Android internal bug 28803642 and Qualcomm internal bug CR642735.	2016-08-06	7.2	CVE-2014-9888 CONFIRM CONFIRM CONFIRM CONFIRM
linux — linux_kernel	Use-after-free vulnerability in the msm_set_crop function in drivers/media/video/msm/msm_camera.c in the MSM-Camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call.	2016-08-07	7.2	CVE-2015-0568 CONFIRM
linux — linux_kernel	drivers/media/platform/msm/broadcast/tsc.c in the TSC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via a crafted application that makes a TSC_GET_CARD_STATUS ioctl call.	2016-08-07	10.0	CVE-2015-0573 CONFIRM CONFIRM
linux — linux_kernel	Stack-based buffer overflow in the supply_lm_input_write function in drivers/thermal/supply_lm_core.c in the MSM Thermal driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application that sends a large amount of data through the debugfs interface.	2016-08-07	10.0	CVE-2016-2063 CONFIRM CONFIRM
linux — linux_kernel	sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted application that makes an ioctl call specifying many commands.	2016-08-07	7.2	CVE-2016-2064 CONFIRM CONFIRM
linux — linux_kernel	sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (out-of-bounds write and memory corruption) or possibly have unspecified other impact via a crafted application that makes an ioctl call triggering incorrect use of a parameters pointer.	2016-08-07	10.0	CVE-2016-2065 CONFIRM CONFIRM
linux — linux_kernel	The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name.	2016-08-07	7.2	CVE-2016-5340 CONFIRM CONFIRM
linux — linux_kernel	The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 4.6.5 does not validate the buffer size, which allows local users to gain privileges by triggering an AppArmor setprocattr hook.	2016-08-06	7.2	CVE-2016-6187 CONFIRM MLIST CONFIRM MLIST CONFIRM CONFIRM
microsoft — internet_explorer	Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-3290.	2016-08-09	7.6	CVE-2016-3288 MS
microsoft — edge	Microsoft Internet Explorer 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-3322.	2016-08-09	7.6	CVE-2016-3289 MS MS
microsoft — internet_explorer	Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-3288.	2016-08-09	7.6	CVE-2016-3290 MS
microsoft — edge	Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka “Microsoft Browser Memory Corruption Vulnerability.”	2016-08-09	7.6	CVE-2016-3293 MS MS
microsoft — edge	The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability.”	2016-08-09	7.6	CVE-2016-3296 MS
microsoft — windows_8.1	The Netlogon service in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 improperly establishes secure communications channels, which allows local users to gain privileges by leveraging access to a domain-joined machine, aka “Netlogon Elevation of Privilege Vulnerability.”	2016-08-09	7.2	CVE-2016-3300 MS
microsoft — live_meeting	The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka “Windows Graphics Component RCE Vulnerability.”	2016-08-09	9.3	CVE-2016-3301 MS
microsoft — live_meeting	The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka “Windows Graphics Component RCE Vulnerability,” a different vulnerability than CVE-2016-3304.	2016-08-09	9.3	CVE-2016-3303 MS
microsoft — live_meeting	The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka “Windows Graphics Component RCE Vulnerability,” a different vulnerability than CVE-2016-3303.	2016-08-09	9.3	CVE-2016-3304 MS
microsoft — windows_10	The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-3309, CVE-2016-3310, and CVE-2016-3311.	2016-08-09	7.2	CVE-2016-3308 MS
microsoft — windows_10	The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-3308, CVE-2016-3310, and CVE-2016-3311.	2016-08-09	7.2	CVE-2016-3309 MS
microsoft — windows_10	The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-3308, CVE-2016-3309, and CVE-2016-3311.	2016-08-09	7.2	CVE-2016-3310 MS
microsoft — windows_10	The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-3308, CVE-2016-3309, and CVE-2016-3310.	2016-08-09	7.2	CVE-2016-3311 MS
microsoft — office	Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka “Microsoft Office Memory Corruption Vulnerability.”	2016-08-09	9.3	CVE-2016-3313 MS
microsoft — word	Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to execute arbitrary code via a crafted file, aka “Microsoft Office Memory Corruption Vulnerability.”	2016-08-09	9.3	CVE-2016-3316 MS
microsoft — office	Microsoft Office 2010 SP2, Word 2007 SP3, Word 2010 SP2, Word for Mac 2011, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka “Microsoft Office Memory Corruption Vulnerability.”	2016-08-09	9.3	CVE-2016-3317 MS
microsoft — office	Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted file, aka “Graphics Component Memory Corruption Vulnerability.”	2016-08-09	9.3	CVE-2016-3318 MS
microsoft — edge	The PDF library in Microsoft Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Microsoft Edge allows remote attackers to execute arbitrary code via a crafted PDF file, aka “Microsoft PDF Remote Code Execution Vulnerability.”	2016-08-09	9.3	CVE-2016-3319 MS MS
microsoft — edge	Microsoft Internet Explorer 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-3289.	2016-08-09	7.6	CVE-2016-3322 MS MS
moxa — softcms	SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields.	2016-08-07	7.5	CVE-2016-5792 MISC
mozilla — netscape_portable_runtime	Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.	2016-08-07	7.5	CVE-2016-1951 CONFIRM MLIST CONFIRM
openbsd — openssh	The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.	2016-08-07	7.8	CVE-2016-6515 MLIST CONFIRM
php — php	Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class.	2016-08-07	7.5	CVE-2016-3078 MLIST CONFIRM CONFIRM CONFIRM CONFIRM
php — php	Double free vulnerability in the SplDoublyLinkedList::offsetSet function in ext/spl/spl_dllist.c in PHP 7.x before 7.0.6 allows remote attackers to execute arbitrary code via a crafted index.	2016-08-07	7.5	CVE-2016-3132 CONFIRM CONFIRM CONFIRM CONFIRM
php — php	The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a ” character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted locale_get_primary_language call.	2016-08-07	7.5	CVE-2016-5093 CONFIRM CONFIRM MLIST CONFIRM CONFIRM
php — php	Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function.	2016-08-07	7.5	CVE-2016-5094 CONFIRM MLIST CONFIRM CONFIRM
php — php	Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from a FILTER_SANITIZE_FULL_SPECIAL_CHARS filter_var call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-5094.	2016-08-07	7.5	CVE-2016-5095 CONFIRM MLIST CONFIRM CONFIRM
php — php	Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument.	2016-08-07	7.5	CVE-2016-5096 CONFIRM MLIST CONFIRM CONFIRM
php — php	Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception.	2016-08-07	7.5	CVE-2016-5768 CONFIRM CONFIRM CONFIRM MLIST CONFIRM
php — php	Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions.	2016-08-07	7.5	CVE-2016-5769 CONFIRM CONFIRM CONFIRM MLIST CONFIRM
php — php	Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096.	2016-08-07	7.5	CVE-2016-5770 CONFIRM CONFIRM MLIST CONFIRM
php — php	spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.	2016-08-07	7.5	CVE-2016-5771 CONFIRM CONFIRM MLIST CONFIRM
php — php	Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.	2016-08-07	7.5	CVE-2016-5772 CONFIRM CONFIRM CONFIRM MLIST CONFIRM
php — php	php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.	2016-08-07	7.5	CVE-2016-5773 CONFIRM CONFIRM CONFIRM MLIST CONFIRM
redhat — enterprise_linux_server	Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-4051.	2016-08-10	7.5	CVE-2016-5408 REDHAT
sap — hana	The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550.	2016-08-05	7.5	CVE-2016-6150 BID MISC MISC
siemens — sinema_server	Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors.	2016-08-07	7.2	CVE-2016-6486 CONFIRM MISC

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
adobe — experience_manager	Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, and 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2016-08-09	4.3	CVE-2016-4168 CONFIRM
adobe — experience_manager	Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain sensitive audit log event information via unspecified vectors.	2016-08-09	5.0	CVE-2016-4169 CONFIRM
adobe — experience_manager	Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2016-08-09	4.3	CVE-2016-4170 CONFIRM
adobe — experience_manager	The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to obtain sensitive information via unspecified vectors.	2016-08-09	5.0	CVE-2016-4253 CONFIRM
cisco — telepresence_video _communication_server	The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID CSCuv12531.	2016-08-07	6.5	CVE-2016-1468 CISCO
cisco — prime_infrastructure	Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a “cross-frame scripting (XFS)” issue, aka Bug ID CSCuw65846, a different vulnerability than CVE-2015-6434.	2016-08-07	4.3	CVE-2016-1474 CISCO
debian — debian_linux	The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move.	2016-08-06	4.6	CVE-2016-3070 CONFIRM CONFIRM CONFIRM CONFIRM
google — android	drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted mask value, aka Android internal bug 28749721 and Qualcomm internal bug CR511976.	2016-08-06	6.9	CVE-2014-9868 CONFIRM CONFIRM
google — android	The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28750155 and Qualcomm internal bug CR590721.	2016-08-06	6.8	CVE-2014-9872 CONFIRM CONFIRM
google — android	Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm internal bug CR556860.	2016-08-06	6.8	CVE-2014-9873 CONFIRM CONFIRM
google — android	Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mach-msm/qdsp6v2/audio_utils.c and sound/soc/msm/qdsp6v2/q6asm.c, aka Android internal bug 28751152 and Qualcomm internal bug CR563086.	2016-08-06	6.8	CVE-2014-9874 CONFIRM CONFIRM
google — android	drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal bug 28767589 and Qualcomm internal bug CR483310.	2016-08-06	6.8	CVE-2014-9875 CONFIRM CONFIRM
google — android	drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28767796 and Qualcomm internal bug CR483408.	2016-08-06	6.8	CVE-2014-9876 CONFIRM CONFIRM
google — android	drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28768281 and Qualcomm internal bug CR547231.	2016-08-06	6.8	CVE-2014-9877 CONFIRM CONFIRM
google — android	drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769208 and Qualcomm internal bug CR547479.	2016-08-06	6.8	CVE-2014-9878 CONFIRM CONFIRM
google — android	The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221 and Qualcomm internal bug CR524490.	2016-08-06	6.8	CVE-2014-9879 CONFIRM CONFIRM
google — android	drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769352 and Qualcomm internal bug CR556356.	2016-08-06	6.8	CVE-2014-9880 CONFIRM CONFIRM
google — android	drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application, aka Android internal bug 28769368 and Qualcomm internal bug CR539008.	2016-08-06	6.8	CVE-2014-9881 CONFIRM CONFIRM
google — android	Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546 and Qualcomm internal bug CR552329.	2016-08-06	6.8	CVE-2014-9882 CONFIRM CONFIRM CONFIRM
google — android	Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28769912 and Qualcomm internal bug CR565160.	2016-08-06	6.8	CVE-2014-9883 CONFIRM CONFIRM
google — android	drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769920 and Qualcomm internal bug CR580740.	2016-08-06	6.8	CVE-2014-9884 CONFIRM CONFIRM
google — android	Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug 28769959 and Qualcomm internal bug CR562261.	2016-08-06	6.8	CVE-2014-9885 CONFIRM CONFIRM
google — android	arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815575 and Qualcomm internal bug CR555030.	2016-08-06	6.8	CVE-2014-9886 CONFIRM CONFIRM
google — android	drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803645 and Qualcomm internal bug CR674712.	2016-08-06	6.8	CVE-2014-9889 CONFIRM CONFIRM
google — android	The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.	2016-08-06	4.3	CVE-2014-9892 CONFIRM CONFIRM
google — android	drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28747914 and Qualcomm internal bug CR542223.	2016-08-06	4.3	CVE-2014-9893 CONFIRM CONFIRM
google — android	drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a ” character, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28749708 and Qualcomm internal bug CR545736.	2016-08-06	4.3	CVE-2014-9894 CONFIRM CONFIRM
google — android	drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28750150 and Qualcomm internal bug CR570757, a different vulnerability than CVE-2014-1739.	2016-08-06	4.3	CVE-2014-9895 CONFIRM CONFIRM CONFIRM CONFIRM
google — android	drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28767593 and Qualcomm internal bug CR551795.	2016-08-06	4.3	CVE-2014-9896 CONFIRM CONFIRM
google — android	sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28769856 and Qualcomm internal bug CR563752.	2016-08-06	4.3	CVE-2014-9897 CONFIRM CONFIRM
google — android	arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28814690 and Qualcomm internal bug CR554575.	2016-08-06	4.3	CVE-2014-9898 CONFIRM CONFIRM
google — android	drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28803909 and Qualcomm internal bug CR547910.	2016-08-06	4.3	CVE-2014-9899 CONFIRM CONFIRM
google — android	The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754.	2016-08-06	4.3	CVE-2014-9900 CONFIRM CONFIRM
google — android	packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug 20918350.	2016-08-07	5.0	CVE-2015-3854 FULLDISC FULLDISC CONFIRM
google — android	drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803962 and Qualcomm internal bug CR770548.	2016-08-06	6.8	CVE-2015-8937 CONFIRM CONFIRM
google — android	drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815158 and Qualcomm internal bugs CR794217 and CR836226.	2016-08-06	6.8	CVE-2015-8943 CONFIRM CONFIRM
google — android	The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information by reading this file, aka Android internal bug 28814213 and Qualcomm internal bug CR786116. NOTE: the permissions may be intentional in most non-Android contexts.	2016-08-06	4.3	CVE-2015-8944 CONFIRM MLIST CONFIRM
google — android	The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Qualcomm internal bug CR1002974.	2016-08-05	6.9	CVE-2016-2504 CONFIRM
google — android	The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to gain privileges via a crafted application, aka internal bug 28815329.	2016-08-05	4.6	CVE-2016-3823 CONFIRM CONFIRM
google — android	omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the buffer port, which allows attackers to gain privileges via a crafted application, aka internal bug 28816827.	2016-08-05	4.6	CVE-2016-3824 CONFIRM CONFIRM
google — android	mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allocates an incorrect amount of memory, which allows attackers to gain privileges via a crafted application, aka internal bug 28816964.	2016-08-05	4.6	CVE-2016-3825 CONFIRM CONFIRM
google — android	services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the reply size for an AudioFlinger effect command, which allows attackers to gain privileges via a crafted application, aka internal bug 29251553.	2016-08-05	4.6	CVE-2016-3826 CONFIRM CONFIRM
google — android	The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device crash) via a NITZ time value of 2038-01-19 or later that is mishandled by the system clock, aka internal bug 29083635, related to a “Year 2038 problem.”	2016-08-05	5.0	CVE-2016-3831 CONFIRM CONFIRM
google — android	The camera APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allow attackers to bypass intended access restrictions and obtain sensitive information about ANW buffer addresses via a crafted application, aka internal bug 28466701.	2016-08-05	4.3	CVE-2016-3834 CONFIRM CONFIRM
google — android	The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 28920116.	2016-08-05	4.3	CVE-2016-3835 CONFIRM CONFIRM
google — android	The SurfaceFlinger service in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application, related to lack of a default constructor in include/ui/FrameStats.h, aka internal bug 28592402.	2016-08-05	4.3	CVE-2016-3836 CONFIRM CONFIRM
google — android	service/jni/com_android_server_wifi_WifiNative.cpp in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application that provides a MAC address with too few characters, aka internal bug 28164077.	2016-08-05	4.3	CVE-2016-3837 CONFIRM CONFIRM
google — android	Android 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of locked-screen 911 functionality) via a crafted application that uses the app-pinning feature, aka internal bug 28761672.	2016-08-05	4.3	CVE-2016-3838 CONFIRM CONFIRM
google — android	Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of Bluetooth 911 functionality) via a crafted application that sends a signal to a Bluetooth process, aka internal bug 28885210.	2016-08-05	4.3	CVE-2016-3839 CONFIRM CONFIRM
google — android	The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28871433.	2016-08-05	6.9	CVE-2016-3847 CONFIRM
google — android	The ION driver in Android before 2016-08-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28939740.	2016-08-05	6.9	CVE-2016-3849 CONFIRM
google — android	Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted header field in a boot image, aka Android internal bug 27917291 and Qualcomm internal bug CR945164.	2016-08-05	6.9	CVE-2016-3850 CONFIRM CONFIRM
google — android	The MediaTek Wi-Fi driver in Android before 2016-08-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29141147 and MediaTek internal bug ALPS02751738.	2016-08-05	4.3	CVE-2016-3852 CONFIRM
google — android	Google Play services in Android before 2016-08-05 on Nexus devices allow local users to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26803208.	2016-08-05	4.9	CVE-2016-3853 CONFIRM
google — android	drivers/media/video/msm/msm_mctl_buf.c in the Qualcomm components in Android before 2016-08-05 does not validate the image mode, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR897326.	2016-08-06	6.8	CVE-2016-3854 CONFIRM CONFIRM
google — android	drivers/thermal/supply_lm_core.c in the Qualcomm components in Android before 2016-08-05 does not validate a certain count parameter, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR990824.	2016-08-06	6.8	CVE-2016-3855 CONFIRM CONFIRM
google — android	netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR959631.	2016-08-06	6.8	CVE-2016-3856 CONFIRM CONFIRM CONFIRM
google — chrome	Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.	2016-08-07	6.8	CVE-2016-5139 CONFIRM CONFIRM CONFIRM
google — chrome	Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.cpp and ScopedPageLoadDeferrer.cpp.	2016-08-07	5.0	CVE-2016-5141 CONFIRM CONFIRM CONFIRM
google — chrome	Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.	2016-08-07	6.8	CVE-2016-5145 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
haxx — libcurl	curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.	2016-08-10	5.0	CVE-2016-5419 DEBIAN MISC
haxx — libcurl	curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.	2016-08-10	5.0	CVE-2016-5420 DEBIAN MISC
hp — release_control	HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and consequently obtain sensitive information or cause a denial of service, via unspecified vectors.	2016-08-07	4.0	CVE-2016-4374 CONFIRM
ibm — aix	IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors.	2016-08-07	4.3	CVE-2016-0266 AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR CONFIRM
ibm — vios	The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets.	2016-08-07	4.3	CVE-2016-0281 CONFIRM AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR
ibm — general_parallel_file_system	IBM General Parallel File System (GPFS) 3.5 before 3.5.0.29 efix 6 and 4.1.1 before 4.1.1.4 efix 9, when the Spectrum Scale GUI is used with DB2 on Linux, UNIX and Windows, allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by discovering ADMIN passwords.	2016-08-07	4.0	CVE-2016-0361 CONFIRM
ibm — rational_publishing_engine	Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by specifying an unexpected file extension.	2016-08-07	5.5	CVE-2016-2914 CONFIRM
ibm — websphere_application_server	IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages.	2016-08-07	4.3	CVE-2016-2960 AIXAPAR CONFIRM
ibm — connections_portlets	Open redirect vulnerability in the Connections Portlets component 5.x before 5.0.2 for IBM WebSphere Portal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.	2016-08-07	5.8	CVE-2016-2989 CONFIRM
ibm — filenet_workplace	Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0.2.14 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.	2016-08-07	4.9	CVE-2016-5878 CONFIRM
juniper — junos	Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to “safe mode” authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the “request system software” command with the “partition” option.	2016-08-05	6.9	CVE-2016-1278 CONFIRM BID SECTRACK
libgd — libgd	gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function.	2016-08-07	6.8	CVE-2013-7456 CONFIRM CONFIRM MLIST CONFIRM CONFIRM CONFIRM
libgd — libgd	gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.	2016-08-07	6.4	CVE-2016-5116 DEBIAN MLIST CONFIRM CONFIRM
libgd — libgd	Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.	2016-08-07	6.8	CVE-2016-5766 CONFIRM CONFIRM CONFIRM DEBIAN MLIST CONFIRM CONFIRM
libgd — libgd	Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions.	2016-08-07	6.8	CVE-2016-5767 CONFIRM CONFIRM CONFIRM MLIST CONFIRM
libgd — libgd	The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.	2016-08-07	5.0	CVE-2016-6128 DEBIAN MLIST CONFIRM CONFIRM CONFIRM CONFIRM
libgd — libgd	The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.	2016-08-12	4.3	CVE-2016-6132 DEBIAN MLIST MLIST BID CONFIRM CONFIRM
libgd — libgd	The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.	2016-08-12	4.3	CVE-2016-6161 DEBIAN MLIST MLIST CONFIRM
libgd — libgd	Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.	2016-08-12	4.3	CVE-2016-6207 MISC DEBIAN BUGTRAQ SECTRACK CONFIRM CONFIRM MISC
libgd — libgd	gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.	2016-08-12	4.3	CVE-2016-6214 DEBIAN MLIST MLIST CONFIRM CONFIRM CONFIRM
linux — linux_kernel	Memory leak in the airspy_probe function in drivers/media/usb/airspy/airspy.c in the airspy USB driver in the Linux kernel before 4.7 allows local users to cause a denial of service (memory consumption) via a crafted USB device that emulates many VFL_TYPE_SDR or VFL_TYPE_SUBDEV devices and performs many connect and disconnect operations.	2016-08-06	4.9	CVE-2016-5400 CONFIRM MLIST CONFIRM CONFIRM
linux — linux_kernel	net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack.	2016-08-06	4.3	CVE-2016-5696 CONFIRM MLIST MISC CONFIRM CONFIRM
linux — linux_kernel	net/core/skbuff.c in the Linux kernel 4.7-rc6 allows local users to cause a denial of service (panic) or possibly have unspecified other impact via certain IPv6 socket operations.	2016-08-06	4.6	CVE-2016-6162 MLIST CONFIRM
linux — linux_kernel	fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink.	2016-08-06	4.9	CVE-2016-6197 CONFIRM MLIST CONFIRM CONFIRM
linux — linux_kernel	The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c.	2016-08-06	4.9	CVE-2016-6198 CONFIRM CONFIRM CONFIRM MLIST CONFIRM CONFIRM CONFIRM
linux — linux_kernel	Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a “double fetch” vulnerability.	2016-08-06	4.7	CVE-2016-6480 BUGTRAQ CONFIRM
linux — linux_kernel	Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (heap-based buffer overflow) or possibly gain privileges by changing a certain count value, aka a “double fetch” vulnerability.	2016-08-06	4.4	CVE-2016-6516 CONFIRM MLIST CONFIRM CONFIRM
microsoft — windows_10	Kerberos in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows man-in-the-middle attackers to bypass authentication via vectors related to a fallback to NTLM authentication during a domain account password change, aka “Kerberos Security Feature Bypass Vulnerability.”	2016-08-09	6.9	CVE-2016-3237 MS
microsoft — windows_10	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to hijack network traffic or bypass intended Enhanced Protected Mode (EPM) or application container protection mechanisms, and consequently render untrusted content in a browser, by leveraging how NetBIOS validates responses, aka “NetBIOS Spoofing Vulnerability.”	2016-08-09	4.3	CVE-2016-3299 MS
microsoft — windows_10	ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attackers to discover credentials by leveraging failure of Universal Outlook to obtain a secure connection, aka “Universal Outlook Information Disclosure Vulnerability.”	2016-08-09	5.0	CVE-2016-3312 MS
microsoft — onenote	Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka “Microsoft OneNote Information Disclosure Vulnerability.”	2016-08-09	4.3	CVE-2016-3315 MS
microsoft — windows_10	Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protection mechanism by leveraging (1) administrative or (2) physical access to install a crafted boot manager, aka “Secure Boot Security Feature Bypass.”	2016-08-09	4.0	CVE-2016-3320 MS
php — php	The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.	2016-08-07	4.3	CVE-2015-8935 MLIST CONFIRM CONFIRM
php — php	sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer overflow) via a long string, as demonstrated by a long URI in a configuration with custom REQUEST_URI logging.	2016-08-07	6.4	CVE-2016-5114 CONFIRM CONFIRM CONFIRM MLIST MISC CONFIRM
sap — hana	The SQL interface in SAP HANA provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailed_error_on_connect option is not supported or is configured as “False,” which allows remote attackers to enumerate database users via a series of login attempts, aka SAP Security Note 2216869.	2016-08-05	5.0	CVE-2016-6145 MISC MISC
sophos — mobile_control_eas_proxy	Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the resource, aka an Open Reverse Proxy vulnerability.	2016-08-10	5.0	CVE-2016-6597 BUGTRAQ BID MISC
vmware — fusion	Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.	2016-08-07	4.4	CVE-2016-5330 CONFIRM
vmware — vcenter_server	CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.	2016-08-07	4.3	CVE-2016-5331 CONFIRM
wireshark — wireshark	epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.	2016-08-07	4.3	CVE-2016-5350 MLIST CONFIRM CONFIRM
wireshark — wireshark	epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.	2016-08-07	4.3	CVE-2016-5351 MLIST CONFIRM CONFIRM CONFIRM
wireshark — wireshark	epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.	2016-08-07	4.3	CVE-2016-5352 MLIST CONFIRM CONFIRM CONFIRM
wireshark — wireshark	epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.	2016-08-07	4.3	CVE-2016-5353 MLIST CONFIRM CONFIRM CONFIRM
wireshark — wireshark	The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.	2016-08-07	4.3	CVE-2016-5354 MLIST CONFIRM CONFIRM CONFIRM
wireshark — wireshark	wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.	2016-08-07	4.3	CVE-2016-5355 MLIST CONFIRM CONFIRM CONFIRM CONFIRM
wireshark — wireshark	wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.	2016-08-07	4.3	CVE-2016-5356 MLIST CONFIRM CONFIRM CONFIRM CONFIRM
wireshark — wireshark	wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.	2016-08-07	4.3	CVE-2016-5357 MLIST CONFIRM CONFIRM CONFIRM CONFIRM
wireshark — wireshark	epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.	2016-08-07	4.3	CVE-2016-5358 MLIST CONFIRM CONFIRM CONFIRM
wireshark — wireshark	epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted packet.	2016-08-07	4.3	CVE-2016-5359 MLIST CONFIRM CONFIRM CONFIRM
wireshark — wireshark	The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.	2016-08-06	4.3	CVE-2016-6503 MLIST CONFIRM CONFIRM CONFIRM
wireshark — wireshark	epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.	2016-08-06	4.3	CVE-2016-6504 MLIST CONFIRM CONFIRM CONFIRM
wireshark — wireshark	epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.	2016-08-06	4.3	CVE-2016-6505 MLIST CONFIRM CONFIRM CONFIRM
wireshark — wireshark	epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.	2016-08-06	4.3	CVE-2016-6506 MLIST CONFIRM CONFIRM CONFIRM
wireshark — wireshark	epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.	2016-08-06	4.3	CVE-2016-6507 MLIST CONFIRM CONFIRM CONFIRM
wireshark — wireshark	epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet.	2016-08-06	4.3	CVE-2016-6508 MLIST CONFIRM CONFIRM CONFIRM
wireshark — wireshark	epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 mishandles conversations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.	2016-08-06	4.3	CVE-2016-6509 MLIST CONFIRM CONFIRM CONFIRM
wireshark — wireshark	Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.	2016-08-06	4.3	CVE-2016-6510 MLIST CONFIRM CONFIRM CONFIRM
wireshark — wireshark	epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large loop) via a crafted packet.	2016-08-06	4.3	CVE-2016-6511 MLIST CONFIRM CONFIRM CONFIRM
wireshark — wireshark	epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors.	2016-08-06	4.3	CVE-2016-6512 MLIST CONFIRM CONFIRM CONFIRM
wireshark — wireshark	epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.	2016-08-06	4.3	CVE-2016-6513 MLIST CONFIRM CONFIRM CONFIRM
wordpress — wordpress	WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.	2016-08-07	5.0	CVE-2016-4029 CONFIRM MISC
wordpress — wordpress	Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2016-08-07	4.3	CVE-2016-6634 CONFIRM MISC
wordpress — wordpress	Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option.	2016-08-07	6.8	CVE-2016-6635 CONFIRM CONFIRM

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
apache — activemq	The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue.	2016-08-05	3.5	CVE-2016-0782 CONFIRM MISC BUGTRAQ CONFIRM
ibm — information_server_framework	Cross-site scripting (XSS) vulnerability in IBM Information Server Framework 8.5, Information Server Framework and InfoSphere Information Server Business Glossary 8.7 before FP2, Information Server Framework and InfoSphere Information Server Business Glossary 9.1 before 9.1.2.0, Information Server Framework and InfoSphere Information Governance Catalog 11.3 before 11.3.1.2, and Information Server Framework and InfoSphere Information Governance Catalog 11.5 before 11.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.	2016-08-07	3.5	CVE-2016-0280 AIXAPAR CONFIRM
ibm — sterling_connect_direct_for_unix	IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via standard filesystem operations.	2016-08-07	2.1	CVE-2016-0380 AIXAPAR CONFIRM
ibm — rational_publishing_engine	Cross-site scripting (XSS) vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.	2016-08-07	3.5	CVE-2016-2912 CONFIRM
ibm — websphere_portal	Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.	2016-08-07	3.5	CVE-2016-2925 AIXAPAR CONFIRM
ibm — filenet_workplace	Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace 4.0.2 allows remote authenticated users to inject arbitrary web script or HTML by uploading a file.	2016-08-07	3.5	CVE-2016-3054 CONFIRM
ibm — tivoli_storage_flashcopy_manager_for_sql_server	IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka IBM Spectrum Protect for Databases) 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server (aka IBM Spectrum Protect Snapshot) 3.1 before 3.1.1.7 and 3.2 before 3.2.1.9 allow local users to discover a cleartext SQL Server password by reading the Task List in the MMC GUI.	2016-08-07	2.1	CVE-2016-3059 CONFIRM
linux — linux_kernel	Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a “double fetch” vulnerability.	2016-08-06	1.9	CVE-2016-6136 CONFIRM BUGTRAQ CONFIRM CONFIRM CONFIRM CONFIRM
linux — linux_kernel	Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a “double fetch” vulnerability.	2016-08-06	1.9	CVE-2016-6156 CONFIRM BUGTRAQ MISC CONFIRM CONFIRM
microsoft — internet_explorer	Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka “Internet Explorer Information Disclosure Vulnerability.”	2016-08-09	1.9	CVE-2016-3321 FULLDISC BUGTRAQ MS MISC
microsoft — edge	Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka “Microsoft Browser Information Disclosure Vulnerability,” a different vulnerability than CVE-2016-3327.	2016-08-09	2.6	CVE-2016-3326 MS MS
microsoft — edge	Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka “Microsoft Browser Information Disclosure Vulnerability,” a different vulnerability than CVE-2016-3326.	2016-08-09	2.6	CVE-2016-3327 MS MS
microsoft — edge	Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to determine the existence of files via a crafted webpage, aka “Internet Explorer Information Disclosure Vulnerability.”	2016-08-09	2.6	CVE-2016-3329 MS MS
pivotal_software — redis	linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.	2016-08-10	2.1	CVE-2013-7458 DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
sap — hana_db	The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905.	2016-08-05	2.1	CVE-2016-3640 BID MISC MISC MISC
sap — hana_sps09	SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging the EXPORT statement to export files, aka SAP Security Note 2252941.	2016-08-05	2.1	CVE-2016-6149 BID MISC MISC

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
sap — sapcar	SAP SAPCAR allows local users to change the permissions of arbitrary files and consequently gain privileges via a hard link attack on files extracted from an archive, possibly related to SAP Security Note 2327384.	2016-08-12	Not yet calculated	CVE-2016-5847 MISC FULLDISC BUGTRAQ BID MISC
sap — sapcar	SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attackers to cause a denial of service (program crash) via an invalid file name in an archive file, aka SAP Security Note 2312905.	2016-08-12	Not yet calculated	CVE-2016-5845 MISC FULLDISC BUGTRAQ BID MISC MISC
scientific_linux — fontconfig	fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.	2016-08-12	Not yet calculated	CVE-2016-5384 DEBIAN CONFIRM FEDORA MLIST

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Cisco Releases Security Update

August 12, 2016 007admin Leave a comment

Original release date: August 12, 2016

Cisco has released a security update to address a vulnerability in its IOS XR Software for ASR 9001 Aggregation Services Routers. Exploitation of this vulnerability could allow an remote attacker to cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Microsoft Releases August 2016 Security Bulletin

August 9, 2016 007admin Leave a comment

Original release date: August 09, 2016

Microsoft has released nine updates to address vulnerabilities in Microsoft software. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review Microsoft Security Bulletins MS16-095 through MS16-103 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

SB16-221: Vulnerability Summary for the Week of August 1, 2016

August 8, 2016 007admin Leave a comment

Original release date: August 08, 2016

High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
atlassian — bamboo	Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization.	2016-08-02	7.5	CVE-2016-5229 MISC BUGTRAQ BID CONFIRM CONFIRM
citrix — xenserver	The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.	2016-08-02	7.2	CVE-2016-6258 CONFIRM BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM
crestron — airmedia_am-100_firmware	Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the ATE_COMMAND parameter.	2016-08-02	10.0	CVE-2016-5640 CERT-VN MISC
crestron — dm-txrx-100-str_firmware	Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to a page other than index.html.	2016-08-02	7.5	CVE-2016-5667 CERT-VN
crestron — dm-txrx-100-str_firmware	Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call.	2016-08-02	7.5	CVE-2016-5668 CERT-VN
crestron — dm-txrx-100-str_firmware	Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface.	2016-08-02	10.0	CVE-2016-5670 CERT-VN
ec-cube — coupon_plugin	SQL injection vulnerability in the Seed Coupon plugin before 1.6 for EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors.	2016-07-31	7.5	CVE-2016-4837 JVN JVNDB CONFIRM
hp — operations_manager	The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.	2016-07-31	7.5	CVE-2016-4373 CONFIRM
huawei — cloudengine_12800_firmware	Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with software before V800R007SPH019; NE5000E devices with software before V800R006SPH018; and CloudEngine devices 12800 with software before V100R003SPH010 and V100R005 before V100R005SPH006 allow remote attackers with control plane access to cause a denial of service or execute arbitrary code via a crafted packet.	2016-08-02	7.5	CVE-2016-6178 CONFIRM BID
huawei — p8_smartphone_firmware	Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6193.	2016-08-02	9.3	CVE-2016-6192 CONFIRM BID
huawei — p8_smartphone_firmware	Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6192.	2016-08-02	9.3	CVE-2016-6193 CONFIRM BID
mozilla — firefox	Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by leveraging keyboard access to use the Alt key during selection of top-level menu items.	2016-08-04	7.5	CVE-2016-5254 CONFIRM CONFIRM
mozilla — firefox	Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering.	2016-08-04	7.5	CVE-2016-5261 CONFIRM CONFIRM
novell — filr	vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer parameter.	2016-07-31	9.0	CVE-2016-1608 BUGTRAQ CONFIRM CONFIRM CONFIRM
novell — filr	Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file’s content with arbitrary shell commands.	2016-07-31	7.2	CVE-2016-1611 BUGTRAQ CONFIRM
paloaltonetworks — pan-os	Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper sanitization of the root_reboot local invocation.	2016-08-02	7.2	CVE-2016-1712 CONFIRM SECTRACK
perl — perl	(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.	2016-08-02	7.2	CVE-2016-1238 CONFIRM DEBIAN MLIST BID SECTRACK CONFIRM
pulsesecure — odyssey_access_client	An unspecified client-side component in Pulse Secure Desktop Client before 5.0r15.1, 5.1rX before 5.1r9.1, and 5.2rX before 5.2r4.1; Installer Service (formerly Juniper Installer Service) and Collaboration (formerly Secure Meeting) before 8.0r15.1, 8.1rX before 8.1r9.1, and 8.2rX before 8.2r4.1; and Odyssey Access Client before 5.6r18 on Windows allows local users to gain administrative privileges via unknown vectors.	2016-08-02	7.2	CVE-2016-2408 CONFIRM
redhat — jboss_operations_network	The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization.	2016-08-02	9.0	CVE-2016-3737 REDHAT CONFIRM
sap — trex	Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.	2016-08-05	10.0	CVE-2016-6138 MISC BID MISC MISC MISC
sap — trex	SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.	2016-08-05	7.6	CVE-2016-6139 BID MISC MISC
sap — trex	SAP TREX 7.10 Revision 63 allows remote attackers to write to arbitrary files via vectors related to RFC-Gateway, aka SAP Security Note 2203591.	2016-08-05	7.6	CVE-2016-6140 BID MISC MISC
sap — trex	An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226.	2016-08-05	10.0	CVE-2016-6147 BID MISC MISC

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
apache — openoffice	The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP file.	2016-08-05	6.8	CVE-2016-1513 CONFIRM BID MISC MISC
apache — poi	The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.	2016-08-05	4.3	CVE-2016-5000 BUGTRAQ MLIST
cisca — email_security_appliance	Cisco AsyncOS on Email Security Appliance (ESA) devices through 9.7.0-125 allows remote attackers to bypass malware detection via a crafted attachment in an e-mail message, aka Bug ID CSCuz14932.	2016-07-31	5.0	CVE-2016-1461 CISCO
citrix — xenserver	Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.	2016-08-02	4.9	CVE-2016-6259 CONFIRM BID SECTRACK CONFIRM CONFIRM CONFIRM
crestron — airmedia_am-100_firmware	Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter.	2016-08-02	5.0	CVE-2016-5639 CERT-VN MISC
crestron — dm-txrx-100-str_firmware	Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of objresp.authenabled to 1.	2016-08-02	5.0	CVE-2016-5666 CERT-VN
crestron — dm-txrx-100-str_firmware	Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attacks against HTTPS sessions by leveraging the certificate’s trust relationship.	2016-08-02	5.0	CVE-2016-5669 CERT-VN
crestron — dm-txrx-100-str_firmware	Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of arbitrary users.	2016-08-02	6.8	CVE-2016-5671 CERT-VN
djangoproject — django	Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.	2016-08-05	4.3	CVE-2016-6186 MISC FULLDISC DEBIAN BUGTRAQ SECTRACK UBUNTU MISC CONFIRM CONFIRM CONFIRM
google — chrome	Integer overflow in the kbasep_vinstr_attach_client function in midgard/mali_kbase_vinstr.c in Google Chrome before 52.0.2743.85 allows remote attackers to cause a denial of service (heap-based buffer overflow and use-after-free) by leveraging an unrestricted multiplication.	2016-07-31	6.8	CVE-2016-5138 CONFIRM CONFIRM MISC
intel — crosswalk	Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user’s acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for man-in-the-middle attackers to spoof SSL servers and obtain sensitive information via a crafted certificate.	2016-07-31	5.8	CVE-2016-5672 CERT-VN CONFIRM MISC MLIST MISC
kde — karchives	Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.	2016-08-02	5.0	CVE-2016-6232 MLIST MLIST UBUNTU CONFIRM CONFIRM
mit — kerberos	The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.	2016-07-31	4.0	CVE-2016-3120 CONFIRM CONFIRM CONFIRM CONFIRM
mozilla — firefox	Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses.	2016-08-04	4.3	CVE-2016-2830 CONFIRM CONFIRM
mozilla — firefox	Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.	2016-08-04	6.8	CVE-2016-2835 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
mozilla — firefox	Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors.	2016-08-04	6.8	CVE-2016-2836 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
mozilla — firefox	Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass.	2016-08-04	6.8	CVE-2016-2837 CONFIRM CONFIRM
mozilla — firefox	Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document.	2016-08-04	6.8	CVE-2016-2838 CONFIRM CONFIRM
mozilla — firefox	Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video.	2016-08-04	4.3	CVE-2016-2839 CONFIRM CONFIRM
mozilla — firefox	Mozilla Firefox before 48.0 allows remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.	2016-08-04	5.0	CVE-2016-5250 CONFIRM CONFIRM
mozilla — firefox	Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL.	2016-08-04	4.3	CVE-2016-5251 CONFIRM CONFIRM
mozilla — firefox	Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations.	2016-08-04	6.8	CVE-2016-5252 CONFIRM CONFIRM
mozilla — firefox	The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link.	2016-08-04	4.7	CVE-2016-5253 CONFIRM CONFIRM
mozilla — firefox	Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.	2016-08-04	6.8	CVE-2016-5255 CONFIRM CONFIRM
mozilla — firefox	Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session.	2016-08-04	6.8	CVE-2016-5258 CONFIRM CONFIRM
mozilla — firefox	Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop.	2016-08-04	6.8	CVE-2016-5259 CONFIRM CONFIRM
mozilla — firefox	Mozilla Firefox before 48.0 mishandles changes from ‘INPUT type=”password”‘ to ‘INPUT type=”text”‘ within a single Session Manager session, which might allow attackers to discover cleartext passwords by reading a session restoration file.	2016-08-04	4.3	CVE-2016-5260 CONFIRM CONFIRM
mozilla — firefox	Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox=”allow-scripts” attribute value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.	2016-08-04	4.3	CVE-2016-5262 CONFIRM CONFIRM
mozilla — firefox	The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages “type confusion.”	2016-08-04	6.8	CVE-2016-5263 CONFIRM CONFIRM
mozilla — firefox	Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application.	2016-08-04	6.8	CVE-2016-5264 CONFIRM CONFIRM
mozilla — firefox	Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same local directory.	2016-08-04	4.0	CVE-2016-5265 CONFIRM CONFIRM
mozilla — firefox	Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site.	2016-08-04	5.8	CVE-2016-5266 CONFIRM CONFIRM
mozilla — firefox	Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set.	2016-08-04	4.3	CVE-2016-5267 CONFIRM CONFIRM
mozilla — firefox	Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to conduct spoofing attacks via a crafted URL, as demonstrated by misleading text after an about:neterror?d= substring.	2016-08-04	4.3	CVE-2016-5268 CONFIRM CONFIRM
netiq — sentinel	Directory traversal vulnerability in the ReportViewServlet servlet in the server in NetIQ Sentinel 7.4.x before 7.4.2 allows remote attackers to read arbitrary files via a PREVIEW value for the fileType field.	2016-07-31	6.8	CVE-2016-1605 MISC CONFIRM
nofollow_links_project — nofollow_links	Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin before 1.0.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2016-08-02	4.3	CVE-2016-4833 JVN JVNDB CONFIRM
novell — filr	Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request.	2016-07-31	6.5	CVE-2016-1607 BUGTRAQ CONFIRM CONFIRM
novell — filr	Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access restrictions and write to arbitrary files via a .. (dot dot) in a blob name.	2016-07-31	5.0	CVE-2016-1610 BUGTRAQ CONFIRM CONFIRM CONFIRM
openssl — openssl	The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the “openssl ts” command.	2016-07-31	5.0	CVE-2016-2180 CONFIRM CONFIRM
perl — perl	The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.	2016-08-02	4.6	CVE-2016-6185 CONFIRM DEBIAN MLIST MLIST SECTRACK FEDORA FEDORA FEDORA CONFIRM
qemu — qemu	The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.	2016-08-02	4.9	CVE-2016-5403 CONFIRM CONFIRM
redhat — network_satellite	Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via the (1) RHNMD User or (2) Filesystem parameters, related to display of monitoring probes.	2016-08-05	4.3	CVE-2016-3080 REDHAT CONFIRM
redhat — network_satellite	Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data.	2016-08-05	4.3	CVE-2016-3097 REDHAT CONFIRM
redhat — openshift	The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list.	2016-08-05	6.8	CVE-2016-5392 BID REDHAT CONFIRM
sap — hana	The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the password_lock_for_system_user is not supported or is configured as “False,” which makes it easier for remote attackers to bypass authentication via a brute force attack, aka SAP Security Note 2216869.	2016-08-05	4.3	CVE-2016-6144 BID MISC MISC
sap — hana	SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 2233136.	2016-08-05	5.0	CVE-2016-6148 BID MISC MISC
vtiger — crm	modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors.	2016-07-31	5.5	CVE-2016-4834 CONFIRM JVN JVNDB

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
dell — km714_firmware	The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a “KeyJack injection attack.”	2016-08-02	3.3	CVE-2016-6257 MISC CONFIRM MISC
fortinet — fortianalyzer_firmware	Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.2.6 and FortiManager 5.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section.	2016-08-05	3.5	CVE-2016-3196 CONFIRM
novell — filr	Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input, as demonstrated by a crafted attribute of an IMG element in the phone field of a user profile.	2016-07-31	3.5	CVE-2016-1609 BUGTRAQ CONFIRM CONFIRM CONFIRM
openshift — origin	openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the –credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal.	2016-08-05	1.9	CVE-2015-8945 MLIST MLIST BID CONFIRM

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
apache — activemq	The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue.	2016-08-05	Not yet calculated	CVE-2016-0782 CONFIRM MISC BUGTRAQ CONFIRM
dashbuilder — sql_injection	SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI.	2016-08-05	Not yet calculated	CVE-2016-4999 BID REDHAT REDHAT CONFIRM CONFIRM CONFIRM
google — android	Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and Qualcomm internal bug CR792367.	2016-08-06	Not yet calculated	CVE-2015-8940 CONFIRM CONFIRM
google — android	drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal bug 28767589 and Qualcomm internal bug CR483310.	2016-08-06	Not yet calculated	CVE-2014-9875 CONFIRM CONFIRM
google — android	Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28769912 and Qualcomm internal bug CR565160.	2016-08-06	Not yet calculated	CVE-2014-9883 CONFIRM CONFIRM
google — android	drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749629 and Qualcomm internal bug CR514702.	2016-08-06	Not yet calculated	CVE-2014-9867 CONFIRM CONFIRM
google — android	drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28748271 and Qualcomm internal bug CR550013.	2016-08-06	Not yet calculated	CVE-2014-9865 CONFIRM CONFIRM
google — android	drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749728 and Qualcomm internal bug CR514711.	2016-08-06	Not yet calculated	CVE-2014-9869 CONFIRM CONFIRM CONFIRM
google — android	drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747998 and Qualcomm internal bug CR561841.	2016-08-06	Not yet calculated	CVE-2014-9864 CONFIRM CONFIRM
google — android	drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769920 and Qualcomm internal bug CR580740.	2016-08-06	Not yet calculated	CVE-2014-9884 CONFIRM CONFIRM
google — android	drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747684 and Qualcomm internal bug CR511358.	2016-08-06	Not yet calculated	CVE-2014-9866 CONFIRM CONFIRM
google — android	Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug 28769959 and Qualcomm internal bug CR562261.	2016-08-06	Not yet calculated	CVE-2014-9885 CONFIRM CONFIRM
google — android	The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221 and Qualcomm internal bug CR524490.	2016-08-06	Not yet calculated	CVE-2014-9879 CONFIRM CONFIRM
google — android	drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769352 and Qualcomm internal bug CR556356.	2016-08-06	Not yet calculated	CVE-2014-9880 CONFIRM CONFIRM
google — android	omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the buffer port, which allows attackers to gain privileges via a crafted application, aka internal bug 28816827.	2016-08-05	Not yet calculated	CVE-2016-3824 CONFIRM CONFIRM
google — android	drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769208 and Qualcomm internal bug CR547479.	2016-08-06	Not yet calculated	CVE-2014-9878 CONFIRM CONFIRM
google — android	drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28768281 and Qualcomm internal bug CR547231.	2016-08-06	Not yet calculated	CVE-2014-9877 CONFIRM CONFIRM
google — android	arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815575 and Qualcomm internal bug CR555030.	2016-08-06	Not yet calculated	CVE-2014-9886 CONFIRM CONFIRM
google — android	Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546 and Qualcomm internal bug CR552329.	2016-08-06	Not yet calculated	CVE-2014-9882 CONFIRM CONFIRM CONFIRM
google — android	drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application, aka Android internal bug 28769368 and Qualcomm internal bug CR539008.	2016-08-06	Not yet calculated	CVE-2014-9881 CONFIRM CONFIRM
google — android	Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mach-msm/qdsp6v2/audio_utils.c and sound/soc/msm/qdsp6v2/q6asm.c, aka Android internal bug 28751152 and Qualcomm internal bug CR563086.	2016-08-06	Not yet calculated	CVE-2014-9874 CONFIRM CONFIRM
google — android	Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm internal bug CR556860.	2016-08-06	Not yet calculated	CVE-2014-9873 CONFIRM CONFIRM
google — android	drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28398884 and Qualcomm internal bug CR779021.	2016-08-06	Not yet calculated	CVE-2015-8939 CONFIRM CONFIRM
google — android	drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28767593 and Qualcomm internal bug CR551795.	2016-08-06	Not yet calculated	CVE-2014-9896 CONFIRM CONFIRM
google — android	drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803962 and Qualcomm internal bug CR770548.	2016-08-06	Not yet calculated	CVE-2015-8937 CONFIRM CONFIRM
google — android	drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28747914 and Qualcomm internal bug CR542223.	2016-08-06	Not yet calculated	CVE-2014-9893 CONFIRM CONFIRM
google — android	drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803645 and Qualcomm internal bug CR674712.	2016-08-06	Not yet calculated	CVE-2014-9889 CONFIRM CONFIRM
google — android	drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a ” character, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28749708 and Qualcomm internal bug CR545736.	2016-08-06	Not yet calculated	CVE-2014-9894 CONFIRM CONFIRM
google — android	drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted application that makes an ioctl call, aka Android internal bug 28749283 and Qualcomm internal bug CR550061.	2016-08-06	Not yet calculated	CVE-2014-9891 CONFIRM CONFIRM
google — android	Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that sends an I2C command, aka Android internal bug 28770207 and Qualcomm internal bug CR529177.	2016-08-06	Not yet calculated	CVE-2014-9890 CONFIRM CONFIRM
google — android	The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804030 and Qualcomm internal bug CR766022.	2016-08-06	Not yet calculated	CVE-2015-8938 CONFIRM CONFIRM
google — android	Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management frame, aka Android internal bug 28668638 and Qualcomm internal bugs CR553937 and CR553941.	2016-08-05	Not yet calculated	CVE-2014-9902 CONFIRM CONFIRM
google — android	drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804057 and Qualcomm internal bug CR636633.	2016-08-06	Not yet calculated	CVE-2014-9887 CONFIRM CONFIRM
google — android	Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28749803 and Qualcomm internal bug CR514717.	2016-08-06	Not yet calculated	CVE-2014-9871 CONFIRM CONFIRM
google — android	The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28750155 and Qualcomm internal bug CR590721.	2016-08-06	Not yet calculated	CVE-2014-9872 CONFIRM CONFIRM
google — android	drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28767796 and Qualcomm internal bug CR483408.	2016-08-06	Not yet calculated	CVE-2014-9876 CONFIRM CONFIRM
google — android	drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28803909 and Qualcomm internal bug CR547910.	2016-08-06	Not yet calculated	CVE-2014-9899 CONFIRM CONFIRM
google — android	The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android internal bug 28670333 and Qualcomm internal bug CR548711.	2016-08-05	Not yet calculated	CVE-2014-9901 CONFIRM CONFIRM
google — android	sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28769856 and Qualcomm internal bug CR563752.	2016-08-06	Not yet calculated	CVE-2014-9897 CONFIRM CONFIRM
google — android	arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28814690 and Qualcomm internal bug CR554575.	2016-08-06	Not yet calculated	CVE-2014-9898 CONFIRM CONFIRM
google — android	drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814502 and Qualcomm internal bug CR792473.	2016-08-06	Not yet calculated	CVE-2015-8941 CONFIRM CONFIRM
google — android	drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted mask value, aka Android internal bug 28749721 and Qualcomm internal bug CR511976.	2016-08-06	Not yet calculated	CVE-2014-9868 CONFIRM CONFIRM
google — android	drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814652 and Qualcomm internal bug CR803246.	2016-08-06	Not yet calculated	CVE-2015-8942 CONFIRM CONFIRM
google — android	drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815158 and Qualcomm internal bugs CR794217 and CR836226.	2016-08-06	Not yet calculated	CVE-2015-8943 CONFIRM CONFIRM
google — android	services/core/java/com/android/server/pm/PackageManagerService.java in the framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to increase intent-filter priority via a crafted application, aka internal bug 27450489.	2016-08-05	Not yet calculated	CVE-2016-2497 CONFIRM CONFIRM
google — android	exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315.	2016-08-05	Not yet calculated	CVE-2016-3822 CONFIRM CONFIRM
google — android	The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Qualcomm internal bug CR1002974.	2016-08-05	Not yet calculated	CVE-2016-2504 CONFIRM
google — android	Integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28533562.	2016-08-05	Not yet calculated	CVE-2016-3819 CONFIRM CONFIRM
google — android	The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 mishandles slice numbers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28673410.	2016-08-05	Not yet calculated	CVE-2016-3820 CONFIRM CONFIRM
google — android	libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference or memory corruption) via a crafted media file, aka internal bug 28166152.	2016-08-05	Not yet calculated	CVE-2016-3821 CONFIRM CONFIRM
google — android	The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 28920116.	2016-08-05	Not yet calculated	CVE-2016-3835 CONFIRM CONFIRM
google — android	The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device crash) via a NITZ time value of 2038-01-19 or later that is mishandled by the system clock, aka internal bug 29083635, related to a “Year 2038 problem.”	2016-08-05	Not yet calculated	CVE-2016-3831 CONFIRM CONFIRM
google — android	Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug CR549470.	2016-08-06	Not yet calculated	CVE-2014-9863 CONFIRM CONFIRM
google — android	codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28816956.	2016-08-05	Not yet calculated	CVE-2016-3827 CONFIRM CONFIRM
google — android	The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 does not initialize certain structure members, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29023649.	2016-08-05	Not yet calculated	CVE-2016-3829 CONFIRM CONFIRM
google — android	mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28299517.	2016-08-05	Not yet calculated	CVE-2016-3844 CONFIRM
google — android	services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the reply size for an AudioFlinger effect command, which allows attackers to gain privileges via a crafted application, aka internal bug 29251553.	2016-08-05	Not yet calculated	CVE-2016-3826 CONFIRM CONFIRM
google — android	codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device hang or reboot) via crafted ADTS data, aka internal bug 29153599.	2016-08-05	Not yet calculated	CVE-2016-3830 CONFIRM CONFIRM
google — android	The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka internal bug 29189712.	2016-08-05	Not yet calculated	CVE-2016-3833 CONFIRM CONFIRM CONFIRM
google — android	The camera APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allow attackers to bypass intended access restrictions and obtain sensitive information about ANW buffer addresses via a crafted application, aka internal bug 28466701.	2016-08-05	Not yet calculated	CVE-2016-3834 CONFIRM CONFIRM
google — android	The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows attackers to bypass an unspecified protection mechanism via a crafted application, aka internal bug 28795098.	2016-08-05	Not yet calculated	CVE-2016-3832 CONFIRM CONFIRM
google — android	The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to gain privileges via a crafted application, aka internal bug 28815329.	2016-08-05	Not yet calculated	CVE-2016-3823 CONFIRM CONFIRM
google — android	decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS NAL units, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28835995.	2016-08-05	Not yet calculated	CVE-2016-3828 CONFIRM CONFIRM
google — android	Android 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of locked-screen 911 functionality) via a crafted application that uses the app-pinning feature, aka internal bug 28761672.	2016-08-05	Not yet calculated	CVE-2016-3838 CONFIRM CONFIRM
google — android	Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of Bluetooth 911 functionality) via a crafted application that sends a signal to a Bluetooth process, aka internal bug 28885210.	2016-08-05	Not yet calculated	CVE-2016-3839 CONFIRM CONFIRM
google — android	The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28871433.	2016-08-05	Not yet calculated	CVE-2016-3847 CONFIRM
google — android	service/jni/com_android_server_wifi_WifiNative.cpp in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application that provides a MAC address with too few characters, aka internal bug 28164077.	2016-08-05	Not yet calculated	CVE-2016-3837 CONFIRM CONFIRM
google — android	Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153.	2016-08-05	Not yet calculated	CVE-2016-3840 CONFIRM CONFIRM
google — android	The SurfaceFlinger service in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application, related to lack of a default constructor in include/ui/FrameStats.h, aka internal bug 28592402.	2016-08-05	Not yet calculated	CVE-2016-3836 CONFIRM CONFIRM
google — android	The video driver in the kernel in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application, aka internal bug 28399876.	2016-08-05	Not yet calculated	CVE-2016-3845 CONFIRM
google — android	The Serial Peripheral Interface driver in Android before 2016-08-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28817378.	2016-08-05	Not yet calculated	CVE-2016-3846 CONFIRM
google — android	The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28919417.	2016-08-05	Not yet calculated	CVE-2016-3848 CONFIRM
google — android	The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28377352 and Qualcomm internal bug CR1002974.	2016-08-05	Not yet calculated	CVE-2016-3842 CONFIRM
google — android	The MediaTek Wi-Fi driver in Android before 2016-08-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29141147 and MediaTek internal bug ALPS02751738.	2016-08-05	Not yet calculated	CVE-2016-3852 CONFIRM
google — android	Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted header field in a boot image, aka Android internal bug 27917291 and Qualcomm internal bug CR945164.	2016-08-05	Not yet calculated	CVE-2016-3850 CONFIRM CONFIRM
google — android	The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X devices allows attackers to gain privileges by leveraging access to a privileged process, aka internal bug 29189941.	2016-08-05	Not yet calculated	CVE-2016-3851 CONFIRM
google — android	drivers/thermal/supply_lm_core.c in the Qualcomm components in Android before 2016-08-05 does not validate a certain count parameter, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR990824.	2016-08-06	Not yet calculated	CVE-2016-3855 CONFIRM CONFIRM
google — android	The ION driver in Android before 2016-08-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28939740.	2016-08-05	Not yet calculated	CVE-2016-3849 CONFIRM
google — android	netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR959631.	2016-08-06	Not yet calculated	CVE-2016-3856 CONFIRM CONFIRM CONFIRM
google — android	Google Play services in Android before 2016-08-05 on Nexus devices allow local users to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26803208.	2016-08-05	Not yet calculated	CVE-2016-3853 CONFIRM
google — android	The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518.	2016-08-05	Not yet calculated	CVE-2016-3857 CONFIRM
google — android	drivers/media/video/msm/msm_mctl_buf.c in the Qualcomm components in Android before 2016-08-05 does not validate the image mode, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR897326.	2016-08-06	Not yet calculated	CVE-2016-3854 CONFIRM CONFIRM
google — android	mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allocates an incorrect amount of memory, which allows attackers to gain privileges via a crafted application, aka internal bug 28816964.	2016-08-05	Not yet calculated	CVE-2016-3825 CONFIRM CONFIRM
google — android	Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071.	2016-08-05	Not yet calculated	CVE-2016-3843 CONFIRM
huawei — ips_module	REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.	2016-08-04	Not yet calculated	CVE-2016-6300
juniper — junos_os	Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to “safe mode” authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the “request system software” command with the “partition” option.	2016-08-05	Not yet calculated	CVE-2016-1278 CONFIRM BID SECTRACK
juniper — junos_os	Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D23, 12.3X48 before 12.3X48-D25, and 15.1X49 before 15.1X49-D40 on a High-End SRX-Series chassis system with one or more Application Layer Gateways (ALGs) enabled allow remote attackers to cause a denial of service (CPU consumption, fab link failure, or flip-flop failovers) via vectors related to in-transit traffic matching ALG rules.	2016-08-05	Not yet calculated	CVE-2016-1276 CONFIRM SECTRACK
linux — kernel	arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite loop) by making a H_CEDE hypercall during the existence of a suspended transaction.	2016-08-06	Not yet calculated	CVE-2016-5412 CONFIRM CONFIRM MLIST CONFIRM CONFIRM CONFIRM
linux — kernel	The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal bug 28749743 and Qualcomm internal bug CR561044.	2016-08-06	Not yet calculated	CVE-2014-9870 CONFIRM CONFIRM CONFIRM CONFIRM
linux — kernel	drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28750150 and Qualcomm internal bug CR570757, a different vulnerability than CVE-2014-1739.	2016-08-06	Not yet calculated	CVE-2014-9895 CONFIRM CONFIRM CONFIRM CONFIRM
linux — kernel	The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move.	2016-08-06	Not yet calculated	CVE-2016-3070 CONFIRM CONFIRM CONFIRM CONFIRM
linux — kernel	The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information by reading this file, aka Android internal bug 28814213 and Qualcomm internal bug CR786116. NOTE: the permissions may be intentional in most non-Android contexts.	2016-08-06	Not yet calculated	CVE-2015-8944 CONFIRM MLIST CONFIRM
linux — kernel	Memory leak in the airspy_probe function in drivers/media/usb/airspy/airspy.c in the airspy USB driver in the Linux kernel before 4.7 allows local users to cause a denial of service (memory consumption) via a crafted USB device that emulates many VFL_TYPE_SDR or VFL_TYPE_SUBDEV devices and performs many connect and disconnect operations.	2016-08-06	Not yet calculated	CVE-2016-5400 CONFIRM MLIST CONFIRM CONFIRM
linux — kernel	arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted application, aka Android internal bug 28803642 and Qualcomm internal bug CR642735.	2016-08-06	Not yet calculated	CVE-2014-9888 CONFIRM CONFIRM CONFIRM CONFIRM
linux — kernel	The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754.	2016-08-06	Not yet calculated	CVE-2014-9900 CONFIRM CONFIRM
linux — kernel	The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.	2016-08-06	Not yet calculated	CVE-2014-9892 CONFIRM CONFIRM
linux — kernel	Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (heap-based buffer overflow) or possibly gain privileges by changing a certain count value, aka a “double fetch” vulnerability.	2016-08-06	Not yet calculated	CVE-2016-6516 CONFIRM MLIST CONFIRM CONFIRM
linux — kernel	net/core/skbuff.c in the Linux kernel 4.7-rc6 allows local users to cause a denial of service (panic) or possibly have unspecified other impact via certain IPv6 socket operations.	2016-08-06	Not yet calculated	CVE-2016-6162 MLIST CONFIRM
linux — kernel	The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.	2016-08-06	Not yet calculated	CVE-2016-3841 CONFIRM CONFIRM CONFIRM CONFIRM
linux — kernel	Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a “double fetch” vulnerability.	2016-08-06	Not yet calculated	CVE-2016-6156 CONFIRM BUGTRAQ MISC CONFIRM CONFIRM
linux — kernel	Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a “double fetch” vulnerability.	2016-08-06	Not yet calculated	CVE-2016-6136 CONFIRM BUGTRAQ CONFIRM CONFIRM CONFIRM CONFIRM
linux — kernel	fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink.	2016-08-06	Not yet calculated	CVE-2016-6197 CONFIRM MLIST CONFIRM CONFIRM
linux — kernel	The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 4.6.5 does not validate the buffer size, which allows local users to gain privileges by triggering an AppArmor setprocattr hook.	2016-08-06	Not yet calculated	CVE-2016-6187 CONFIRM MLIST CONFIRM MLIST CONFIRM CONFIRM
linux — kernel	Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a “double fetch” vulnerability.	2016-08-06	Not yet calculated	CVE-2016-6480 BUGTRAQ CONFIRM
linux — kernel	net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack.	2016-08-06	Not yet calculated	CVE-2016-5696 CONFIRM MLIST MISC CONFIRM CONFIRM
linux — kernel	The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c.	2016-08-06	Not yet calculated	CVE-2016-6198 CONFIRM CONFIRM CONFIRM MLIST CONFIRM CONFIRM CONFIRM
sap — extended_application_services	The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905.	2016-08-05	Not yet calculated	CVE-2016-3640 BID MISC MISC MISC
sap — hana	SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging the EXPORT statement to export files, aka SAP Security Note 2252941.	2016-08-05	Not yet calculated	CVE-2016-6149 BID MISC MISC
sap — hana	The SQL interface in SAP HANA provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailed_error_on_connect option is not supported or is configured as “False,” which allows remote attackers to enumerate database users via a series of login attempts, aka SAP Security Note 2216869.	2016-08-05	Not yet calculated	CVE-2016-6145 MISC MISC
sap — hana	The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550.	2016-08-05	Not yet calculated	CVE-2016-6150 BID MISC MISC
wireshark — corba_idl_dissectors	The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.	2016-08-06	Not yet calculated	CVE-2016-6503 MLIST CONFIRM CONFIRM CONFIRM
wireshark — epan_proto.c	epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large loop) via a crafted packet.	2016-08-06	Not yet calculated	CVE-2016-6511 MLIST CONFIRM CONFIRM CONFIRM
wireshark — ldss_dissectors	epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 mishandles conversations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.	2016-08-06	Not yet calculated	CVE-2016-6509 MLIST CONFIRM CONFIRM CONFIRM
wireshark — mmse_dissectors	epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.	2016-08-06	Not yet calculated	CVE-2016-6507 MLIST CONFIRM CONFIRM CONFIRM
wireshark — nds_dissectors	epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.	2016-08-06	Not yet calculated	CVE-2016-6504 MLIST CONFIRM CONFIRM CONFIRM
wireshark — packetbb_dissectors	epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.	2016-08-06	Not yet calculated	CVE-2016-6505 MLIST CONFIRM CONFIRM CONFIRM
wireshark — rlc_dissectors	Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.	2016-08-06	Not yet calculated	CVE-2016-6510 MLIST CONFIRM CONFIRM CONFIRM
wireshark — rlc_dissectors	epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet.	2016-08-06	Not yet calculated	CVE-2016-6508 MLIST CONFIRM CONFIRM CONFIRM
wireshark — tvb_get_guintvar	epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors.	2016-08-06	Not yet calculated	CVE-2016-6512 MLIST CONFIRM CONFIRM CONFIRM
wireshark — wbxml_dissector	epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.	2016-08-06	Not yet calculated	CVE-2016-6513 MLIST CONFIRM CONFIRM CONFIRM
wireshark — wsp_dissectors	epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.	2016-08-06	Not yet calculated	CVE-2016-6506 MLIST CONFIRM CONFIRM CONFIRM

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

VMware Releases Security Update

August 5, 2016 007admin Leave a comment

Original release date: August 05, 2016

VMware has released a security update to address vulnerabilities in vCenter Server, vSphere Hypervisor (ESXi), Workstation Pro, Workstation Player, Fusion, and Tools. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review VMware Security Advisories VMSA-2016-0010 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Apple Releases Security Update

August 5, 2016 007admin Leave a comment

Original release date: August 05, 2016

Apple has released a security update to address a vulnerability in iOS. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. The update is for iPhone 4s and later, iPad 2 and later, and iPod touch (5th generation) and later.

US-CERT encourages users and administrators to review the Apple security page for iOS and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

007 Software

Category Archives: US-CERT

FTC Releases Alert on Louisiana Flood Disaster Scams

Fortinet Releases Security Advisory

SB16-235: Vulnerability Summary for the Week of August 15, 2016

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

Cisco Releases Security Updates

SB16-228: Vulnerability Summary for the Week of August 8, 2016

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

Cisco Releases Security Update

Microsoft Releases August 2016 Security Bulletin

SB16-221: Vulnerability Summary for the Week of August 1, 2016

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

VMware Releases Security Update

Apple Releases Security Update

Software and Security Information