Monday, May 30, 2016

SB16-151: Vulnerability Summary for the Week of May 23, 2016

Original release date: May 30, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apple -- apple_tv The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1828, and CVE-2016-1830. 2016-05-20 9.3 CVE-2016-1829
CONFIRM
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
APPLE
cisco -- web_security_appliance Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (proxy-process hang) via a crafted HTTP POST request, aka Bug ID CSCuo12171. 2016-05-24 7.8 CVE-2016-1380
CISCO
cisco -- web_security_appliance Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an HTTP file-range request for cached content, aka Bug ID CSCuw97270. 2016-05-24 7.8 CVE-2016-1381
CISCO
cisco -- web_security_appliance_(wsa) Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance (WSA) devices mishandles memory allocation for HTTP requests, which allows remote attackers to cause a denial of service (proxy-process reload) via a crafted request, aka Bug ID CSCuu02529. 2016-05-24 7.8 CVE-2016-1382
CISCO
cisco -- web_security_appliance_(wsa) Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an unspecified HTTP status code, aka Bug ID CSCur28305. 2016-05-24 7.8 CVE-2016-1383
CISCO
freebsd -- freebsd Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and kernel crash), or gain privileges via a negative value in the flen structure member in the arg argument in a SETFKEY ioctl call, which triggers a "two way heap and stack overflow." 2016-05-25 7.2 CVE-2016-1886
CONFIRM
FREEBSD
SECTRACK
MISC
freebsd -- freebsd Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory overwrite and kernel panic) or gain privileges via a negative buflen argument, which triggers a heap-based buffer overflow. 2016-05-25 7.2 CVE-2016-1887
FREEBSD
SECTRACK
MISC
golang -- go Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function. 2016-05-23 7.2 CVE-2016-3958
MLIST
CONFIRM
CONFIRM
MLIST
MLIST
huawei -- mobile_broadband_hl_service The Huawei Mobile Broadband HL Service 22.001.25.00.03 and earlier uses a weak ACL for the MobileBrServ program data directory, which allows local users to gain SYSTEM privileges by modifying VERSION.dll. 2016-05-23 7.2 CVE-2016-2855
MISC
MISC
FULLDISC
MISC
huawei -- mate_8_firmware Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted application, aka HWPSIRT-2016-03020. 2016-05-26 9.3 CVE-2016-3680
CONFIRM
huawei -- mate_8_firmware Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted application, aka HWPSIRT-2016-03021. 2016-05-26 9.3 CVE-2016-3681
CONFIRM
huawei -- ips_module_firmware Buffer overflow in the Application Specific Packet Filtering (ASPF) functionality in the Huawei IPS Module, NGFW Module, NIP6300, NIP6600, Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 devices with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to "illegitimate parameters." 2016-05-23 7.5 CVE-2016-4576
CONFIRM
lenovo -- shareit Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack." 2016-05-23 9.3 CVE-2016-4782
CONFIRM
libexpat -- expat Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. 2016-05-26 7.5 CVE-2016-0718
CONFIRM
UBUNTU
MLIST
DEBIAN
linux -- linux_kernel The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF instructions that reference an incorrect file descriptor. 2016-05-23 7.2 CVE-2016-4557
CONFIRM
CONFIRM
CONFIRM
MISC
MLIST
CONFIRM
CONFIRM
linux -- linux_kernel The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface. 2016-05-23 7.2 CVE-2016-4565
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernel drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before 4.5.3 allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a crafted number of planes in a VIDIOC_DQBUF ioctl call. 2016-05-23 7.2 CVE-2016-4568
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernel Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls. 2016-05-23 7.2 CVE-2016-4794
MLIST
CONFIRM
MLIST
linux -- linux_kernel Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions. 2016-05-23 7.2 CVE-2016-4805
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernel The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem. 2016-05-23 7.2 CVE-2016-4913
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM
CONFIRM
linux -- linux_kernel The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation. 2016-05-23 7.2 CVE-2016-4951
CONFIRM
MLIST
MLIST
CONFIRM
pgpdump -- pgpdump The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string. 2016-05-26 7.8 CVE-2016-4021
MISC
CONFIRM
BUGTRAQ
FEDORA
FEDORA
FEDORA
php -- php The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file. 2016-05-20 7.5 CVE-2015-8865
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
APPLE
CONFIRM
CONFIRM
php -- php Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data. 2016-05-21 7.5 CVE-2015-8876
CONFIRM
CONFIRM
php -- php main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses. 2016-05-21 7.1 CVE-2015-8878
CONFIRM
CONFIRM
php -- php Double free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by triggering an error. 2016-05-21 10.0 CVE-2015-8880
CONFIRM
php -- php Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call. 2016-05-20 7.5 CVE-2016-4071
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
APPLE
php -- php The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar/phar.c. 2016-05-20 7.5 CVE-2016-4072
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
APPLE
php -- php Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call. 2016-05-20 7.5 CVE-2016-4073
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
APPLE
php -- php ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive. 2016-05-21 8.3 CVE-2016-4342
CONFIRM
MLIST
CONFIRM
CONFIRM
php -- php Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long argument to the utf8_encode function, leading to a heap-based buffer overflow. 2016-05-21 7.5 CVE-2016-4344
CONFIRM
MLIST
CONFIRM
php -- php Integer overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow. 2016-05-21 7.5 CVE-2016-4345
CONFIRM
MLIST
CONFIRM
php -- php Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow. 2016-05-21 7.5 CVE-2016-4346
CONFIRM
MLIST
CONFIRM
php -- php The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call. 2016-05-21 7.5 CVE-2016-4537
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
php -- php The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call. 2016-05-21 7.5 CVE-2016-4538
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
php -- php The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero. 2016-05-21 7.5 CVE-2016-4539
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
php -- php The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset. 2016-05-21 7.5 CVE-2016-4540
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
php -- php The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset. 2016-05-21 7.5 CVE-2016-4541
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
php -- php The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. 2016-05-21 7.5 CVE-2016-4542
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
php -- php The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. 2016-05-21 7.5 CVE-2016-4543
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
php -- php The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. 2016-05-21 7.5 CVE-2016-4544
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
pulsesecure -- pulse_connect_secure Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. 2016-05-26 7.8 CVE-2016-4786
CONFIRM
SECTRACK
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apple -- apple_tv libc in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. 2016-05-20 4.6 CVE-2016-1832
CONFIRM
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
APPLE
apple -- apple_tv OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. 2016-05-20 6.8 CVE-2016-1847
CONFIRM
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
APPLE
apple -- mac_os_x QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file. 2016-05-20 6.8 CVE-2016-1848
CONFIRM
APPLE
apple -- mac_os_x SceneKit in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file. 2016-05-20 6.8 CVE-2016-1850
CONFIRM
APPLE
apple -- mac_os_x Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support. 2016-05-20 5.0 CVE-2016-1853
CONFIRM
APPLE
apple -- safari WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1855, CVE-2016-1856, and CVE-2016-1857. 2016-05-20 6.8 CVE-2016-1854
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple -- safari WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1856, and CVE-2016-1857. 2016-05-20 6.8 CVE-2016-1855
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple -- safari WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1857. 2016-05-20 6.8 CVE-2016-1856
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple -- safari WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856. 2016-05-20 6.8 CVE-2016-1857
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple -- safari WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site. 2016-05-20 4.3 CVE-2016-1858
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
apple -- safari The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. 2016-05-20 6.8 CVE-2016-1859
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
cisco -- adaptive_security_appliance_firmware The XML parser in Cisco Adaptive Security Appliance (ASA) Software through 9.5.2 allows remote authenticated users to cause a denial of service (instability, memory consumption, or device reload) by leveraging (1) administrative access or (2) Clientless SSL VPN access to provide a crafted XML document, aka Bug ID CSCut14209. 2016-05-26 6.8 CVE-2016-1385
CISCO
cisco -- telepresence_video_communication_server Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7.2 allows remote attackers to cause a denial of service (service disruption) via a crafted URI in a SIP header, aka Bug ID CSCuy43258. 2016-05-24 5.0 CVE-2016-1400
CISCO
cisco -- unified_computing_system Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250. 2016-05-20 4.3 CVE-2016-1401
CISCO
cisco -- identity_services_engine_software The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815. 2016-05-20 5.0 CVE-2016-1402
CISCO
cisco -- evolved_programmable_network_manager The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409. 2016-05-24 6.5 CVE-2016-1406
CISCO
cisco -- ios_xr Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services (LPTS) mishandles flow-base entries, which allows remote attackers to cause a denial of service (session drop) by making many connection attempts to open TCP ports, aka Bug ID CSCux95576. 2016-05-24 5.0 CVE-2016-1407
CISCO
fortinet -- fortisandbox_firmware Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface (WebUI) in Fortinet FortiSandbox before 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) serial parameter to alerts/summary/profile/; the (2) urlForCreatingReport parameter to csearch/report/export/; the (3) id parameter to analysis/detail/download/screenshot; or vectors related to (4) "Fortiview threats by users search filtered by vdom" or (5) "PCAP file download generated by the VM scan feature." 2016-05-26 4.3 CVE-2015-7360
BUGTRAQ
MISC
MISC
CONFIRM
gnome -- librsvg The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document. 2016-05-20 5.0 CVE-2015-7557
CONFIRM
CONFIRM
MLIST
gnome -- librsvg librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document. 2016-05-20 5.0 CVE-2015-7558
CONFIRM
CONFIRM
MLIST
MLIST
gnome -- librsvg The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document. 2016-05-20 5.0 CVE-2016-4348
CONFIRM
MLIST
MLIST
MLIST
MLIST
SUSE
golang -- go The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries. 2016-05-23 5.0 CVE-2016-3959
MLIST
CONFIRM
MLIST
MLIST
SUSE
FEDORA
FEDORA
FEDORA
hhvm -- hhvm Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive. 2016-05-21 4.3 CVE-2014-9767
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
huawei -- s12700_firmware Huawei S12700 switches with software before V200R008C00SPC500 and S5700 switches with software before V200R005SPH010, when the debug switch is enabled, allows remote attackers to cause a denial of service or execute arbitrary code via crafted DNS packets. 2016-05-23 5.1 CVE-2016-4087
CONFIRM
huawei -- ath Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before UL00C00B361; CherryPlus smartphones with software TL00C00 before TL00C00B553, UL00C00 before UL00C00B553, and TL00MC01 before TL00MC01B553; and RIO smartphones with software AL00C00 before AL00C00B360 allows remote attackers to inject arbitrary web script or HTML via an email message. 2016-05-25 4.3 CVE-2016-4575
CONFIRM
huawei -- ngfw_module_firmware Buffer overflow in the Smart DNS functionality in the Huawei NGFW Module and Secospace USG6300, USG6500, USG6600, and USG9500 firewalls with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to "illegitimate parameters." 2016-05-23 6.8 CVE-2016-4577
CONFIRM
ibm -- java_sdk Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors. 2016-05-24 6.8 CVE-2016-0264
CONFIRM
AIXAPAR
REDHAT
REDHAT
SUSE
SUSE
SUSE
SUSE
SUSE
lenovo -- shareit Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before 3.5.98_ww on Android before 4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)." 2016-05-23 4.3 CVE-2016-4783
CONFIRM
libgd -- libgd The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function. 2016-05-21 5.0 CVE-2015-8877
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernel The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message. 2016-05-23 5.0 CVE-2016-4485
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernel The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted application on (1) a system with more than 32 Gb of memory, related to the program reference count or (2) a 1 Tb system, related to the map reference count. 2016-05-23 6.9 CVE-2016-4558
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernel The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request. 2016-05-23 5.0 CVE-2016-4580
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernel fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls. 2016-05-23 4.9 CVE-2016-4581
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
mediaelementjs -- mediaelement.js Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via the query string. 2016-05-21 4.3 CVE-2016-4567
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
moodle -- moodle user/index.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 grants excessive authorization on the basis of the moodle/course:viewhiddenuserfields capability, which allows remote authenticated users to discover student e-mail addresses by leveraging the teacher role and reading a Participants list. 2016-05-22 4.0 CVE-2016-2151
CONFIRM
MLIST
CONFIRM
moodle -- moodle Multiple cross-site scripting (XSS) vulnerabilities in auth/db/auth.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an external DB profile field. 2016-05-22 4.3 CVE-2016-2152
CONFIRM
MLIST
CONFIRM
moodle -- moodle Cross-site scripting (XSS) vulnerability in the advanced-search feature in mod_data in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted field in a URL, as demonstrated by a search form field. 2016-05-22 4.3 CVE-2016-2153
CONFIRM
MLIST
CONFIRM
moodle -- moodle admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to a rule. 2016-05-22 4.0 CVE-2016-2154
CONFIRM
MLIST
CONFIRM
moodle -- moodle The grade-reporting feature in Singleview (aka Single View) in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/grade:manage capability, which allows remote authenticated users to modify "Exclude grade" settings by leveraging the Non-Editing Instructor role. 2016-05-22 4.0 CVE-2016-2155
CONFIRM
MLIST
CONFIRM
moodle -- moodle calendar/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 provides calendar-event data without considering whether an activity is hidden, which allows remote authenticated users to obtain sensitive information via a web-service request. 2016-05-22 4.0 CVE-2016-2156
CONFIRM
MLIST
CONFIRM
moodle -- moodle Cross-site request forgery (CSRF) vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage Assignment plugins. 2016-05-22 6.8 CVE-2016-2157
CONFIRM
MLIST
CONFIRM
moodle -- moodle lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request. 2016-05-22 4.0 CVE-2016-2158
CONFIRM
MLIST
CONFIRM
moodle -- moodle The save_submission function in mod/assign/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service request. 2016-05-22 4.0 CVE-2016-2159
CONFIRM
MLIST
CONFIRM
moodle -- moodle Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log. 2016-05-22 5.0 CVE-2016-2190
CONFIRM
MLIST
CONFIRM
perl -- perl The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80." 2016-05-25 5.0 CVE-2015-8853
CONFIRM
CONFIRM
MLIST
MLIST
CONFIRM
FEDORA
php -- php ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161. 2016-05-21 6.8 CVE-2015-8866
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
php -- php The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. 2016-05-21 5.0 CVE-2015-8867
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
php -- php The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table. 2016-05-21 5.0 CVE-2015-8879
CONFIRM
CONFIRM
php -- php ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says "Not sure if this qualifies as security issue (probably not)." 2016-05-20 5.0 CVE-2016-4070
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
APPLE
php -- php The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive. 2016-05-21 6.8 CVE-2016-4343
CONFIRM
MLIST
MISC
MISC
plupload -- plupload Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack. 2016-05-21 4.3 CVE-2016-4566
CONFIRM
CONFIRM
MISC
CONFIRM
CONFIRM
MLIST
pulsesecure -- pulse_connect_secure Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors. 2016-05-26 6.4 CVE-2016-4787
CONFIRM
SECTRACK
pulsesecure -- pulse_connect_secure Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors. 2016-05-26 5.0 CVE-2016-4788
CONFIRM
SECTRACK
pulsesecure -- pulse_connect_secure Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-05-26 4.3 CVE-2016-4789
CONFIRM
SECTRACK
pulsesecure -- pulse_connect_secure The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors. 2016-05-26 6.4 CVE-2016-4791
CONFIRM
SECTRACK
pulsesecure -- pulse_connect_secure Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to disclose sign in pages via unspecified vectors. 2016-05-26 5.0 CVE-2016-4792
CONFIRM
SECTRACK
qemu -- qemu The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list. 2016-05-23 4.9 CVE-2015-8558
MLIST
CONFIRM
BID
MLIST
MLIST
CONFIRM
qemu -- qemu Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet. 2016-05-23 4.3 CVE-2016-4001
MLIST
MLIST
MLIST
FEDORA
FEDORA
FEDORA
CONFIRM
qemu -- qemu The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558. 2016-05-23 4.9 CVE-2016-4037
MLIST
MLIST
MLIST
MLIST
FEDORA
FEDORA
FEDORA
CONFIRM
qemu -- qemu The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors. 2016-05-20 4.6 CVE-2016-4439
MLIST
CONFIRM
MLIST
quagga -- quagga The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet. 2016-05-23 5.0 CVE-2016-4049
MLIST
MLIST
SECTRACK
MLIST
SUSE
rubygems -- safemode The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method. 2016-05-20 6.8 CVE-2016-3693
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
CONFIRM
theforeman -- foreman Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission. 2016-05-20 6.5 CVE-2016-2100
MLIST
CONFIRM
CONFIRM
theforeman -- foreman Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/. 2016-05-20 6.8 CVE-2016-3728
CONFIRM
MLIST
CONFIRM
CONFIRM
trend_micro -- mobile_security Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obtain sensitive information via a crafted certificate. 2016-05-23 5.8 CVE-2016-3664
CONFIRM
MISC
MISC
wordpress -- wordpress Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags. 2016-05-21 4.3 CVE-2015-5714
CONFIRM
CONFIRM
CONFIRM
CONFIRM
wordpress -- wordpress The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors. 2016-05-21 4.0 CVE-2015-5715
CONFIRM
CONFIRM
CONFIRM
CONFIRM
wordpress -- wordpress Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3440. 2016-05-21 4.3 CVE-2015-8834
CONFIRM
CONFIRM
wordpress -- wordpress Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/class-wp-theme.php in WordPress before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a (1) stylesheet name or (2) template name to wp-admin/customize.php. 2016-05-21 4.3 CVE-2016-1564
CONFIRM
CONFIRM
CONFIRM
MLIST
MISC
wordpress -- wordpress Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers incorrect hostname parsing, as demonstrated by an https:example.com URL. 2016-05-21 5.8 CVE-2016-2221
CONFIRM
CONFIRM
CONFIRM
wordpress -- wordpress The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address. 2016-05-21 5.0 CVE-2016-2222
CONFIRM
CONFIRM
CONFIRM
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apple -- safari The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory. 2016-05-20 2.1 CVE-2016-1849
CONFIRM
CONFIRM
APPLE
APPLE
apple -- mac_os_x The Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows physically proximate attackers to reset expired passwords in the lock-screen state via unspecified vectors. 2016-05-20 2.1 CVE-2016-1851
CONFIRM
APPLE
apple -- iphone_os Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state, which allows physically proximate attackers to obtain sensitive contact and photo information via unspecified vectors. 2016-05-20 2.1 CVE-2016-1852
CONFIRM
APPLE
cmsmadesimple -- cms_made_simple CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request. 2016-05-26 2.6 CVE-2016-2784
EXPLOIT-DB
BUGTRAQ
CONFIRM
CONFIRM
FULLDISC
MISC
linux -- linux_kernel The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. 2016-05-23 2.1 CVE-2016-4482
CONFIRM
CONFIRM
MLIST
CONFIRM
linux -- linux_kernel The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. 2016-05-23 2.1 CVE-2016-4486
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- linux_kernel The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface. 2016-05-23 2.1 CVE-2016-4569
CONFIRM
CONFIRM
MLIST
CONFIRM
linux -- linux_kernel sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions. 2016-05-23 2.1 CVE-2016-4578
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
pulsesecure -- pulse_connect_secure Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-05-26 3.5 CVE-2016-4790
CONFIRM
SECTRACK
qemu -- qemu The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR). 2016-05-25 2.1 CVE-2016-4020
MLIST
MLIST
CONFIRM
CONFIRM
qemu -- qemu The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command. 2016-05-20 2.1 CVE-2016-4441
MLIST
CONFIRM
MLIST
redhat -- libvirt The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr. 2016-05-25 2.1 CVE-2014-3672
CONFIRM
CONFIRM
CONFIRM
SECTRACK
MLIST
wordpress -- wordpress Cross-site scripting (XSS) vulnerability in the user list table in WordPress before 4.3.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted e-mail address, a different vulnerability than CVE-2015-5714. 2016-05-21 3.5 CVE-2015-7989
CONFIRM
CONFIRM
CONFIRM
CONFIRM
Back to top

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
cisco -- asa The XML parser in Cisco Adaptive Security Appliance (ASA) Software through 9.5.2 allows remote authenticated users to cause a denial of service (instability, memory consumption, or device reload) by leveraging (1) administrative access or (2) Clientless SSL VPN access to provide a crafted XML document, aka Bug ID CSCut14209. 2016-05-26 not yet assigned CVE-2016-1385
CISCO
cms_made_simple -- smarty_cache CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request. 2016-05-26 not yet assigned CVE-2016-2784
EXPLOIT-DB
BUGTRAQ
CONFIRM
CONFIRM
FULLDISC
MISC
fortinet -- fortisandbox Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface (WebUI) in Fortinet FortiSandbox before 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) serial parameter to alerts/summary/profile/; the (2) urlForCreatingReport parameter to csearch/report/export/; the (3) id parameter to analysis/detail/download/screenshot; or vectors related to (4) "Fortiview threats by users search filtered by vdom" or (5) "PCAP file download generated by the VM scan feature." 2016-05-26 not yet assigned CVE-2015-7360
BUGTRAQ
MISC
MISC
CONFIRM
huawei -- mate_8_nxt-al Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted application, aka HWPSIRT-2016-03020. 2016-05-26 not yet assigned CVE-2016-3680
CONFIRM
huawei -- mate_8_nxt-al Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted application, aka HWPSIRT-2016-03021. 2016-05-26 not yet assigned CVE-2016-3681
CONFIRM
linux -- expat_xml_parser Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. 2016-05-26 not yet assigned CVE-2016-0718
CONFIRM
UBUNTU
MLIST
DEBIAN
linux -- pgpdump The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string. 2016-05-26 not yet assigned CVE-2016-4021
MISC
CONFIRM
BUGTRAQ
FEDORA
FEDORA
FEDORA
pulse_secure -- pulse_connect_secure Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-05-26 not yet assigned CVE-2016-4790
CONFIRM
SECTRACK
pulse_secure -- pulse_connect_secure Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-05-26 not yet assigned CVE-2016-4789
CONFIRM
SECTRACK
pulse_secure -- pulse_connect_secure Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors. 2016-05-26 not yet assigned CVE-2016-4788
CONFIRM
SECTRACK
pulse_secure -- pulse_connect_secure Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors. 2016-05-26 not yet assigned CVE-2016-4787
CONFIRM
SECTRACK
pulse_secure -- pulse_connect_secure Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to disclose sign in pages via unspecified vectors. 2016-05-26 not yet assigned CVE-2016-4792
CONFIRM
SECTRACK
pulse_secure -- pulse_connect_secure The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors. 2016-05-26 not yet assigned CVE-2016-4791
CONFIRM
SECTRACK
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/25w2vOQ

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.