CYBER SECURITY ASSESSMENTS // PENETRATION TESTING // DATA SECURITY // IT SECURITY // SECURITY AUDITS // DIGITAL FORENSICS // CYBER INTELLIGENCE

  • HOME

  • ABOUT US

  • SERVICES

  • CONTACT

  • KNOWLEDGE

  • BUY ONLINE

  • More

                                        2016 VULNERABILITY DATABASE

     

     

     

    CVE-2016-0892

    Summary: Cross-site scripting (XSS) vulnerability in EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

    Published: 5/3/2016 11:59:00 AM

     

    CVSS Severity: v3 - 6.1 MEDIUM      v2 - 4.3 MEDIUM

     

    CVE-2016-3951

    Summary: Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor.

    Published: 5/2/2016 6:59:41 AM

     

    CVSS Severity: v3 - 4.6 MEDIUM      v2 - 4.9 MEDIUM

     

    CVE-2016-3689

    Summary: The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.

    Published: 5/2/2016 6:59:40 AM

     

    CVSS Severity: v3 - 4.6 MEDIUM      v2 - 4.9 MEDIUM

     

    CVE-2016-3140

    Summary: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

    Published: 5/2/2016 6:59:39 AM

     

    CVSS Severity: v3 - 4.6 MEDIUM      v2 - 4.9 MEDIUM

     

    CVE-2016-3138

    Summary: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.

    Published: 5/2/2016 6:59:37 AM

     

    CVSS Severity: v3 - 4.6 MEDIUM      v2 - 4.9 MEDIUM

     

    CVE-2016-3137

    Summary: drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.

    Published: 5/2/2016 6:59:36 AM

     

    CVSS Severity: v3 - 4.6 MEDIUM      v2 - 4.9 MEDIUM

     

    CVE-2016-3136

    Summary: The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.

    Published: 5/2/2016 6:59:35 AM

     

    CVSS Severity: v3 - 4.6 MEDIUM      v2 - 4.9 MEDIUM

     

    CVE-2016-2854

    Summary: The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.

    Published: 5/2/2016 6:59:34 AM

     

    CVSS Severity: v3 - 7.8 HIGH      v2 - 4.6 MEDIUM

     

    CVE-2016-2853

    Summary: The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.

    Published: 5/2/2016 6:59:33 AM

     

    CVSS Severity: v3 - 7.0 HIGH      v2 - 4.4 MEDIUM

     

    CVE-2016-2188

    Summary: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

    Published: 5/2/2016 6:59:32 AM

     

    CVSS Severity: v3 - 4.6 MEDIUM      v2 - 4.9 MEDIUM

     

    CVE-2016-2187

    Summary: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

    Published: 5/2/2016 6:59:30 AM

     

    CVSS Severity: v3 - 4.6 MEDIUM      v2 - 4.9 MEDIUM

     

    CVE-2016-2186

    Summary: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

    Published: 5/2/2016 6:59:29 AM

     

    CVSS Severity: v3 - 4.6 MEDIUM      v2 - 4.9 MEDIUM

     

    CVE-2016-2185

    Summary: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

    Published: 5/2/2016 6:59:28 AM

     

    CVSS Severity: v3 - 4.6 MEDIUM      v2 - 4.9 MEDIUM

     

    CVE-2016-2117

    Summary: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data.

    Published: 5/2/2016 6:59:27 AM

     

    CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

     

    CVE-2016-2070

    Summary: The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux kernel before 4.3.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via crafted TCP traffic.

    Published: 5/2/2016 6:59:26 AM

     

    CVSS Severity: v3 - 7.5 HIGH      v2 - 7.8 HIGH

     

    CVE-2016-2053

    Summary: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.

    Published: 5/2/2016 6:59:25 AM

     

    CVSS Severity: v3 - 5.9 MEDIUM      v2 - 7.1 HIGH

     

    CVE-2016-1576

    Summary: The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.

    Published: 5/2/2016 6:59:24 AM

     

    CVSS Severity: v3 - 7.8 HIGH      v2 - 7.2 HIGH

     

    CVE-2016-1575

    Summary: The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.

    Published: 5/2/2016 6:59:23 AM

     

    CVSS Severity: v3 - 6.8 MEDIUM      v2 - 7.2 HIGH

     

    CVE-2015-8839

    Summary: Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling.

    Published: 5/2/2016 6:59:22 AM

     

    CVSS Severity: v3 - 5.1 MEDIUM      v2 - 1.9 LOW

     

    CVE-2015-8830

    Summary: Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression.

    Published: 5/2/2016 6:59:20 AM

     

    CVSS Severity: v3 - 7.8 HIGH      v2 - 7.2 HIGH

     

     

    <<< New  Older >>>

     

    Trojan 1 | PCI Compliance | HIPAA Compliance | GLBA Compliance | GDPR Compliance | Penetration Testing | Web Application Assessment | Corporate Security Assessment | Cyber Threat Intelligence 24 / 7

     

    Cyber Breach Lawyers | Vulnerability Assessments | CISO On Demand | Black Ops | Secure Cloud | Personal Security Assessments | Small Business IT Security  | NY Cybersecurity Rule 23 NYCRR 500

     

    Ethical Hacking for Small Businesses | IT Compliance Small Business | Security Breach Management Solutions | Big Data Security | Corporate Randsomware

     

    Website Security for Small Businesses | Security Consulting Services | Enterprise Security Services | Drone & Robotic IT Security

     

    Complete IT/Cyber Security Assessment |  Security Governance Services | Security & Risk Management | Digital Forensics

     

    Social Engineering Testing  | Cyber Liability Insurance | Data Centers Transformation & Security | Secure Access and Continuity Solutions

     

    Mobility Management  & Security | Network Management  Security Solutions | EndPoint Security Solutions |  National Vulnerability Database

    • HOME

    • ABOUT US

    • SERVICES

    • CONTACT

    • KNOWLEDGE

    • BUY ONLINE

    • More

      2200 PENNSYLVANIA AVENUE | NW | 4TH FLOOR EAST​ | WASHINGTON, D.C. 20037​

      ​​Tel: 202.507.5773 | Fax: 202.507.5601​ |  ContactUs@TrojanHorseSecurity.com

       

      • s-linkedin
      • s-facebook
      • Google Metallic
      • YouTube Metallic
      • Pinterest Metallic
      • s-tbird

      © 2020  TROJAN HORSE SECURITY INC