2016 VULNERABILITY DATABASE

 

 

 

CVE-2016-2002

Summary: The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417.

Published: 4/20/2016 1:59:01 PM

 

CVE-2016-1384

Summary: The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 through 3.17 allows remote attackers to modify the system time via crafted packets, aka Bug ID CSCux46898.

Published: 4/20/2016 1:59:01 PM

 

CVE-2016-0891

Summary: Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators.

Published: 4/20/2016 1:59:00 PM

 

CVE-2015-8842

Summary: tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file.

Published: 4/20/2016 12:59:03 PM

 

CVE-2015-7802

Summary: gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file.

Published: 4/20/2016 12:59:02 PM

 

CVE-2015-7801

Summary: Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file.

Published: 4/20/2016 12:59:01 PM

 

CVE-2014-9770

Summary: tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files.

Published: 4/20/2016 12:59:00 PM

 

CVE-2016-3628

Summary: Buffer overflow in tibemsd in the server in TIBCO Enterprise Message Service (EMS) before 8.3.0 and EMS Appliance before 2.4.0 allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via crafted inbound data.

Published: 4/20/2016 6:59:00 AM

 

CVSS Severity: v3 - 8.8 HIGH      v2 - 6.5 MEDIUM

CVE-2016-2390

Summary: The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.

Published: 4/19/2016 5:59:07 PM

 

CVE-2016-0741

Summary: slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.

Published: 4/19/2016 5:59:06 PM

 

CVE-2015-8779

Summary: Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.

Published: 4/19/2016 5:59:05 PM

 

CVSS Severity: v3 - 9.8 CRITICAL      v2 - 7.5 HIGH

CVE-2015-8778

Summary: Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.

Published: 4/19/2016 5:59:04 PM

 

CVSS Severity: v3 - 9.8 CRITICAL      v2 - 7.5 HIGH

CVE-2015-8776

Summary: The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.

Published: 4/19/2016 5:59:04 PM

 

CVSS Severity: v3 - 9.1 CRITICAL      v2 - 6.4 MEDIUM

CVE-2015-7511

Summary: Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.

Published: 4/19/2016 5:59:03 PM

 

CVSS Severity: v3 - 2.0 LOW      v2 - 1.9 LOW

CVE-2015-1776

Summary: Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the file.

Published: 4/19/2016 5:59:02 PM

 

CVSS Severity: v3 - 6.2 MEDIUM      v2 - 2.1 LOW

CVE-2014-9765

Summary: Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file.

Published: 4/19/2016 5:59:01 PM

 

CVSS Severity: v3 - 8.8 HIGH      v2 - 6.8 MEDIUM

CVE-2014-9761

Summary: Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.

Published: 4/19/2016 5:59:00 PM

 

CVSS Severity: v3 - 9.8 CRITICAL      v2 - 7.5 HIGH

CVE-2016-4040

Summary: SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter.

Published: 4/19/2016 10:59:03 AM

 

CVE-2016-3960

Summary: Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.

Published: 4/19/2016 10:59:03 AM

 

CVSS Severity: v3 - 8.8 HIGH      v2 - 7.2 HIGH

CVE-2016-3688

Summary: SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr.

Published: 4/19/2016 10:59:02 AM

 

<<< New  Older >>>