• HOME

  • ABOUT US

  • SERVICES

  • CONTACT

  • KNOWLEDGE

  • BUY ONLINE

  • More

    CYBER SECURITY ASSESSMENTS // PENETRATION TESTING // DATA SECURITY // IT SECURITY // SECURITY AUDITS // DIGITAL FORENSICS // CYBER INTELLIGENCE

                                        2016 VULNERABILITY DATABASE

     

     

     

    CVE-2016-2002

    Summary: The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417.

    Published: 4/20/2016 1:59:01 PM

     

    CVE-2016-1384

    Summary: The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 through 3.17 allows remote attackers to modify the system time via crafted packets, aka Bug ID CSCux46898.

    Published: 4/20/2016 1:59:01 PM

     

    CVE-2016-0891

    Summary: Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators.

    Published: 4/20/2016 1:59:00 PM

     

    CVE-2015-8842

    Summary: tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file.

    Published: 4/20/2016 12:59:03 PM

     

    CVE-2015-7802

    Summary: gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file.

    Published: 4/20/2016 12:59:02 PM

     

    CVE-2015-7801

    Summary: Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file.

    Published: 4/20/2016 12:59:01 PM

     

    CVE-2014-9770

    Summary: tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files.

    Published: 4/20/2016 12:59:00 PM

     

    CVE-2016-3628

    Summary: Buffer overflow in tibemsd in the server in TIBCO Enterprise Message Service (EMS) before 8.3.0 and EMS Appliance before 2.4.0 allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via crafted inbound data.

    Published: 4/20/2016 6:59:00 AM

     

    CVSS Severity: v3 - 8.8 HIGH      v2 - 6.5 MEDIUM

    CVE-2016-2390

    Summary: The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.

    Published: 4/19/2016 5:59:07 PM

     

    CVE-2016-0741

    Summary: slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.

    Published: 4/19/2016 5:59:06 PM

     

    CVE-2015-8779

    Summary: Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.

    Published: 4/19/2016 5:59:05 PM

     

    CVSS Severity: v3 - 9.8 CRITICAL      v2 - 7.5 HIGH

    CVE-2015-8778

    Summary: Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.

    Published: 4/19/2016 5:59:04 PM

     

    CVSS Severity: v3 - 9.8 CRITICAL      v2 - 7.5 HIGH

    CVE-2015-8776

    Summary: The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.

    Published: 4/19/2016 5:59:04 PM

     

    CVSS Severity: v3 - 9.1 CRITICAL      v2 - 6.4 MEDIUM

    CVE-2015-7511

    Summary: Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.

    Published: 4/19/2016 5:59:03 PM

     

    CVSS Severity: v3 - 2.0 LOW      v2 - 1.9 LOW

    CVE-2015-1776

    Summary: Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the file.

    Published: 4/19/2016 5:59:02 PM

     

    CVSS Severity: v3 - 6.2 MEDIUM      v2 - 2.1 LOW

    CVE-2014-9765

    Summary: Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file.

    Published: 4/19/2016 5:59:01 PM

     

    CVSS Severity: v3 - 8.8 HIGH      v2 - 6.8 MEDIUM

    CVE-2014-9761

    Summary: Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.

    Published: 4/19/2016 5:59:00 PM

     

    CVSS Severity: v3 - 9.8 CRITICAL      v2 - 7.5 HIGH

    CVE-2016-4040

    Summary: SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter.

    Published: 4/19/2016 10:59:03 AM

     

    CVE-2016-3960

    Summary: Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.

    Published: 4/19/2016 10:59:03 AM

     

    CVSS Severity: v3 - 8.8 HIGH      v2 - 7.2 HIGH

    CVE-2016-3688

    Summary: SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr.

    Published: 4/19/2016 10:59:02 AM

     

    <<< New  Older >>>

     

     

    Trojan 1 | PCI Compliance | HIPAA Compliance | GLBA Compliance | GDPR Compliance | Penetration Testing | Web Application Assessment | Corporate Security Assessment | Cyber Threat Intelligence 24 / 7

     

    Cyber Breach Lawyers | Vulnerability Assessments | CISO On Demand | Black Ops | Secure Cloud | Personal Security Assessments | Small Business IT Security  | NY Cybersecurity Rule 23 NYCRR 500

     

    Ethical Hacking for Small Businesses | IT Compliance Small Business | Security Breach Management Solutions | Big Data Security | Corporate Randsomware

     

    Website Security for Small Businesses | Security Consulting Services | Enterprise Security Services | Drone & Robotic IT Security

     

    Complete IT/Cyber Security Assessment |  Security Governance Services | Security & Risk Management | Digital Forensics

     

    Social Engineering Testing  | Cyber Liability Insurance | Data Centers Transformation & Security | Secure Access and Continuity Solutions

     

    Mobility Management  & Security | Network Management  Security Solutions | EndPoint Security Solutions |  National Vulnerability Database

    2200 PENNSYLVANIA AVENUE | NW | 4TH FLOOR EAST​ | WASHINGTON, D.C. 20037​

    ​​Tel: 202.507.5773 | Fax: 202.507.5601​ |  ContactUs@TrojanHorseSecurity.com

     

    • s-linkedin
    • s-facebook
    • Google Metallic
    • YouTube Metallic
    • Pinterest Metallic
    • s-tbird

    © 2020  TROJAN HORSE SECURITY INC

    • HOME

    • ABOUT US

    • SERVICES

    • CONTACT

    • KNOWLEDGE

    • BUY ONLINE

    • More