2016 NATIONAL VULNERABILITY DATABASE
CVE-2016-6145
Summary: The SQL interface in SAP HANA provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailed_error_on_connect option is not supported or is configured as "False," which allows remote attackers to enumerate database users via a series of login attempts, aka SAP Security Note 2216869.
Published: 8/5/2016 10:59:17 AM
CVE-2016-6144
Summary: The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the password_lock_for_system_user is not supported or is configured as "False," which makes it easier for remote attackers to bypass authentication via a brute force attack, aka SAP Security Note 2216869.
Published: 8/5/2016 10:59:15 AM
CVSS Severity: v3 - 8.1 HIGH v2 - 4.3 MEDIUM
CVE-2016-6140
Summary: SAP TREX 7.10 Revision 63 allows remote attackers to write to arbitrary files via vectors related to RFC-Gateway, aka SAP Security Note 2203591.
Published: 8/5/2016 10:59:13 AM
CVSS Severity: v3 - 9.8 CRITICAL v2 - 7.6 HIGH
CVE-2016-6139
Summary: SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.
Published: 8/5/2016 10:59:12 AM
CVSS Severity: v3 - 9.8 CRITICAL v2 - 7.6 HIGH
CVE-2016-6138
Summary: Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.
Published: 8/5/2016 10:59:11 AM
CVSS Severity: v3 - 9.8 CRITICAL v2 - 10.0 HIGH
CVE-2016-5000
Summary: The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Published: 8/5/2016 10:59:10 AM
CVSS Severity: v3 - 5.5 MEDIUM v2 - 4.3 MEDIUM
CVE-2016-3640
Summary: The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905.
Published: 8/5/2016 10:59:07 AM
CVE-2016-3196
Summary: Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.2.6 and FortiManager 5.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section.
Published: 8/5/2016 10:59:06 AM
CVSS Severity: v3 - 5.4 MEDIUM v2 - 3.5 LOW
CVE-2016-3097
Summary: Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data.
Published: 8/5/2016 10:59:05 AM
CVSS Severity: v3 - 6.1 MEDIUM v2 - 4.3 MEDIUM
CVE-2016-3080
Summary: Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via the (1) RHNMD User or (2) Filesystem parameters, related to display of monitoring probes.
Published: 8/5/2016 10:59:02 AM
CVSS Severity: v3 - 6.1 MEDIUM v2 - 4.3 MEDIUM
CVE-2016-1513
Summary: The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP file.
Published: 8/5/2016 10:59:00 AM
CVSS Severity: v3 - 7.8 HIGH v2 - 6.8 MEDIUM
CVE-2016-5268
Summary: Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to conduct spoofing attacks via a crafted URL, as demonstrated by misleading text after an about:neterror?d= substring.
Published: 8/4/2016 9:59:24 PM
CVE-2016-5267
Summary: Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set.
Published: 8/4/2016 9:59:23 PM
CVE-2016-5266
Summary: Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site.
Published: 8/4/2016 9:59:22 PM
CVE-2016-5265
Summary: Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same local directory.
Published: 8/4/2016 9:59:21 PM
CVE-2016-5264
Summary: Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application.
Published: 8/4/2016 9:59:20 PM
CVE-2016-5263
Summary: The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion."
Published: 8/4/2016 9:59:19 PM
CVE-2016-5262
Summary: Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
Published: 8/4/2016 9:59:18 PM
CVE-2016-5261
Summary: Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering.
Published: 8/4/2016 9:59:17 PM
CVE-2016-5260
Summary: Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which might allow attackers to discover cleartext passwords by reading a session restoration file.
Published: 8/4/2016 9:59:16 PM
CVE-2016-5259
Summary: Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop.
Published: 8/4/2016 9:59:15 PM
CVE-2016-5258
Summary: Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session.
Published: 8/4/2016 9:59:14 PM
CVE-2016-5255
Summary: Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.
Published: 8/4/2016 9:59:13 PM
CVE-2016-5254
Summary: Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by leveraging keyboard access to use the Alt key during selection of top-level menu items.
Published: 8/4/2016 9:59:12 PM
CVE-2016-5253
Summary: The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link.
Published: 8/4/2016 9:59:10 PM
CVE-2016-5252
Summary: Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations.
Published: 8/4/2016 9:59:09 PM
CVE-2016-5251
Summary: Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL.
Published: 8/4/2016 9:59:08 PM
CVE-2016-5250
Summary: Mozilla Firefox before 48.0 allows remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.
Published: 8/4/2016 9:59:07 PM
CVE-2016-2839
Summary: Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video.
Published: 8/4/2016 9:59:06 PM
CVE-2016-2838
Summary: Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document.
Published: 8/4/2016 9:59:04 PM
CVE-2016-2837
Summary: Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass.
Published: 8/4/2016 9:59:03 PM