2016 VULNERABILITY DATABASE

 

 

 

CVE-2016-4342

Summary: ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive.

Published: 5/21/2016 9:59:16 PM

 

CVSS Severity: v3 - 8.8 HIGH      v2 - 8.3 HIGH

 

CVE-2016-2222

Summary: The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address.

Published: 5/21/2016 9:59:15 PM

 

CVSS Severity: v3 - 8.6 HIGH      v2 - 5.0 MEDIUM

 

CVE-2016-2221

Summary: Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers incorrect hostname parsing, as demonstrated by an https:example.com URL.

Published: 5/21/2016 9:59:14 PM

 

CVSS Severity: v3 - 7.4 HIGH      v2 - 5.8 MEDIUM

 

CVE-2016-1564

Summary: Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/class-wp-theme.php in WordPress before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a (1) stylesheet name or (2) template name to wp-admin/customize.php.

Published: 5/21/2016 9:59:13 PM

 

CVSS Severity: v3 - 6.1 MEDIUM      v2 - 4.3 MEDIUM

 

CVE-2015-8880

Summary: Double free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by triggering an error.

Published: 5/21/2016 9:59:12 PM

 

CVSS Severity: v3 - 9.8 CRITICAL      v2 - 10.0 HIGH

 

CVE-2015-8879

Summary: The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.

Published: 5/21/2016 9:59:11 PM

 

CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

 

CVE-2015-8878

Summary: main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses.

Published: 5/21/2016 9:59:10 PM

 

CVSS Severity: v3 - 5.9 MEDIUM      v2 - 7.1 HIGH

 

CVE-2015-8877

Summary: The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function.

Published: 5/21/2016 9:59:09 PM

 

CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

 

CVE-2015-8876

Summary: Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data.

Published: 5/21/2016 9:59:07 PM

 

CVSS Severity: v3 - 9.8 CRITICAL      v2 - 7.5 HIGH

 

CVE-2015-8867

Summary: The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.

Published: 5/21/2016 9:59:06 PM

 

CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

 

CVE-2015-8866

Summary: ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.

Published: 5/21/2016 9:59:05 PM

 

CVSS Severity: v3 - 9.6 CRITICAL      v2 - 6.8 MEDIUM

 

CVE-2015-8834

Summary: Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3440.

Published: 5/21/2016 9:59:04 PM

 

CVSS Severity: v3 - 6.1 MEDIUM      v2 - 4.3 MEDIUM

 

CVE-2015-7989

Summary: Cross-site scripting (XSS) vulnerability in the user list table in WordPress before 4.3.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted e-mail address, a different vulnerability than CVE-2015-5714.

Published: 5/21/2016 9:59:03 PM

 

CVSS Severity: v3 - 5.4 MEDIUM      v2 - 3.5 LOW

 

CVE-2015-5715

Summary: The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors.

Published: 5/21/2016 9:59:02 PM

 

CVSS Severity: v3 - 4.3 MEDIUM      v2 - 4.0 MEDIUM

 

CVE-2015-5714

Summary: Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.

Published: 5/21/2016 9:59:01 PM

 

CVSS Severity: v3 - 6.1 MEDIUM      v2 - 4.3 MEDIUM

 

CVE-2014-9767

Summary: Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive.

Published: 5/21/2016 9:59:00 PM

 

CVSS Severity: v3 - 4.3 MEDIUM      v2 - 4.3 MEDIUM

 

CVE-2016-1402

Summary: The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815.

Published: 5/20/2016 9:59:01 PM

 

CVE-2016-1401

Summary: Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250.

Published: 5/20/2016 9:59:00 PM

 

CVE-2016-4441

Summary: The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command.

Published: 5/20/2016 10:59:08 AM

 

CVE-2016-4439

Summary: The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors.

Published: 5/20/2016 10:59:07 AM

 

CVE-2016-4348

Summary: The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.

Published: 5/20/2016 10:59:06 AM

 

CVE-2016-3739

Summary: The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate.

Published: 5/20/2016 10:59:05 AM

 

CVE-2016-3728

Summary: Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/.

Published: 5/20/2016 10:59:04 AM

 

CVE-2016-3693

Summary: The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.

Published: 5/20/2016 10:59:03 AM

 

CVE-2016-2100

Summary: Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission.

Published: 5/20/2016 10:59:02 AM

 

CVE-2015-7558

Summary: librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.

Published: 5/20/2016 10:59:01 AM

 

CVE-2015-7557

Summary: The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document.

Published: 5/20/2016 10:59:00 AM

 

CVE-2016-4073

Summary: Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call.

Published: 5/20/2016 7:00:18 AM

 

CVE-2016-4072

Summary: The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar/phar.c.

Published: 5/20/2016 7:00:16 AM

 

CVE-2016-4071

Summary: Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call.

Published: 5/20/2016 7:00:15 AM

 

CVE-2016-4070

Summary: ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says "Not sure if this qualifies as security issue (probably not)."

Published: 5/20/2016 7:00:14 AM

 

CVE-2016-1859

Summary: The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

Published: 5/20/2016 7:00:13 AM

 

CVE-2016-1858

Summary: WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site.

Published: 5/20/2016 7:00:12 AM

 

CVE-2016-1857

Summary: WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856.

Published: 5/20/2016 7:00:11 AM

 

CVE-2016-1856

Summary: WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1857.

Published: 5/20/2016 7:00:10 AM

 

CVE-2016-1855

Summary: WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1856, and CVE-2016-1857.

Published: 5/20/2016 7:00:08 AM

 

CVE-2016-1854

Summary: WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1855, CVE-2016-1856, and CVE-2016-1857.

Published: 5/20/2016 7:00:08 AM

 

CVE-2016-1853

Summary: Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support.

Published: 5/20/2016 7:00:06 AM

 

CVE-2016-1852

Summary: Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state, which allows physically proximate attackers to obtain sensitive contact and photo information via unspecified vectors.

Published: 5/20/2016 7:00:05 AM

 

CVE-2016-1851

Summary: The Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows physically proximate attackers to reset expired passwords in the lock-screen state via unspecified vectors.

Published: 5/20/2016 7:00:04 AM

 

CVE-2016-1850

Summary: SceneKit in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.

Published: 5/20/2016 7:00:03 AM

 

CVE-2016-1849

Summary: The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory.

Published: 5/20/2016 7:00:02 AM

 

CVE-2016-1848

Summary: QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.

Published: 5/20/2016 7:00:01 AM

 

CVE-2016-1847

Summary: OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

Published: 5/20/2016 7:00:00 AM

 

CVE-2016-1846

Summary: The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Published: 5/20/2016 6:59:59 AM

 

CVE-2016-1844

Summary: The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors.

Published: 5/20/2016 6:59:58 AM

 

CVE-2016-1843

Summary: The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors.

Published: 5/20/2016 6:59:57 AM

 

 

<<< New  Older >>>