CYBER SECURITY ASSESSMENTS // PENETRATION TESTING // DATA SECURITY // IT SECURITY // SECURITY AUDITS // DIGITAL FORENSICS // CYBER INTELLIGENCE

  • HOME

  • ABOUT US

  • SERVICES

  • CONTACT

  • KNOWLEDGE

  • BUY ONLINE

                                       2016 VULNERABILITY DATABASE 

     

     

    CVE-2016-3973

    Summary: The chat feature in the Real-Time Collaboration (RTC) services in SAP NetWeaver Java AS 7.4 allows remote attackers to obtain sensitive user information via unspecified vectors related to WD_CHAT, aka SAP Security Note 2255990.

    Published: 4/7/2016 3:59:04 PM

     

    CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

     

    CVE-2016-2858

    Summary: QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.

    Published: 4/7/2016 3:59:03 PM

     

    CVSS Severity: v3 - 5.9 MEDIUM      v2 - 1.9 LOW

     

    CVE-2016-1714

    Summary: The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or potentially execute arbitrary code via an invalid current entry value in a firmware configuration.

    Published: 4/7/2016 3:59:02 PM

     

    CVSS Severity: v3 - 8.1 HIGH      v2 - 6.9 MEDIUM

     

    CVE-2016-0734

    Summary: The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.

    Published: 4/7/2016 3:59:01 PM

     

    CVSS Severity: v3 - 6.1 MEDIUM      v2 - 4.3 MEDIUM

     

    CVE-2015-8305

    Summary: Huawei Sophia-L10 smartphones with software before P7-L10C900B852 allow attackers to cause a denial of service (system panic) via a crafted application with the system or camera privilege.

    Published: 4/7/2016 3:59:00 PM

     

    CVE-2016-3948

    Summary: Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.

    Published: 4/7/2016 2:59:01 PM

     

    CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

     

    CVE-2016-3947

    Summary: Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.

    Published: 4/7/2016 2:59:00 PM

     

    CVSS Severity: v3 - 8.2 HIGH      v2 - 7.5 HIGH

     

    CVE-2016-1563

    Summary: NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

    Published: 4/7/2016 6:59:02 AM

     

    CVSS Severity: v3 - 6.8 MEDIUM      v2 - 5.8 MEDIUM

     

    CVE-2016-1019

    Summary: Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016.

    Published: 4/7/2016 6:59:01 AM

     

    CVSS Severity: v3 - 9.8 CRITICAL      v2 - 10.0 HIGH

     

    CVE-2016-0888

    Summary: EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors.

    Published: 4/7/2016 6:59:00 AM

     

    CVSS Severity: v3 - 8.8 HIGH      v2 - 9.0 HIGH

     

    CVE-2016-2292

    Summary: Stack-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors.

    Published: 4/6/2016 7:59:18 PM

     

    CVSS Severity: v3 - 6.5 MEDIUM      v2 - 4.3 MEDIUM

     

    CVE-2016-2291

    Summary: Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allow remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.

    Published: 4/6/2016 7:59:17 PM

     

    CVSS Severity: v3 - 6.5 MEDIUM      v2 - 4.3 MEDIUM

     

    CVE-2016-2290

    Summary: Heap-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors.

    Published: 4/6/2016 7:59:16 PM

     

    CVSS Severity: v3 - 8.8 HIGH      v2 - 6.8 MEDIUM

     

    CVE-2016-2277

    Summary: IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) before 9.6.0.8 and 9.7.x before 9.7.0.2 allows remote attackers to execute arbitrary code via a crafted project file.

    Published: 4/6/2016 7:59:15 PM

     

    CVSS Severity: v3 - 6.3 MEDIUM      v2 - 6.9 MEDIUM

     

    CVE-2016-2272

    Summary: Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to have an unspecified impact via a modified cookie.

    Published: 4/6/2016 7:59:14 PM

     

    CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

     

    CVE-2016-1346

    Summary: The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673.

    Published: 4/6/2016 7:59:13 PM

     

    CVSS Severity: v3 - 5.9 MEDIUM      v2 - 7.1 HIGH

     

    CVE-2016-1313

    Summary: Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to obtain root access via unspecified vectors, aka Bug ID CSCun71294.

    Published: 4/6/2016 7:59:12 PM

     

    CVSS Severity: v3 - 9.8 CRITICAL      v2 - 10.0 HIGH

     

    CVE-2016-1291

    Summary: Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.

    Published: 4/6/2016 7:59:11 PM

     

    CVSS Severity: v3 - 9.8 CRITICAL      v2 - 9.3 HIGH

     

    CVE-2016-1290

    Summary: The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227.

    Published: 4/6/2016 7:59:10 PM

     

    CVSS Severity: v3 - 8.1 HIGH      v2 - 5.5 MEDIUM

     

    CVE-2016-1174

    Summary: Cross-site request forgery (CSRF) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to hijack the authentication of administrators.

    Published: 4/6/2016 7:59:09 PM

     

    CVSS Severity: v3 - 8.8 HIGH      v2 - 6.8 MEDIUM

     

     

     

     <<< New  Older >>>

     

     

    Trojan 1 | PCI Compliance | HIPAA Compliance | GLBA Compliance | GDPR Compliance | Penetration Testing | Web Application Assessment | Corporate Security Assessment | Cyber Threat Intelligence 24 / 7

     

    Cyber Breach Lawyers | Vulnerability Assessments | CISO On Demand | Black Ops | Secure Cloud | Personal Security Assessments | Small Business IT Security  | NY Cybersecurity Rule 23 NYCRR 500

     

    Ethical Hacking for Small Businesses | IT Compliance Small Business | Security Breach Management Solutions | Big Data Security | Corporate Randsomware

     

    Website Security for Small Businesses | Security Consulting Services | Enterprise Security Services | Drone & Robotic IT Security

     

    Complete IT/Cyber Security Assessment |  Security Governance Services | Security & Risk Management | Digital Forensics

     

    Social Engineering Testing  | Cyber Liability Insurance | Data Centers Transformation & Security | Secure Access and Continuity Solutions

     

    Mobility Management  & Security | Network Management  Security Solutions | EndPoint Security Solutions |  National Vulnrability Database

    • HOME

    • ABOUT US

    • SERVICES

    • CONTACT

    • KNOWLEDGE

    • BUY ONLINE

      2200 PENNSYLVANIA AVENUE | NW | 4TH FLOOR EAST​ | WASHINGTON, D.C. 20037​

      ​​Tel: 202.507.5773 | Fax: 202.507.5601​ |  ContactUs@TrojanHorseSecurity.com

       

      • s-linkedin
      • s-facebook
      • Google Metallic
      • YouTube Metallic
      • Pinterest Metallic
      • s-tbird

      © 2019  TROJAN HORSE SECURITY INC