2016 VULNERABILITY DATABASE 

 

 

CVE-2016-3973

Summary: The chat feature in the Real-Time Collaboration (RTC) services in SAP NetWeaver Java AS 7.4 allows remote attackers to obtain sensitive user information via unspecified vectors related to WD_CHAT, aka SAP Security Note 2255990.

Published: 4/7/2016 3:59:04 PM

 

CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

 

CVE-2016-2858

Summary: QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.

Published: 4/7/2016 3:59:03 PM

 

CVSS Severity: v3 - 5.9 MEDIUM      v2 - 1.9 LOW

 

CVE-2016-1714

Summary: The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or potentially execute arbitrary code via an invalid current entry value in a firmware configuration.

Published: 4/7/2016 3:59:02 PM

 

CVSS Severity: v3 - 8.1 HIGH      v2 - 6.9 MEDIUM

 

CVE-2016-0734

Summary: The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.

Published: 4/7/2016 3:59:01 PM

 

CVSS Severity: v3 - 6.1 MEDIUM      v2 - 4.3 MEDIUM

 

CVE-2015-8305

Summary: Huawei Sophia-L10 smartphones with software before P7-L10C900B852 allow attackers to cause a denial of service (system panic) via a crafted application with the system or camera privilege.

Published: 4/7/2016 3:59:00 PM

 

CVE-2016-3948

Summary: Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.

Published: 4/7/2016 2:59:01 PM

 

CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

 

CVE-2016-3947

Summary: Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.

Published: 4/7/2016 2:59:00 PM

 

CVSS Severity: v3 - 8.2 HIGH      v2 - 7.5 HIGH

 

CVE-2016-1563

Summary: NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: 4/7/2016 6:59:02 AM

 

CVSS Severity: v3 - 6.8 MEDIUM      v2 - 5.8 MEDIUM

 

CVE-2016-1019

Summary: Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016.

Published: 4/7/2016 6:59:01 AM

 

CVSS Severity: v3 - 9.8 CRITICAL      v2 - 10.0 HIGH

 

CVE-2016-0888

Summary: EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors.

Published: 4/7/2016 6:59:00 AM

 

CVSS Severity: v3 - 8.8 HIGH      v2 - 9.0 HIGH

 

CVE-2016-2292

Summary: Stack-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors.

Published: 4/6/2016 7:59:18 PM

 

CVSS Severity: v3 - 6.5 MEDIUM      v2 - 4.3 MEDIUM

 

CVE-2016-2291

Summary: Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allow remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.

Published: 4/6/2016 7:59:17 PM

 

CVSS Severity: v3 - 6.5 MEDIUM      v2 - 4.3 MEDIUM

 

CVE-2016-2290

Summary: Heap-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors.

Published: 4/6/2016 7:59:16 PM

 

CVSS Severity: v3 - 8.8 HIGH      v2 - 6.8 MEDIUM

 

CVE-2016-2277

Summary: IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) before 9.6.0.8 and 9.7.x before 9.7.0.2 allows remote attackers to execute arbitrary code via a crafted project file.

Published: 4/6/2016 7:59:15 PM

 

CVSS Severity: v3 - 6.3 MEDIUM      v2 - 6.9 MEDIUM

 

CVE-2016-2272

Summary: Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to have an unspecified impact via a modified cookie.

Published: 4/6/2016 7:59:14 PM

 

CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

 

CVE-2016-1346

Summary: The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673.

Published: 4/6/2016 7:59:13 PM

 

CVSS Severity: v3 - 5.9 MEDIUM      v2 - 7.1 HIGH

 

CVE-2016-1313

Summary: Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to obtain root access via unspecified vectors, aka Bug ID CSCun71294.

Published: 4/6/2016 7:59:12 PM

 

CVSS Severity: v3 - 9.8 CRITICAL      v2 - 10.0 HIGH

 

CVE-2016-1291

Summary: Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.

Published: 4/6/2016 7:59:11 PM

 

CVSS Severity: v3 - 9.8 CRITICAL      v2 - 9.3 HIGH

 

CVE-2016-1290

Summary: The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227.

Published: 4/6/2016 7:59:10 PM

 

CVSS Severity: v3 - 8.1 HIGH      v2 - 5.5 MEDIUM

 

CVE-2016-1174

Summary: Cross-site request forgery (CSRF) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to hijack the authentication of administrators.

Published: 4/6/2016 7:59:09 PM

 

CVSS Severity: v3 - 8.8 HIGH      v2 - 6.8 MEDIUM

 

 

 

 <<< New  Older >>>