2016 VULNERABILITY DATABASE
CVE-2016-1685
Summary: core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.
Published: 6/5/2016 7:59:14 PM
CVSS Severity: v3 - 6.5 MEDIUM v2 - 4.3 MEDIUM
CVE-2016-1684
Summary: numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document.
Published: 6/5/2016 7:59:13 PM
CVSS Severity: v3 - 7.5 HIGH v2 - 5.1 MEDIUM
CVE-2016-1683
Summary: numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.
Published: 6/5/2016 7:59:12 PM
CVSS Severity: v3 - 7.5 HIGH v2 - 5.1 MEDIUM
CVE-2016-1682
Summary: The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a ServiceWorker registration.
Published: 6/5/2016 7:59:11 PM
CVSS Severity: v3 - 6.1 MEDIUM v2 - 4.3 MEDIUM
CVE-2016-1681
Summary: Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.
Published: 6/5/2016 7:59:10 PM
CVSS Severity: v3 - 8.8 HIGH v2 - 6.8 MEDIUM
CVE-2016-1680
Summary: Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via unknown vectors.
Published: 6/5/2016 7:59:08 PM
CVSS Severity: v3 - 8.8 HIGH v2 - 6.8 MEDIUM
CVE-2016-1679
Summary: The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.
Published: 6/5/2016 7:59:07 PM
CVSS Severity: v3 - 8.8 HIGH v2 - 6.8 MEDIUM
CVE-2016-1678
Summary: objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.
Published: 6/5/2016 7:59:06 PM
CVSS Severity: v3 - 8.8 HIGH v2 - 6.8 MEDIUM
CVE-2016-1677
Summary: uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion."
Published: 6/5/2016 7:59:05 PM
CVSS Severity: v3 - 6.5 MEDIUM v2 - 4.3 MEDIUM
CVE-2016-1676
Summary: extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
Published: 6/5/2016 7:59:04 PM
CVSS Severity: v3 - 8.8 HIGH v2 - 6.8 MEDIUM
CVE-2016-1675
Summary: Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp.
Published: 6/5/2016 7:59:03 PM
CVSS Severity: v3 - 8.8 HIGH v2 - 6.8 MEDIUM
CVE-2016-1674
Summary: The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
Published: 6/5/2016 7:59:02 PM
CVSS Severity: v3 - 8.8 HIGH v2 - 6.8 MEDIUM
CVE-2016-1673
Summary: Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
Published: 6/5/2016 7:59:01 PM
CVSS Severity: v3 - 8.8 HIGH v2 - 6.8 MEDIUM
CVE-2016-1672
Summary: The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vectors.
Published: 6/5/2016 7:59:00 PM
CVSS Severity: v3 - 8.8 HIGH v2 - 6.8 MEDIUM
CVE-2016-1230
Summary: Cross-site scripting (XSS) vulnerability in NTT PC Communications WebARENA Service formmail before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published: 6/4/2016 9:59:04 PM
CVSS Severity: v3 - 6.1 MEDIUM v2 - 4.3 MEDIUM
CVE-2016-1229
Summary: Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Published: 6/4/2016 9:59:03 PM
CVSS Severity: v3 - 5.4 MEDIUM v2 - 3.5 LOW
CVE-2016-1222
Summary: Cross-site scripting (XSS) vulnerability in Kobe Beauty php-contact-form before 2016-05-18 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.
Published: 6/4/2016 9:59:01 PM
CVSS Severity: v3 - 6.1 MEDIUM v2 - 4.3 MEDIUM
CVE-2016-1212
Summary: Directory traversal vulnerability in futomi MP Form Mail CGI Professional Edition 3.2.3 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors.
Published: 6/4/2016 9:59:00 PM
CVSS Severity: v3 - 2.7 LOW v2 - 4.0 MEDIUM
CVE-2016-4812
Summary: Cross-site scripting (XSS) vulnerability in the Markdown on Save Improved plugin before 2.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published: 6/4/2016 12:59:03 PM
CVE-2016-4564
Summary: The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
Published: 6/4/2016 12:59:02 PM
CVE-2016-4563
Summary: The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
Published: 6/4/2016 12:59:01 PM
CVE-2016-4562
Summary: The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
Published: 6/4/2016 12:59:00 PM
CVE-2016-1403
Summary: CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005.
Published: 6/4/2016 10:59:01 AM
CVE-2016-1211
Summary: Cross-site scripting (XSS) vulnerability in Epoch Web Mailing List 0.31 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published: 6/4/2016 10:59:00 AM
CVE-2016-1391
Summary: Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) allow remote authenticated users to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21889.
Published: 6/3/2016 9:59:03 PM
CVE-2016-1390
Summary: Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow local users to obtain root access via crafted CLI input, aka Bug ID CSCuy21892.
Published: 6/3/2016 9:59:02 PM
CVE-2016-0908
Summary: EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges.
Published: 6/3/2016 9:59:01 PM
CVE-2016-4804
Summary: The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function.
Published: 6/3/2016 10:59:06 AM
CVSS Severity: v3 - 6.2 MEDIUM v2 - 2.1 LOW
CVE-2016-3944
Summary: UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com.
Published: 6/3/2016 10:59:05 AM
CVE-2016-3096
Summary: The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.
Published: 6/3/2016 10:59:04 AM
CVE-2016-0376
Summary: The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.
Published: 6/3/2016 10:59:02 AM
CVE-2016-0363
Summary: The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.
Published: 6/3/2016 10:59:01 AM
CVE-2015-8872
Summary: The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error."
Published: 6/3/2016 10:59:00 AM
CVSS Severity: v3 - 6.2 MEDIUM v2 - 2.1 LOW
CVE-2016-1388
Summary: Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21882.
Published: 6/2/2016 10:01:07 PM
CVSS Severity: v3 - 9.8 CRITICAL v2 - 7.5 HIGH
CVE-2016-1370
Summary: Cisco Prime Network Analysis Module (NAM) before 6.2(1-b) miscalculates IPv6 payload lengths, which allows remote attackers to cause a denial of service (mond process crash and monitoring outage) via crafted IPv6 packets, aka Bug ID CSCuy37324.
Published: 6/2/2016 10:01:06 PM
CVSS Severity: v3 - 5.3 MEDIUM v2 - 5.0 MEDIUM