2016 VULNERABILITY DATABASE

 

 

CVE-2016-3186

Summary: Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.

Published: 4/19/2016 10:59:01 AM

 

CVE-2015-5479

Summary: The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.

Published: 4/19/2016 10:59:00 AM

 

CVE-2016-3972

Summary: Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter.

Published: 4/18/2016 11:59:04 AM

 

CVSS Severity: v3 - 2.7 LOW      v2 - 4.0 MEDIUM

 

CVE-2016-3971

Summary: Cross-site scripting (XSS) vulnerability in lucene_search.jsp in dotCMS before 3.5.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the query parameter to c/portal/layout.

Published: 4/18/2016 11:59:03 AM

 

CVSS Severity: v3 - 5.4 MEDIUM      v2 - 3.5 LOW

 

CVE-2016-3943

Summary: Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module.

Published: 4/18/2016 11:59:02 AM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 7.2 HIGH

 

CVE-2016-3941

Summary: Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."

Published: 4/18/2016 11:59:01 AM

 

CVSS Severity: v3 - 5.5 MEDIUM      v2 - 4.3 MEDIUM

 

CVE-2015-7378

Summary: Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe.

Published: 4/18/2016 11:59:00 AM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 7.2 HIGH

 

CVE-2016-4036

Summary: openSUSE and SUSE Linux Enterprise Server 11 SP 1 use weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading files in the directory.

Published: 4/18/2016 10:59:04 AM

 

CVSS Severity: v3 - 5.5 MEDIUM      v2 - 2.1 LOW

 

CVE-2016-3950

Summary: Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets.

Published: 4/18/2016 10:59:03 AM

 

CVSS Severity: v3 - 6.5 MEDIUM      v2 - 6.8 MEDIUM

 

CVE-2016-3071

Summary: Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform.

Published: 4/18/2016 10:59:02 AM

 

CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

 

CVE-2015-8106

Summary: Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file.

Published: 4/18/2016 10:59:01 AM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 9.3 HIGH

 

CVE-2015-7552

Summary: Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file.

Published: 4/18/2016 10:59:00 AM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 9.3 HIGH

 

CVE-2016-1659

Summary: Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: 4/18/2016 6:59:08 AM

 

CVSS Severity: v3 - 9.8 CRITICAL      v2 - 10.0 HIGH

 

CVE-2016-1658

Summary: The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.

Published: 4/18/2016 6:59:07 AM

 

CVSS Severity: v3 - 5.3 MEDIUM      v2 - 5.0 MEDIUM

 

CVE-2016-1657

Summary: The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL.

Published: 4/18/2016 6:59:06 AM

 

CVSS Severity: v3 - 4.3 MEDIUM      v2 - 4.3 MEDIUM

 

CVE-2016-1656

Summary: The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors.

Published: 4/18/2016 6:59:05 AM

 

CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

 

CVE-2016-1655

Summary: Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension.

Published: 4/18/2016 6:59:04 AM

 

CVSS Severity: v3 - 9.8 CRITICAL      v2 - 7.5 HIGH

 

CVE-2016-1654

Summary: The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors.

Published: 4/18/2016 6:59:03 AM

 

CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

 

CVE-2016-1653

Summary: The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related to compiler/pipeline.cc and compiler/simplified-lowering.cc.

Published: 4/18/2016 6:59:02 AM

 

CVSS Severity: v3 - 8.8 HIGH      v2 - 9.3 HIGH

 

CVE-2016-1652

Summary: Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."

Published: 4/18/2016 6:59:01 AM

 

CVSS Severity: v3 - 6.1 MEDIUM      v2 - 4.3 MEDIUM

 

<<< New  Older >>>