2016 VULNERABILITY DATABASE
CVE-2016-0277
Summary: Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0278, CVE-2016-0279, and CVE-2016-0301.
Published: 6/26/2016 10:59:02 AM
CVSS Severity: v3 - 7.8 HIGH v2 - 6.8 MEDIUM
CVE-2016-0259
Summary: runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass an intended +dsp authority requirement and obtain sensitive information via unspecified display commands.
Published: 6/26/2016 10:59:01 AM
CVSS Severity: v3 - 2.5 LOW v2 - 2.1 LOW
CVE-2015-7473
Summary: runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp.
Published: 6/26/2016 10:59:00 AM
CVSS Severity: v3 - 2.5 LOW v2 - 2.1 LOW
CVE-2016-5087
Summary: Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak permissions for configuration files and unspecified other files, which allows local users to suppress emergency notifications or change content via standard filesystem operations.
Published: 6/25/2016 9:59:04 PM
CVE-2016-4513
Summary: Cross-site scripting (XSS) vulnerability in the Schneider Electric PowerLogic PM8ECC module before 2.651 for PowerMeter 800 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published: 6/25/2016 9:59:03 PM
CVE-2016-2901
Summary: Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Published: 6/25/2016 9:59:02 PM
CVE-2015-7988
Summary: The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors.
Published: 6/25/2016 9:59:01 PM
CVSS Severity: v3 - 9.8 CRITICAL v2 - 7.5 HIGH
CVE-2015-7987
Summary: Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function.
Published: 6/25/2016 9:59:00 PM
CVSS Severity: v3 - 9.8 CRITICAL v2 - 6.8 MEDIUM
CVE-2016-4828
Summary: The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account.
Published: 6/25/2016 5:59:10 PM
CVSS Severity: v3 - 6.5 MEDIUM v2 - 6.4 MEDIUM
CVE-2016-4827
Summary: Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826.
Published: 6/25/2016 5:59:09 PM
CVSS Severity: v3 - 6.1 MEDIUM v2 - 4.3 MEDIUM
CVE-2016-4826
Summary: Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827.
Published: 6/25/2016 5:59:08 PM
CVSS Severity: v3 - 6.1 MEDIUM v2 - 4.3 MEDIUM
CVE-2016-4825
Summary: The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data.
Published: 6/25/2016 5:59:07 PM
CVSS Severity: v3 - 5.6 MEDIUM v2 - 6.8 MEDIUM
CVE-2016-4824
Summary: The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack.
Published: 6/25/2016 5:59:06 PM
CVSS Severity: v3 - 5.3 MEDIUM v2 - 5.0 MEDIUM
CVE-2016-4823
Summary: Corega CG-WLBARAGM devices allow remote attackers to cause a denial of service (reboot) via unspecified vectors.
Published: 6/25/2016 5:59:05 PM
CVSS Severity: v3 - 7.5 HIGH v2 - 7.8 HIGH
CVE-2016-4822
Summary: Corega CG-WLBARGL devices allow remote authenticated users to execute arbitrary commands via unspecified vectors.
Published: 6/25/2016 5:59:04 PM
CVSS Severity: v3 - 8.0 HIGH v2 - 5.2 MEDIUM
CVE-2016-1193
Summary: Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.
Published: 6/25/2016 5:59:03 PM
CVSS Severity: v3 - 7.5 HIGH v2 - 5.0 MEDIUM
CVE-2016-1190
Summary: Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors.
Published: 6/25/2016 5:59:02 PM
CVSS Severity: v3 - 6.5 MEDIUM v2 - 4.0 MEDIUM
CVE-2016-1189
Summary: Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.
Published: 6/25/2016 5:59:01 PM
CVSS Severity: v3 - 8.1 HIGH v2 - 5.5 MEDIUM
CVE-2016-1188
Summary: Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors.
Published: 6/25/2016 5:59:00 PM
CVSS Severity: v3 - 6.5 MEDIUM v2 - 4.0 MEDIUM
CVE-2016-4528
Summary: Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file.
Published: 6/24/2016 9:59:02 PM
CVSS Severity: v3 - 5.0 MEDIUM v2 - 4.3 MEDIUM