2016 NATIONAL VULNERABILITY DATABASE

2016 VULNERABILITY DATABASE

CVE-2016-0277

Summary: Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0278, CVE-2016-0279, and CVE-2016-0301.

Published: 6/26/2016 10:59:02 AM

CVSS Severity: v3 - 7.8 HIGH v2 - 6.8 MEDIUM

CVE-2016-0259

Summary: runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass an intended +dsp authority requirement and obtain sensitive information via unspecified display commands.

Published: 6/26/2016 10:59:01 AM

CVSS Severity: v3 - 2.5 LOW v2 - 2.1 LOW

CVE-2015-7473

Summary: runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp.

Published: 6/26/2016 10:59:00 AM

CVSS Severity: v3 - 2.5 LOW v2 - 2.1 LOW

CVE-2016-5087

Summary: Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak permissions for configuration files and unspecified other files, which allows local users to suppress emergency notifications or change content via standard filesystem operations.

Published: 6/25/2016 9:59:04 PM

CVE-2016-4513

Summary: Cross-site scripting (XSS) vulnerability in the Schneider Electric PowerLogic PM8ECC module before 2.651 for PowerMeter 800 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: 6/25/2016 9:59:03 PM

CVE-2016-2901

Summary: Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Published: 6/25/2016 9:59:02 PM

CVE-2015-7988

Summary: The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors.

Published: 6/25/2016 9:59:01 PM

CVSS Severity: v3 - 9.8 CRITICAL v2 - 7.5 HIGH

CVE-2015-7987

Summary: Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function.

Published: 6/25/2016 9:59:00 PM

CVSS Severity: v3 - 9.8 CRITICAL v2 - 6.8 MEDIUM

CVE-2016-4828

Summary: The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account.

Published: 6/25/2016 5:59:10 PM

CVSS Severity: v3 - 6.5 MEDIUM v2 - 6.4 MEDIUM

CVE-2016-4827

Summary: Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826.

Published: 6/25/2016 5:59:09 PM

CVSS Severity: v3 - 6.1 MEDIUM v2 - 4.3 MEDIUM

CVE-2016-4826

Published: 6/25/2016 5:59:08 PM

CVSS Severity: v3 - 6.1 MEDIUM v2 - 4.3 MEDIUM

CVE-2016-4825

Summary: The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data.

Published: 6/25/2016 5:59:07 PM

CVSS Severity: v3 - 5.6 MEDIUM v2 - 6.8 MEDIUM

CVE-2016-4824

Summary: The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack.

Published: 6/25/2016 5:59:06 PM

CVSS Severity: v3 - 5.3 MEDIUM v2 - 5.0 MEDIUM

CVE-2016-4823

Summary: Corega CG-WLBARAGM devices allow remote attackers to cause a denial of service (reboot) via unspecified vectors.

Published: 6/25/2016 5:59:05 PM

CVSS Severity: v3 - 7.5 HIGH v2 - 7.8 HIGH

CVE-2016-4822

Summary: Corega CG-WLBARGL devices allow remote authenticated users to execute arbitrary commands via unspecified vectors.

Published: 6/25/2016 5:59:04 PM

CVSS Severity: v3 - 8.0 HIGH v2 - 5.2 MEDIUM

CVE-2016-1193

Summary: Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.

Published: 6/25/2016 5:59:03 PM

CVSS Severity: v3 - 7.5 HIGH v2 - 5.0 MEDIUM

CVE-2016-1190

Summary: Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors.

Published: 6/25/2016 5:59:02 PM

CVSS Severity: v3 - 6.5 MEDIUM v2 - 4.0 MEDIUM

CVE-2016-1189

Summary: Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.

Published: 6/25/2016 5:59:01 PM

CVSS Severity: v3 - 8.1 HIGH v2 - 5.5 MEDIUM

CVE-2016-1188

Summary: Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors.

Published: 6/25/2016 5:59:00 PM

CVSS Severity: v3 - 6.5 MEDIUM v2 - 4.0 MEDIUM

CVE-2016-4528

Summary: Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file.

Published: 6/24/2016 9:59:02 PM

CVSS Severity: v3 - 5.0 MEDIUM v2 - 4.3 MEDIUM

<<< New Older >>>