2016 VULNERABILITY DATABASE

 

 

CVE-2016-1395

Summary: The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428.

Published: 6/18/2016 9:59:03 PM

 

CVSS Severity: v3 - 9.8 CRITICAL      v2 - 10.0 HIGH

 

CVE-2016-1224

Summary: CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors.

Published: 6/18/2016 9:59:02 PM

 

CVSS Severity: v3 - 6.1 MEDIUM      v2 - 4.3 MEDIUM

 

CVE-2016-1223

Summary: Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors.

Published: 6/18/2016 9:59:01 PM

 

CVSS Severity: v3 - 5.3 MEDIUM      v2 - 5.0 MEDIUM

 

CVE-2016-1183

Summary: NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname.

Published: 6/18/2016 9:59:00 PM

 

CVE-2016-1432

Summary: Cisco IOS XE 3.15S and 3.16S on cBR-8 Converged Broadband Router devices allows remote authenticated users to cause a denial of service (NULL pointer dereference and card restart) via a crafted SNMP request, aka Bug ID CSCuu68862.

Published: 6/17/2016 9:59:02 PM

 

CVE-2016-1431

Summary: Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur25516.

Published: 6/17/2016 9:59:01 PM

 

CVE-2016-1427

Summary: The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694.

Published: 6/17/2016 9:59:00 PM

 

CVE-2016-5433

Summary: Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors.

Published: 6/17/2016 11:59:05 AM

 

CVE-2016-5363

Summary: The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) crafted non-IP traffic.

Published: 6/17/2016 11:59:04 AM

 

CVE-2016-5362

Summary: The IPTables firewall in OpenStack Neutron 7.0.x through 7.0.4 (Liberty) and 8.0.x through 8.1.0 (Mitaka) allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message.

Published: 6/17/2016 11:59:03 AM

 

CVE-2016-3643

Summary: SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd."

Published: 6/17/2016 11:59:02 AM

 

CVE-2016-3642

Summary: The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Published: 6/17/2016 11:59:01 AM

 

CVE-2015-8914

Summary: The IPTables firewall in OpenStack Neutron 7.0.x through 7.0.4 (Liberty) and 8.0.x through 8.1.0 (Mitaka) allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address.

Published: 6/17/2016 11:59:00 AM

 

CVE-2016-5300

Summary: The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.

Published: 6/16/2016 2:59:10 PM

 

CVE-2016-3687

Summary: Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, and 11.6.x before 11.6.0 HF6 and Edge Gateway 11.2.1, when using multi-domain single sign-on (SSO), allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in the SSO_ORIG_URI parameter.

Published: 6/16/2016 2:59:09 PM

 

CVE-2016-3062

Summary: The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.

Published: 6/16/2016 2:59:08 PM

 

CVE-2016-2841

Summary: The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control.

Published: 6/16/2016 2:59:07 PM

 

CVE-2016-2538

Summary: Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function.

Published: 6/16/2016 2:59:06 PM

 

CVSS Severity: v3 - 7.1 HIGH      v2 - 3.6 LOW

 

CVE-2016-2392

Summary: The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet.

Published: 6/16/2016 2:59:04 PM

 

CVE-2016-2391

Summary: The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.

Published: 6/16/2016 2:59:03 PM

 

CVE-2012-6702

Summary: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.

Published: 6/16/2016 2:59:00 PM

 

CVE-2016-5361

Summary: programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each.

Published: 6/16/2016 10:59:51 AM

 

CVE-2016-4171

Summary: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.

Published: 6/16/2016 10:59:51 AM

 

CVSS Severity: v3 - 9.8 CRITICAL      v2 - 10.0 HIGH

 

CVE-2016-4167

Summary: Adobe DNG Software Development Kit (SDK) before 1.4 2016 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Published: 6/16/2016 10:59:50 AM

 

CVSS Severity: v3 - 9.8 CRITICAL      v2 - 7.5 HIGH

 

 

<<< New  Older >>>