• HOME

  • ABOUT US

  • SERVICES

  • CONTACT

  • KNOWLEDGE

  • BUY ONLINE

  • More

    CYBER SECURITY ASSESSMENTS // PENETRATION TESTING // DATA SECURITY // IT SECURITY // SECURITY AUDITS // DIGITAL FORENSICS // CYBER INTELLIGENCE

                                        2016 VULNERABILITY DATABASE

     

     

    CVE-2016-5367

    Summary: Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors, aka HWPSIRT-2016-05053.

    Published: 6/14/2016 10:59:06 AM

     

    CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

     

    CVE-2016-5366

    Summary: Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to modify configuration data via vectors related to a "file injection vulnerability," aka HWPSIRT-2016-05052.

    Published: 6/14/2016 10:59:04 AM

     

    CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

     

    CVE-2016-5365

    Summary: Stack-based buffer overflow in Huawei Honor WS851 routers with software 1.1.21.1 and earlier allows remote attackers to execute arbitrary commands with root privileges via unspecified vectors, aka HWPSIRT-2016-05051.

    Published: 6/14/2016 10:59:03 AM

     

    CVSS Severity: v3 - 9.8 CRITICAL      v2 - 10.0 HIGH

     

    CVE-2016-5338

    Summary: The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer.

    Published: 6/14/2016 10:59:02 AM

     

    CVSS Severity: v3 - 7.8 HIGH      v2 - 4.6 MEDIUM

     

    CVE-2016-5337

    Summary: The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information.

    Published: 6/14/2016 10:59:01 AM

     

    CVSS Severity: v3 - 5.5 MEDIUM      v2 - 2.1 LOW

     

    CVE-2016-5238

    Summary: The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode.

    Published: 6/14/2016 10:59:00 AM

     

    CVSS Severity: v3 - 5.5 MEDIUM      v2 - 2.1 LOW

     

    CVE-2016-4579

    Summary: Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl."

    Published: 6/13/2016 3:59:10 PM

     

    CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

     

    CVE-2016-4574

    Summary: Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356.

    Published: 6/13/2016 3:59:09 PM

     

    CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

     

    CVE-2016-4478

    Summary: Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.

    Published: 6/13/2016 3:59:09 PM

     

    CVE-2016-4414

    Summary: The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.

    Published: 6/13/2016 3:59:08 PM

     

    CVE-2016-4356

    Summary: The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data.

    Published: 6/13/2016 3:59:06 PM

     

    CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

     

    CVE-2016-4355

    Summary: Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.

    Published: 6/13/2016 3:59:05 PM

     

    CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

     

    CVE-2016-4354

    Summary: ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.

    Published: 6/13/2016 3:59:04 PM

     

    CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

     

    CVE-2016-4353

    Summary: ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data.

    Published: 6/13/2016 3:59:03 PM

     

    CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

     

    CVE-2016-3698

    Summary: libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network.

    Published: 6/13/2016 3:59:02 PM

     

    CVSS Severity: v3 - 8.1 HIGH      v2 - 6.8 MEDIUM

     

    CVE-2015-8869

    Summary: OCamel before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function.

    Published: 6/13/2016 3:59:01 PM

     

    CVE-2014-9773

    Summary: modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks.

    Published: 6/13/2016 3:59:00 PM

     

    CVE-2016-5302

    Summary: Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account.

    Published: 6/13/2016 10:59:10 AM

     

    CVE-2016-5234

    Summary: Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint control unit devices with software before V500R002C00SPC200 and RSE6500 videoconference devices with software before V500R002C00SPC100, when an unspecified service is enabled, allows remote attackers to execute arbitrary code via a crafted packet, aka HWPSIRT-2016-05054.

    Published: 6/13/2016 10:59:09 AM

     

    CVSS Severity: v3 - 8.1 HIGH      v2 - 9.3 HIGH

     

    CVE-2016-5104

    Summary: The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.

    Published: 6/13/2016 10:59:08 AM

     

    CVE-2016-4911

    Summary: The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.

    Published: 6/13/2016 10:59:07 AM

     

    CVE-2016-4005

    Summary: The Huawei Hilink App application before 3.19.2 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008.

    Published: 6/13/2016 10:59:06 AM

     

    CVE-2016-3677

    Summary: The Huawei Wear App application before 15.0.0.307 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008.

    Published: 6/13/2016 10:59:05 AM

     

    CVSS Severity: v3 - 6.5 MEDIUM      v2 - 6.8 MEDIUM

     

    CVE-2016-3670

    Summary: Cross-site scripting (XSS) vulnerability in users.jsp in the Profile Search functionality in Liferay before 7.0.0 CE RC1 allows remote attackers to inject arbitrary web script or HTML via the FirstName field.

    Published: 6/13/2016 10:59:03 AM

     

    CVSS Severity: v3 - 6.1 MEDIUM      v2 - 4.3 MEDIUM

     

    CVE-2016-2174

    Summary: SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime.

    Published: 6/13/2016 10:59:02 AM

     

    CVSS Severity: v3 - 7.2 HIGH      v2 - 6.5 MEDIUM

     

    CVE-2016-1543

    Summary: The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure.

    Published: 6/13/2016 10:59:01 AM

     

     

    <<< New  Older >>>

    Trojan 1 | PCI Compliance | HIPAA Compliance | GLBA Compliance | GDPR Compliance | Penetration Testing | Web Application Assessment | Corporate Security Assessment | Cyber Threat Intelligence 24 / 7

     

    Cyber Breach Lawyers | Vulnerability Assessments | CISO On Demand | Black Ops | Secure Cloud | Personal Security Assessments | Small Business IT Security  | NY Cybersecurity Rule 23 NYCRR 500

     

    Ethical Hacking for Small Businesses | IT Compliance Small Business | Security Breach Management Solutions | Big Data Security | Corporate Randsomware

     

    Website Security for Small Businesses | Security Consulting Services | Enterprise Security Services | Drone & Robotic IT Security

     

    Complete IT/Cyber Security Assessment |  Security Governance Services | Security & Risk Management | Digital Forensics

     

    Social Engineering Testing  | Cyber Liability Insurance | Data Centers Transformation & Security | Secure Access and Continuity Solutions

     

    Mobility Management  & Security | Network Management  Security Solutions | EndPoint Security Solutions |  National Vulnerability Database

    2200 PENNSYLVANIA AVENUE | NW | 4TH FLOOR EAST​ | WASHINGTON, D.C. 20037​

    ​​Tel: 202.507.5773 | Fax: 202.507.5601​ |  ContactUs@TrojanHorseSecurity.com

     

    • s-linkedin
    • s-facebook
    • Google Metallic
    • YouTube Metallic
    • Pinterest Metallic
    • s-tbird

    © 2020  TROJAN HORSE SECURITY INC

    • HOME

    • ABOUT US

    • SERVICES

    • CONTACT

    • KNOWLEDGE

    • BUY ONLINE

    • More