2016 VULNERABILITY DATABASE
CVE-2016-2786
Summary: The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate.
Published: 6/10/2016 11:59:01 AM
CVE-2016-2785
Summary: Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.
Published: 6/10/2016 11:59:00 AM
CVE-2016-4527
Summary: ABB PCM600 before 2.7 improperly stores PCM600 authentication credentials, which allows local users to obtain sensitive information via unspecified vectors.
Published: 6/9/2016 9:59:14 PM
CVE-2016-4524
Summary: ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords in unspecified temporary circumstances, which allows local users to obtain sensitive information via unknown vectors.
Published: 6/9/2016 9:59:13 PM
CVE-2016-4516
Summary: ABB PCM600 before 2.7 improperly stores the main application password after a password change, which allows local users to obtain sensitive information via unspecified vectors.
Published: 6/9/2016 9:59:12 PM
CVE-2016-4511
Summary: ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to the ACTConfig configuration file.
Published: 6/9/2016 9:59:11 PM
CVE-2016-4495
Summary: KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow remote attackers to bypass intended access restrictions and read a configuration file via unspecified vectors.
Published: 6/9/2016 9:59:10 PM
CVSS Severity: v3 - 5.3 MEDIUM v2 - 5.0 MEDIUM
CVE-2016-4494
Summary: Cross-site request forgery (CSRF) vulnerability on KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allows remote attackers to hijack the authentication of unspecified victims for requests that disclose the contents of a configuration file.
Published: 6/9/2016 9:59:08 PM
CVSS Severity: v3 - 8.8 HIGH v2 - 6.8 MEDIUM
CVE-2016-4328
Summary: MEDHOST Perioperative Information Management System (aka PIMS or VPIMS) before 2015R1 has hardcoded credentials, which makes it easier for remote attackers to obtain sensitive information via direct requests to the application database server.
Published: 6/9/2016 9:59:07 PM
CVSS Severity: v3 - 9.8 CRITICAL v2 - 10.0 HIGH
CVE-2016-4326
Summary: The Chef Manage (formerly opscode-manage) add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie.
Published: 6/9/2016 9:59:06 PM
CVSS Severity: v3 - 9.8 CRITICAL v2 - 7.5 HIGH
CVE-2016-1421
Summary: The web application on Cisco IP 8800 devices allows remote attackers to cause a denial of service (out-of-bounds memory access and web-server outage) via a crafted request, aka Bug ID CSCuz03034.
Published: 6/9/2016 9:59:06 PM
CVSS Severity: v3 - 7.5 HIGH v2 - 5.0 MEDIUM
CVE-2016-1420
Summary: The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347.
Published: 6/9/2016 9:59:05 PM
CVSS Severity: v3 - 7.8 HIGH v2 - 7.2 HIGH
CVE-2016-1419
Summary: Cisco Access Point devices with software 8.2(102.43) allow remote attackers to cause a denial of service (device reload) via crafted ARP packets, aka Bug ID CSCuy55803.
Published: 6/9/2016 9:59:04 PM
CVSS Severity: v3 - 8.1 HIGH v2 - 6.8 MEDIUM
CVE-2016-0916
Summary: EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance.
Published: 6/9/2016 9:59:02 PM
CVSS Severity: v3 - 9.8 CRITICAL v2 - 10.0 HIGH
CVE-2016-0910
Summary: EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors.
Published: 6/9/2016 9:59:01 PM
CVSS Severity: v3 - 8.8 HIGH v2 - 4.3 MEDIUM
CVE-2015-8268
Summary: The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors.
Published: 6/9/2016 9:59:00 PM
CVSS Severity: v3 - 7.5 HIGH v2 - 5.0 MEDIUM
CVE-2016-4449
Summary: XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
Published: 6/9/2016 12:59:07 PM
CVE-2016-4448
Summary: Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
Published: 6/9/2016 12:59:06 PM
CVE-2016-4447
Summary: The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
Published: 6/9/2016 12:59:05 PM
CVE-2016-2150
Summary: SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.
Published: 6/9/2016 12:59:04 PM
CVE-2016-1582
Summary: LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors.
Published: 6/9/2016 12:59:03 PM
CVE-2016-1581
Summary: LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors.
Published: 6/9/2016 12:59:01 PM
CVE-2016-0749
Summary: The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.
Published: 6/9/2016 12:59:00 PM
CVE-2016-4532
Summary: Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname.
Published: 6/9/2016 6:59:05 AM
CVE-2016-4523
Summary: The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors.
Published: 6/9/2016 6:59:04 AM
CVSS Severity: v3 - 7.5 HIGH v2 - 5.0 MEDIUM
CVE-2016-4510
Summary: The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors.
Published: 6/9/2016 6:59:03 AM
CVE-2016-4370
Summary: HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before 9.32.0002 allows remote authenticated users to execute arbitrary commands or obtain sensitive information via unspecified vectors.
Published: 6/9/2016 6:59:01 AM
CVE-2016-2310
Summary: General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface.
Published: 6/9/2016 6:59:00 AM
CVE-2016-3738
Summary: Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod.
Published: 6/8/2016 1:59:07 PM
CVSS Severity: v3 - 8.8 HIGH v2 - 6.5 MEDIUM
CVE-2016-3711
Summary: HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.
Published: 6/8/2016 1:59:06 PM
CVSS Severity: v3 - 3.3 LOW v2 - 2.1 LOW
CVE-2016-3708
Summary: Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary.
Published: 6/8/2016 1:59:05 PM
CVSS Severity: v3 - 7.1 HIGH v2 - 5.5 MEDIUM
CVE-2016-3703
Summary: Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter.
Published: 6/8/2016 1:59:04 PM
CVSS Severity: v3 - 5.3 MEDIUM v2 - 3.5 LOW
CVE-2016-2160
Summary: Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.
Published: 6/8/2016 1:59:03 PM
CVSS Severity: v3 - 8.8 HIGH v2 - 9.0 HIGH
CVE-2016-2149
Summary: Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace.
Published: 6/8/2016 1:59:01 PM
CVSS Severity: v3 - 6.5 MEDIUM v2 - 4.0 MEDIUM
CVE-2016-2142
Summary: Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file.
Published: 6/8/2016 1:59:00 PM
CVSS Severity: v3 - 5.5 MEDIUM v2 - 2.1 LOW
CVE-2016-5108
Summary: Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file.
Published: 6/8/2016 11:00:04 AM