• HOME

  • ABOUT US

  • SERVICES

  • CONTACT

  • KNOWLEDGE

  • BUY ONLINE

  • More

    CYBER SECURITY ASSESSMENTS // PENETRATION TESTING // DATA SECURITY // IT SECURITY // SECURITY AUDITS // DIGITAL FORENSICS // CYBER INTELLIGENCE

                                        2016 VULNERABILITY DATABASE

     

     

    CVE-2016-3239

    Summary: The Print Spooler service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via vectors involving filesystem write operations, aka "Windows Print Spooler Elevation of Privilege Vulnerability."

    Published: 7/12/2016 9:59:02 PM

     

    CVSS Severity: v3 - 7.8 HIGH      v2 - 7.2 HIGH

     

    CVE-2016-3238

    Summary: The Print Spooler service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows man-in-the-middle attackers to execute arbitrary code by providing a crafted print driver during printer installation, aka "Windows Print Spooler Remote Code Execution Vulnerability."

    Published: 7/12/2016 9:59:01 PM

     

    CVSS Severity: v3 - 8.1 HIGH      v2 - 9.3 HIGH

     

    CVE-2016-3204

    Summary: The Microsoft (1) JScript 5.8 and 9 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

    Published: 7/12/2016 9:59:00 PM

     

    CVSS Severity: v3 - 8.8 HIGH      v2 - 9.3 HIGH

     

    CVE-2016-6174

    Summary: applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter.

    Published: 7/12/2016 3:59:09 PM

     

    CVSS Severity: v3 - 8.1 HIGH      v2 - 6.8 MEDIUM

     

    CVE-2016-5850

    Summary: Cross-site scripting (XSS) vulnerability in the volume backup service module in Huawei Public Cloud Solution before 1.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

    Published: 7/12/2016 3:59:08 PM

     

    CVSS Severity: v3 - 5.4 MEDIUM      v2 - 3.5 LOW

     

    CVE-2016-5774

    Summary: The HTTPS server in Blue Coat PacketShaper S-Series 11.5.x before 11.5.3.2 might allow remote attackers to obtain sensitive credentials and other information via unspecified vectors, related to use of insecure cryptographic parameters.

    Published: 7/12/2016 3:59:07 PM

     

    CVSS Severity: v3 - 8.1 HIGH      v2 - 4.3 MEDIUM

     

    CVE-2016-5009

    Summary: The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.

    Published: 7/12/2016 3:59:06 PM

     

    CVSS Severity: v3 - 6.5 MEDIUM      v2 - 4.0 MEDIUM

     

    CVE-2016-4994

    Summary: Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file.

    Published: 7/12/2016 3:59:05 PM

     

    CVSS Severity: v3 - 7.8 HIGH      v2 - 6.8 MEDIUM

     

    CVE-2016-4985

    Summary: The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource.

    Published: 7/12/2016 3:59:04 PM

     

    CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

     

    CVE-2016-4428

    Summary: Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.

    Published: 7/12/2016 3:59:03 PM

     

    CVSS Severity: v3 - 5.4 MEDIUM      v2 - 3.5 LOW

     

    CVE-2016-2219

    Summary: Cross-site scripting (XSS) vulnerability in the management interface in Palo Alto Networks PAN-OS 7.x before 7.0.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

    Published: 7/12/2016 3:59:02 PM

     

    CVSS Severity: v3 - 5.4 MEDIUM      v2 - 3.5 LOW

     

    CVE-2015-3192

    Summary: Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

    Published: 7/12/2016 3:59:00 PM

     

    CVSS Severity: v3 - 5.5 MEDIUM      v2 - 4.3 MEDIUM

     

    CVE-2016-5781

    Summary: Stack-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file.

    Published: 7/11/2016 10:00:13 PM

     

    CVE-2016-5308

    Summary: The Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security allows remote attackers to cause a denial of service (memory corruption and system crash) via a malformed Portable Executable (PE) file.

    Published: 7/11/2016 10:00:12 PM

     

    CVE-2016-4831

    Summary: Untrusted search path vulnerability in LINE and LINE Installer 4.7.0 and earlier on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

    Published: 7/11/2016 10:00:11 PM

     

    CVE-2016-4533

    Summary: Heap-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file.

    Published: 7/11/2016 10:00:10 PM

     

    CVE-2016-4503

    Summary: Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserId value.

    Published: 7/11/2016 10:00:09 PM

     

    CVE-2016-2206

    Summary: The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download configuration file.

    Published: 7/11/2016 10:00:06 PM

     

    CVE-2016-2205

    Summary: Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors.

    Published: 7/11/2016 10:00:05 PM

     

    CVE-2016-1445

    Summary: Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 allows remote attackers to bypass intended ICMP Echo Reply ACLs via vectors related to subtypes.

    Published: 7/11/2016 9:59:45 PM

     

    CVE-2016-3818

    Summary: libc in Android 4.x before 4.4.4 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28740702.

    Published: 7/10/2016 10:00:40 PM

     

    CVE-2016-3816

    Summary: The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28402240.

    Published: 7/10/2016 10:00:39 PM

     

    CVE-2016-3815

    Summary: The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28522274.

    Published: 7/10/2016 10:00:38 PM

     

    CVE-2016-3814

    Summary: The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28193342.

    Published: 7/10/2016 10:00:37 PM

     

    CVE-2016-3813

    Summary: The Qualcomm USB driver in Android before 2016-07-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28172322 and Qualcomm internal bug CR1010222.

    Published: 7/10/2016 10:00:36 PM

     

    CVE-2016-3812

    Summary: The MediaTek video codec driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28174833 and MediaTek internal bug ALPS02688832.

    Published: 7/10/2016 10:00:35 PM

     

    CVE-2016-3811

    Summary: The kernel video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28447556.

    Published: 7/10/2016 10:00:34 PM

     

    CVE-2016-3810

    Summary: The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28175522 and MediaTek internal bug ALPS02694389.

    Published: 7/10/2016 10:00:34 PM

     

    CVE-2016-3809

    Summary: The networking component in Android before 2016-07-05 on Android One, Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus Player, and Pixel C devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 27532522.

    Published: 7/10/2016 10:00:33 PM

     

    CVE-2016-3808

    Summary: The serial peripheral interface driver in Android before 2016-07-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28430009.

    Published: 7/10/2016 10:00:32 PM

     

    CVE-2016-3807

    Summary: The serial peripheral interface driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28402196.

    Published: 7/10/2016 10:00:31 PM

     

    CVE-2016-3806

    Summary: The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28402341 and MediaTek internal bug ALPS02715341.

    Published: 7/10/2016 10:00:30 PM

     

     

    <<< New  Older >>>

    Trojan 1 | PCI Compliance | HIPAA Compliance | GLBA Compliance | GDPR Compliance | Penetration Testing | Web Application Assessment | Corporate Security Assessment | Cyber Threat Intelligence 24 / 7

     

    Cyber Breach Lawyers | Vulnerability Assessments | CISO On Demand | Black Ops | Secure Cloud | Personal Security Assessments | Small Business IT Security  | NY Cybersecurity Rule 23 NYCRR 500

     

    Ethical Hacking for Small Businesses | IT Compliance Small Business | Security Breach Management Solutions | Big Data Security | Corporate Randsomware

     

    Website Security for Small Businesses | Security Consulting Services | Enterprise Security Services | Drone & Robotic IT Security

     

    Complete IT/Cyber Security Assessment |  Security Governance Services | Security & Risk Management | Digital Forensics

     

    Social Engineering Testing  | Cyber Liability Insurance | Data Centers Transformation & Security | Secure Access and Continuity Solutions

     

    Mobility Management  & Security | Network Management  Security Solutions | EndPoint Security Solutions |  National Vulnerability Database

    2200 PENNSYLVANIA AVENUE | NW | 4TH FLOOR EAST​ | WASHINGTON, D.C. 20037​

    ​​Tel: 202.507.5773 | Fax: 202.507.5601​ |  ContactUs@TrojanHorseSecurity.com

     

    • s-linkedin
    • s-facebook
    • Google Metallic
    • YouTube Metallic
    • Pinterest Metallic
    • s-tbird

    © 2020  TROJAN HORSE SECURITY INC

    • HOME

    • ABOUT US

    • SERVICES

    • CONTACT

    • KNOWLEDGE

    • BUY ONLINE

    • More