2016 VULNERABILITY DATABASE

 

 

CVE-2016-3239

Summary: The Print Spooler service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via vectors involving filesystem write operations, aka "Windows Print Spooler Elevation of Privilege Vulnerability."

Published: 7/12/2016 9:59:02 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 7.2 HIGH

 

CVE-2016-3238

Summary: The Print Spooler service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows man-in-the-middle attackers to execute arbitrary code by providing a crafted print driver during printer installation, aka "Windows Print Spooler Remote Code Execution Vulnerability."

Published: 7/12/2016 9:59:01 PM

 

CVSS Severity: v3 - 8.1 HIGH      v2 - 9.3 HIGH

 

CVE-2016-3204

Summary: The Microsoft (1) JScript 5.8 and 9 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

Published: 7/12/2016 9:59:00 PM

 

CVSS Severity: v3 - 8.8 HIGH      v2 - 9.3 HIGH

 

CVE-2016-6174

Summary: applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter.

Published: 7/12/2016 3:59:09 PM

 

CVSS Severity: v3 - 8.1 HIGH      v2 - 6.8 MEDIUM

 

CVE-2016-5850

Summary: Cross-site scripting (XSS) vulnerability in the volume backup service module in Huawei Public Cloud Solution before 1.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Published: 7/12/2016 3:59:08 PM

 

CVSS Severity: v3 - 5.4 MEDIUM      v2 - 3.5 LOW

 

CVE-2016-5774

Summary: The HTTPS server in Blue Coat PacketShaper S-Series 11.5.x before 11.5.3.2 might allow remote attackers to obtain sensitive credentials and other information via unspecified vectors, related to use of insecure cryptographic parameters.

Published: 7/12/2016 3:59:07 PM

 

CVSS Severity: v3 - 8.1 HIGH      v2 - 4.3 MEDIUM

 

CVE-2016-5009

Summary: The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.

Published: 7/12/2016 3:59:06 PM

 

CVSS Severity: v3 - 6.5 MEDIUM      v2 - 4.0 MEDIUM

 

CVE-2016-4994

Summary: Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file.

Published: 7/12/2016 3:59:05 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 6.8 MEDIUM

 

CVE-2016-4985

Summary: The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource.

Published: 7/12/2016 3:59:04 PM

 

CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

 

CVE-2016-4428

Summary: Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.

Published: 7/12/2016 3:59:03 PM

 

CVSS Severity: v3 - 5.4 MEDIUM      v2 - 3.5 LOW

 

CVE-2016-2219

Summary: Cross-site scripting (XSS) vulnerability in the management interface in Palo Alto Networks PAN-OS 7.x before 7.0.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Published: 7/12/2016 3:59:02 PM

 

CVSS Severity: v3 - 5.4 MEDIUM      v2 - 3.5 LOW

 

CVE-2015-3192

Summary: Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

Published: 7/12/2016 3:59:00 PM

 

CVSS Severity: v3 - 5.5 MEDIUM      v2 - 4.3 MEDIUM

 

CVE-2016-5781

Summary: Stack-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file.

Published: 7/11/2016 10:00:13 PM

 

CVE-2016-5308

Summary: The Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security allows remote attackers to cause a denial of service (memory corruption and system crash) via a malformed Portable Executable (PE) file.

Published: 7/11/2016 10:00:12 PM

 

CVE-2016-4831

Summary: Untrusted search path vulnerability in LINE and LINE Installer 4.7.0 and earlier on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

Published: 7/11/2016 10:00:11 PM

 

CVE-2016-4533

Summary: Heap-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file.

Published: 7/11/2016 10:00:10 PM

 

CVE-2016-4503

Summary: Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserId value.

Published: 7/11/2016 10:00:09 PM

 

CVE-2016-2206

Summary: The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download configuration file.

Published: 7/11/2016 10:00:06 PM

 

CVE-2016-2205

Summary: Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors.

Published: 7/11/2016 10:00:05 PM

 

CVE-2016-1445

Summary: Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 allows remote attackers to bypass intended ICMP Echo Reply ACLs via vectors related to subtypes.

Published: 7/11/2016 9:59:45 PM

 

CVE-2016-3818

Summary: libc in Android 4.x before 4.4.4 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28740702.

Published: 7/10/2016 10:00:40 PM

 

CVE-2016-3816

Summary: The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28402240.

Published: 7/10/2016 10:00:39 PM

 

CVE-2016-3815

Summary: The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28522274.

Published: 7/10/2016 10:00:38 PM

 

CVE-2016-3814

Summary: The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28193342.

Published: 7/10/2016 10:00:37 PM

 

CVE-2016-3813

Summary: The Qualcomm USB driver in Android before 2016-07-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28172322 and Qualcomm internal bug CR1010222.

Published: 7/10/2016 10:00:36 PM

 

CVE-2016-3812

Summary: The MediaTek video codec driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28174833 and MediaTek internal bug ALPS02688832.

Published: 7/10/2016 10:00:35 PM

 

CVE-2016-3811

Summary: The kernel video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28447556.

Published: 7/10/2016 10:00:34 PM

 

CVE-2016-3810

Summary: The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28175522 and MediaTek internal bug ALPS02694389.

Published: 7/10/2016 10:00:34 PM

 

CVE-2016-3809

Summary: The networking component in Android before 2016-07-05 on Android One, Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus Player, and Pixel C devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 27532522.

Published: 7/10/2016 10:00:33 PM

 

CVE-2016-3808

Summary: The serial peripheral interface driver in Android before 2016-07-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28430009.

Published: 7/10/2016 10:00:32 PM

 

CVE-2016-3807

Summary: The serial peripheral interface driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28402196.

Published: 7/10/2016 10:00:31 PM

 

CVE-2016-3806

Summary: The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28402341 and MediaTek internal bug ALPS02715341.

Published: 7/10/2016 10:00:30 PM

 

 

<<< New  Older >>>