2016 VULNERABILITY DATABASE

 

 

CVE-2016-1999

Summary: The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

Published: 5/29/2016 9:59:01 PM

 

CVE-2016-0907

Summary: EMC Isilon OneFS 7.1.x anxd 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream, a similar issue to CVE-2016-2115.

Published: 5/29/2016 9:59:00 PM

 

CVE-2016-1409

Summary: The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in May 2016.

Published: 5/29/2016 6:59:01 PM

 

CVE-2016-1404

Summary: Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by sniffing network traffic to an Autosupport server and leveraging knowledge of this key from another installation, aka Bug ID CSCur85504.

Published: 5/29/2016 6:59:00 PM

 

CVE-2016-1413

Summary: The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517.

Published: 5/27/2016 9:59:02 PM

 

CVE-2016-1410

Summary: Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312.

Published: 5/27/2016 9:59:01 PM

 

CVE-2016-1379

Summary: Cisco Adaptive Security Appliance (ASA) Software 9.0 through 9.5.1 mishandles IPsec error processing, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted (1) LAN-to-LAN or (2) Remote Access VPN tunnel packets, aka Bug ID CSCuv70576.

Published: 5/27/2016 9:59:00 PM

 

CVE-2016-3681

Summary: Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted application, aka HWPSIRT-2016-03021.

Published: 5/26/2016 12:59:02 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 9.3 HIGH

 

CVE-2016-3680

Summary: Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted application, aka HWPSIRT-2016-03020.

Published: 5/26/2016 12:59:01 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 9.3 HIGH

 

CVE-2016-0718

Summary: Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

Published: 5/26/2016 12:59:00 PM

 

CVSS Severity: v3 - 9.8 CRITICAL      v2 - 7.5 HIGH

 

CVE-2016-1385

Summary: The XML parser in Cisco Adaptive Security Appliance (ASA) Software through 9.5.2 allows remote authenticated users to cause a denial of service (instability, memory consumption, or device reload) by leveraging (1) administrative access or (2) Clientless SSL VPN access to provide a crafted XML document, aka Bug ID CSCut14209.

Published: 5/26/2016 11:59:01 AM

 

CVSS Severity: v3 - 6.5 MEDIUM      v2 - 6.8 MEDIUM

 

CVE-2015-7360

Summary: Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface (WebUI) in Fortinet FortiSandbox before 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) serial parameter to alerts/summary/profile/; the (2) urlForCreatingReport parameter to csearch/report/export/; the (3) id parameter to analysis/detail/download/screenshot; or vectors related to (4) "Fortiview threats by users search filtered by vdom" or (5) "PCAP file download generated by the VM scan feature."

Published: 5/26/2016 11:59:00 AM

 

CVSS Severity: v3 - 6.1 MEDIUM      v2 - 4.3 MEDIUM

 

CVE-2016-4792

Summary: Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to disclose sign in pages via unspecified vectors.

Published: 5/26/2016 10:59:08 AM

 

CVSS Severity: v3 - 5.3 MEDIUM      v2 - 5.0 MEDIUM

 

CVE-2016-4791

Summary: The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors.

Published: 5/26/2016 10:59:07 AM

 

CVSS Severity: v3 - 8.6 HIGH      v2 - 6.4 MEDIUM

 

CVE-2016-4790

Summary: Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: 5/26/2016 10:59:06 AM

 

CVSS Severity: v3 - 5.5 MEDIUM      v2 - 3.5 LOW

 

CVE-2016-4789

Summary: Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: 5/26/2016 10:59:05 AM

 

CVSS Severity: v3 - 6.1 MEDIUM      v2 - 4.3 MEDIUM

 

CVE-2016-4788

Summary: Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors.

Published: 5/26/2016 10:59:04 AM

 

CVSS Severity: v3 - 5.8 MEDIUM      v2 - 5.0 MEDIUM

 

CVE-2016-4787

Summary: Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors.

Published: 5/26/2016 10:59:03 AM

 

CVSS Severity: v3 - 10.0 CRITICAL      v2 - 6.4 MEDIUM

 

CVE-2016-4786

Summary: Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.

Published: 5/26/2016 10:59:02 AM

 

CVSS Severity: v3 - 7.5 HIGH      v2 - 7.8 HIGH

 

CVE-2016-4021

Summary: The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string.

Published: 5/26/2016 10:59:01 AM

 

CVSS Severity: v3 - 7.5 HIGH      v2 - 7.8 HIGH

 

 

<<< New  Older >>>