2016 VULNERABILITY DATABASE
CVE-2016-0126
Summary: Microsoft Office 2013 SP1, 2013 RT SP1, and 2016 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Published: 5/10/2016 9:59:02 PM
CVSS Severity: v3 - 7.8 HIGH v2 - 9.3 HIGH
CVE-2016-4561
Summary: Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.
Published: 5/10/2016 3:59:04 PM
CVSS Severity: v3 - 6.1 MEDIUM v2 - 4.3 MEDIUM
CVE-2016-4556
Summary: Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.
Published: 5/10/2016 3:59:03 PM
CVSS Severity: v3 - 7.5 HIGH v2 - 5.0 MEDIUM
CVE-2016-4555
Summary: client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.
Published: 5/10/2016 3:59:02 PM
CVSS Severity: v3 - 7.5 HIGH v2 - 5.0 MEDIUM
CVE-2016-4554
Summary: mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crated HTTP Host header, aka a "header smuggling" issue.
Published: 5/10/2016 3:59:01 PM
CVSS Severity: v3 - 8.6 HIGH v2 - 5.0 MEDIUM
CVE-2016-4553
Summary: client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.
Published: 5/10/2016 3:59:00 PM
CVSS Severity: v3 - 8.6 HIGH v2 - 5.0 MEDIUM
CVE-2016-4350
Summary: Multiple SQL injection vulnerabilities in the Web Services web server in SolarWinds Storage Resource Monitor (SRM) Profiler (formerly Storage Manager (STM)) before 6.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) ScriptSchedule parameter in the ScriptServlet servlet; the (2) winEventId or (3) winEventLog parameter in the WindowsEventLogsServlet servlet; the (4) processOS parameter in the ProcessesServlet servlet; the (5) group, (6) groupName, or (7) clientName parameter in the BackupExceptionsServlet servlet; the (8) valDB or (9) valFS parameter in the BackupAssociationServlet servlet; the (10) orderBy or (11) orderDir parameter in the HostStorageServlet servlet; the (12) fileName, (13) sortField, or (14) sortDirection parameter in the DuplicateFilesServlet servlet; the (15) orderFld or (16) orderDir parameter in the QuantumMonitorServlet servlet; the (17) exitCode parameter in the NbuErrorMessageServlet servlet; the (18) udfName, (19) displayName, (20) udfDescription, (21) udfDataValue, (22) udfSectionName, or (23) udfId parameter in the UserDefinedFieldConfigServlet servlet; the (24) sortField or (25) sortDirection parameter in the XiotechMonitorServlet servlet; the (26) sortField or (27) sortDirection parameter in the BexDriveUsageSummaryServlet servlet; the (28) state parameter in the ScriptServlet servlet; the (29) assignedNames parameter in the FileActionAssignmentServlet servlet; the (30) winEventSource parameter in the WindowsEventLogsServlet servlet; or the (31) name, (32) ipOne, (33) ipTwo, or (34) ipThree parameter in the XiotechMonitorServlet servlet.
Published: 5/9/2016 4:59:04 PM
CVSS Severity: v3 - 9.8 CRITICAL v2 - 10.0 HIGH
CVE-2016-3105
Summary: The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.
Published: 5/9/2016 4:59:03 PM
CVSS Severity: v3 - 8.8 HIGH v2 - 6.8 MEDIUM
CVE-2015-5208
Summary: Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link.
Published: 5/9/2016 4:59:02 PM
CVSS Severity: v3 - 4.4 MEDIUM v2 - 4.3 MEDIUM
CVE-2015-5207
Summary: Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods.
Published: 5/9/2016 4:59:00 PM
CVSS Severity: v3 - 5.3 MEDIUM v2 - 7.5 HIGH
CVE-2016-4477
Summary: wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon outage), via a crafted (1) SET, (2) SET_CRED, or (3) SET_NETWORK command.
Published: 5/9/2016 6:59:42 AM
CVSS Severity: v3 - 7.8 HIGH v2 - 4.4 MEDIUM
CVE-2016-4476
Summary: hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation.
Published: 5/9/2016 6:59:41 AM
CVSS Severity: v3 - 7.5 HIGH v2 - 5.0 MEDIUM
CVE-2016-2462
Summary: OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles updates of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bug 27371173.
Published: 5/9/2016 6:59:40 AM
CVSS Severity: v3 - 7.0 HIGH v2 - 7.6 HIGH
CVE-2016-2461
Summary: OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles resets of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bugs 27324690 and 27696681.
Published: 5/9/2016 6:59:39 AM
CVSS Severity: v3 - 7.0 HIGH v2 - 7.6 HIGH
CVE-2016-2460
Summary: mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and IGraphicBufferProducer.cpp, aka internal bug 27555981.
Published: 5/9/2016 6:59:38 AM
CVSS Severity: v3 - 5.5 MEDIUM v2 - 4.3 MEDIUM
CVE-2016-2459
Summary: mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and IGraphicBufferProducer.cpp, aka internal bug 27556038.
Published: 5/9/2016 6:59:37 AM
CVSS Severity: v3 - 5.5 MEDIUM v2 - 4.3 MEDIUM
CVE-2016-2458
Summary: The compose functionality in AOSP Mail in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly restrict attachments, which allows attackers to obtain sensitive information via a crafted application, related to ComposeActivity.java and ComposeActivityEmail.java, aka internal bug 27335139.
Published: 5/9/2016 6:59:36 AM
CVSS Severity: v3 - 5.5 MEDIUM v2 - 4.3 MEDIUM
CVE-2016-2457
Summary: server/pm/UserManagerService.java in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to bypass intended restrictions on Wi-Fi configuration changes by leveraging guest access, aka internal bug 27411179.
Published: 5/9/2016 6:59:34 AM
CVSS Severity: v3 - 5.5 MEDIUM v2 - 2.1 LOW
CVE-2016-2456
Summary: The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 27275187.
Published: 5/9/2016 6:59:33 AM
CVSS Severity: v3 - 7.0 HIGH v2 - 5.1 MEDIUM
CVE-2016-2454
Summary: The Qualcomm hardware video codec in Android before 2016-05-01 on Nexus 5 devices allows remote attackers to cause a denial of service (reboot) via a crafted file, aka internal bug 26221024.
Published: 5/9/2016 6:59:32 AM
CVSS Severity: v3 - 5.5 MEDIUM v2 - 7.1 HIGH
