Feed aggregator

Infocus: Data Recovery on Linux and <i>ext3</i>

Security Focus - Mon, 05/23/2016 - 11:00
Data Recovery on Linux and <i>ext3</i>

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
Categories: security

Infocus: WiMax: Just Another Security Challenge?

Security Focus - Mon, 05/23/2016 - 11:00
WiMax: Just Another Security Challenge?
Categories: security

Gunter Ollmann: Time to Squish SQL Injection

Security Focus - Mon, 05/23/2016 - 11:00
Time to Squish SQL Injection
Categories: security

Mark Rasch: Lazy Workers May Be Deemed Hackers

Security Focus - Mon, 05/23/2016 - 11:00
Lazy Workers May Be Deemed Hackers

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
Categories: security

Adam O'Donnell: The Scale of Security

Security Focus - Mon, 05/23/2016 - 11:00
The Scale of Security
Categories: security

Mark Rasch: Hacker-Tool Law Still Does Little

Security Focus - Mon, 05/23/2016 - 11:00
Hacker-Tool Law Still Does Little
Categories: security

More rss feeds from SecurityFocus

Security Focus - Mon, 05/23/2016 - 11:00
News, Infocus, Columns, Vulnerabilities, Bugtraq ...
Categories: security

SB16-144: Vulnerability Summary for the Week of May 16, 2016

US-Cert alerts and bulletins - Mon, 05/23/2016 - 10:44
Original release date: May 23, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapache -- xerces_c++Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier does not properly handle exceptions raised in the XMLReader class, which allows context-dependent attackers to have unspecified impact via an invalid character in an XML document.2016-05-1310.0CVE-2016-2099
CONFIRM
MLISTapple -- itunesUntrusted search path vulnerability in the installer in Apple iTunes before 12.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory.2016-05-207.2CVE-2016-1742
CONFIRM
APPLEapple -- mac_os_xThe AMD subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2016-05-209.3CVE-2016-1792
CONFIRM
APPLEapple -- mac_os_xAppleGraphicsControl in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app, a different vulnerability than CVE-2016-1794.2016-05-209.3CVE-2016-1793
CONFIRM
APPLEapple -- mac_os_xAppleGraphicsControl in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app, a different vulnerability than CVE-2016-1793.2016-05-209.3CVE-2016-1794
CONFIRM
APPLEapple -- mac_os_xAppleGraphicsPowerManagement in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2016-05-209.3CVE-2016-1795
CONFIRM
APPLEapple -- mac_os_xApple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app.2016-05-209.3CVE-2016-1797
CONFIRM
APPLEapple -- mac_os_xAudio in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2016-05-209.3CVE-2016-1799
CONFIRM
APPLEapple -- mac_os_xCaptive Network Assistant in Apple OS X before 10.11.5 mishandles a custom URL scheme, which allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.2016-05-209.3CVE-2016-1800
CONFIRM
APPLEapple -- apple_tvCoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.2016-05-209.3CVE-2016-1803
CONFIRM
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
APPLEapple -- mac_os_xThe Multi-Touch subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2016-05-209.3CVE-2016-1804
CONFIRM
APPLEapple -- mac_os_xCoreStorage in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.2016-05-209.3CVE-2016-1805
CONFIRM
APPLEapple -- mac_os_xCrash Reporter in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.2016-05-209.3CVE-2016-1806
CONFIRM
APPLEapple -- apple_tvThe Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2016-05-209.3CVE-2016-1808
CONFIRM
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
APPLEapple -- mac_os_xDisk Utility in Apple OS X before 10.11.5 uses incorrect encryption keys for disk images, which has unspecified impact and attack vectors.2016-05-207.8CVE-2016-1809
CONFIRM
APPLEapple -- mac_os_xThe Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2016-05-209.3CVE-2016-1810
CONFIRM
APPLEapple -- mac_os_xBuffer overflow in Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.2016-05-209.3CVE-2016-1812
CONFIRM
APPLEapple -- apple_tvIOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.2016-05-209.3CVE-2016-1813
CONFIRM
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
APPLEapple -- mac_os_xIOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2016-05-209.3CVE-2016-1815
CONFIRM
APPLEapple -- mac_os_xIOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.2016-05-209.3CVE-2016-1816
CONFIRM
APPLEapple -- apple_tvIOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1818 and CVE-2016-1819.2016-05-209.3CVE-2016-1817
CONFIRM
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
APPLEapple -- apple_tvIOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1819.2016-05-209.3CVE-2016-1818
CONFIRM
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
APPLEapple -- apple_tvIOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1818.2016-05-209.3CVE-2016-1819
CONFIRM
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
APPLEapple -- mac_os_xBuffer overflow in IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.2016-05-209.3CVE-2016-1820
CONFIRM
APPLEapple -- mac_os_xIOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.2016-05-209.3CVE-2016-1821
CONFIRM
APPLEapple -- mac_os_xIOFireWireFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2016-05-209.3CVE-2016-1822
CONFIRM
APPLEapple -- apple_tvIOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1824.2016-05-209.3CVE-2016-1823
CONFIRM
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
APPLEapple -- apple_tvIOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1823.2016-05-209.3CVE-2016-1824
CONFIRM
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
APPLEapple -- mac_os_xIOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2016-05-209.3CVE-2016-1825
CONFIRM
APPLEapple -- mac_os_xInteger overflow in the dtrace implementation in the kernel in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.2016-05-209.3CVE-2016-1826
CONFIRM
APPLEapple -- apple_tvThe kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1828, CVE-2016-1829, and CVE-2016-1830.2016-05-209.3CVE-2016-1827
CONFIRM
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
APPLEapple -- apple_tvThe kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1829, and CVE-2016-1830.2016-05-209.3CVE-2016-1828
CONFIRM
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
APPLEapple -- apple_tvThe kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1828, and CVE-2016-1830.2016-05-208.5CVE-2016-1829
CONFIRM
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
APPLEapple -- apple_tvThe kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1828, and CVE-2016-1829.2016-05-208.5CVE-2016-1830
CONFIRM
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
APPLEapple -- apple_tvThe kernel in Apple iOS before 9.3.2 and OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2016-05-209.3CVE-2016-1831
CONFIRM
CONFIRM
APPLE
APPLEapple -- mac_os_xThe NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2016-05-209.3CVE-2016-1846
CONFIRM
APPLEbotan_project -- botanInteger overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow.2016-05-1310.0CVE-2016-2195
DEBIAN
MLIST
CONFIRMbotan_project -- botanHeap-based buffer overflow in the P-521 reduction function in Botan 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (memory overwrite and crash) or execute arbitrary code via unspecified vectors.2016-05-1310.0CVE-2016-2196
MLIST
CONFIRMcanonical -- ubuntu-core-launcherThe setup_snappy_os_mounts function in the ubuntu-core-launcher package before 1.0.27.1 improperly determines the mount point of bind mounts when using snaps, which might allow remote attackers to obtain sensitive information or gain privileges via a snap with a name starting with "ubuntu-core."2016-05-1310.0CVE-2016-1580
CONFIRM
UBUNTUenlightenment -- imlib2Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation.2016-05-137.5CVE-2016-4024
MLIST
CONFIRM
DEBIANgoogle -- chromeBlink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp.2016-05-148.3CVE-2016-1661
CONFIRM
CONFIRM
CONFIRMgoogle -- chromeextensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.2016-05-1410.0CVE-2016-1662
CONFIRM
CONFIRM
CONFIRMgoogle -- chromeMultiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.2016-05-147.5CVE-2016-1666
CONFIRM
CONFIRM
CONFIRM
CONFIRMgoogle -- chromeThe Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.2016-05-149.3CVE-2016-1669
CONFIRM
CONFIRM
CONFIRMlantronix -- xprintserver_firmwareLantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors.2016-05-1410.0CVE-2016-4325
CERT-VNmeteocontrol -- web'log_basic_100Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.2016-05-147.5CVE-2016-2296
MISCmeteocontrol -- web'log_basic_100Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature."2016-05-149.7CVE-2016-2297
MISCmeteocontrol -- web'log_basic_100Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors.2016-05-1410.0CVE-2016-2298
MISCninjaforms -- ninja_formsThe Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.2016-05-147.5CVE-2016-1209
CONFIRM
CONFIRM
MISC
JVNDB
JVNoxide_project -- oxideUse-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to responding synchronously to permission requests.2016-05-137.5CVE-2016-1578
UBUNTUphp -- phpUse-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation.2016-05-167.5CVE-2015-4116
MISC
CONFIRM
CONFIRM
CONFIRMphp -- phpPHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files.2016-05-167.5CVE-2015-4598
CONFIRM
MLIST
CONFIRMphp -- phpThe SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.2016-05-1610.0CVE-2015-4599
CONFIRM
MLIST
CONFIRM
CONFIRMphp -- phpThe SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods.2016-05-1610.0CVE-2015-4600
CONFIRM
MLIST
CONFIRM
CONFIRMphp -- phpPHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600.2016-05-1610.0CVE-2015-4601
MLIST
CONFIRM
CONFIRMphp -- phpThe __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.2016-05-1610.0CVE-2015-4602
CONFIRM
MLIST
CONFIRM
CONFIRMphp -- phpThe exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue.2016-05-1610.0CVE-2015-4603
CONFIRM
MLIST
CONFIRMphp -- phpThe escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function.2016-05-1610.0CVE-2015-4642
CONFIRM
CONFIRM
MLIST
CONFIRMphp -- phpInteger overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.2016-05-167.5CVE-2015-4643
CONFIRM
CONFIRM
MLIST
CONFIRMphp -- phpThe phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call.2016-05-1610.0CVE-2015-5589
CONFIRM
CONFIRM
MLIST
CONFIRMphp -- phpMultiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.2016-05-167.5CVE-2015-6834
CONFIRM
CONFIRM
CONFIRM
CONFIRMphp -- phpThe session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content.2016-05-167.5CVE-2015-6835
CONFIRM
CONFIRMphp -- phpThe make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c.2016-05-167.5CVE-2015-8835
CONFIRM
CONFIRMphp -- phpStack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive.2016-05-1610.0CVE-2016-2554
CONFIRM
CONFIRM
CONFIRMphp -- phpFormat string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call.2016-05-207.5CVE-2016-4071
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
APPLEphp -- phpThe Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar/phar.c.2016-05-207.5CVE-2016-4072
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
APPLEsap -- netweaverThe Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack.2016-05-1310.0CVE-2010-5326
CERT
MISC
BID
MISC
MISCsymantec -- endpoint_encryptionUnquoted Windows search path vulnerability in EEDService in Symantec Endpoint Encryption (SEE) 11.x before 11.1.1 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.2016-05-137.2CVE-2015-8156
CONFIRM
BIDsymantec -- anti-virus_engineThe kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file.2016-05-199.4CVE-2016-2208
CONFIRMvmware -- playerVMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors.2016-05-1810.0CVE-2016-2077
CONFIRMxen -- xenThe guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.2016-05-187.2CVE-2016-4480
CONFIRMBack to top

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapache -- ambariThe File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration.2016-05-184.0CVE-2016-0731
CONFIRM
CONFIRM
CONFIRMapple -- iphone_osBuffer overflow in the Accessibility component in Apple iOS before 9.3.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.2016-05-204.3CVE-2016-1790
CONFIRM
APPLEapple -- mac_os_xThe AMD subsystem in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.2016-05-204.3CVE-2016-1791
CONFIRM
APPLEapple -- mac_os_xApple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds memory access) via a crafted app.2016-05-204.3CVE-2016-1796
CONFIRM
APPLEapple -- mac_os_xAudio in Apple OS X before 10.11.5 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.2016-05-204.3CVE-2016-1798
CONFIRM
APPLEapple -- apple_tvThe CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 mishandles URLs in http and https requests, which allows remote attackers to obtain sensitive information via unspecified vectors.2016-05-205.0CVE-2016-1801
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLEapple -- apple_tvCCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app.2016-05-204.3CVE-2016-1802
CONFIRM
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
APPLEapple -- apple_tvImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.2016-05-205.0CVE-2016-1811
CONFIRM
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
APPLEapple -- apple_tvIOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.2016-05-204.3CVE-2016-1814
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLEapple -- apple_tvlibc in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.2016-05-204.6CVE-2016-1832
CONFIRM
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
APPLEapple -- apple_tvlibxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840.2016-05-206.8CVE-2016-1833
CONFIRM
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
APPLEapple -- apple_tvlibxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840.2016-05-206.8CVE-2016-1834
CONFIRM
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
APPLEapple -- iphone_oslibxml2, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.2016-05-206.8CVE-2016-1835
CONFIRM
CONFIRM
APPLE
APPLEapple -- apple_tvlibxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840.2016-05-206.8CVE-2016-1836
CONFIRM
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
APPLEapple -- apple_tvlibxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840.2016-05-206.8CVE-2016-1837
CONFIRM
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
APPLEapple -- apple_tvlibxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1839, and CVE-2016-1840.2016-05-206.8CVE-2016-1838
CONFIRM
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
APPLEapple -- apple_tvlibxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, and CVE-2016-1840.2016-05-206.8CVE-2016-1839
CONFIRM
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
APPLEapple -- apple_tvlibxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, and CVE-2016-1839.2016-05-206.8CVE-2016-1840
CONFIRM
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
APPLEapple -- apple_tvlibxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.2016-05-206.8CVE-2016-1841
CONFIRM
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
APPLEapple -- iphone_osMapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.2016-05-205.0CVE-2016-1842
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLEapple -- mac_os_xThe Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors.2016-05-205.0CVE-2016-1843
CONFIRM
APPLEapple -- mac_os_xThe Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors.2016-05-205.0CVE-2016-1844
CONFIRM
APPLEapple -- apple_tvOpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.2016-05-206.8CVE-2016-1847
CONFIRM
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
APPLEapple -- mac_os_xQuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.2016-05-206.8CVE-2016-1848
CONFIRM
APPLEapple -- mac_os_xSceneKit in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.2016-05-206.8CVE-2016-1850
CONFIRM
APPLEapple -- mac_os_xTcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support.2016-05-205.0CVE-2016-1853
CONFIRM
APPLEapple -- safariWebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1855, CVE-2016-1856, and CVE-2016-1857.2016-05-206.8CVE-2016-1854
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLEapple -- safariWebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1856, and CVE-2016-1857.2016-05-206.8CVE-2016-1855
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLEapple -- safariWebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1857.2016-05-206.8CVE-2016-1856
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLEapple -- safariWebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856.2016-05-206.8CVE-2016-1857
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLEapple -- safariWebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site.2016-05-204.3CVE-2016-1858
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLEapple -- safariThe WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.2016-05-206.8CVE-2016-1859
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLEbotan_project -- botanThe Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group.2016-05-135.0CVE-2014-9742
MLIST
CONFIRMbotan_project -- botanThe BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data.2016-05-135.0CVE-2015-5726
DEBIAN
CONFIRMbotan_project -- botanBotan before 1.10.13 and 1.11.x before 1.11.22 makes it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.2016-05-135.0CVE-2015-7827
DEBIAN
MLIST
CONFIRMbotan_project -- botanThe ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus.2016-05-135.0CVE-2016-2194
DEBIAN
MLIST
MLIST
CONFIRMbotan_project -- botanBotan before 1.10.13 and 1.11.x before 1.11.29 does not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack.2016-05-135.0CVE-2016-2849
DEBIAN
MLIST
CONFIRMbotan_project -- botanBotan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors.2016-05-135.0CVE-2016-2850
MLIST
CONFIRMcisco -- iosThe packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15.2(2)EA2, and 15.2(4)EA on Industrial Ethernet 4000 devices and 15.2(2)EB and 15.2(2)EB1 on Industrial Ethernet 5000 devices allows remote attackers to cause a denial of service (packet data corruption) via crafted IPv4 ICMP packets, aka Bug ID CSCuy13431.2016-05-135.0CVE-2016-1399
CISCOcloudbees -- jenkinsCloudBees Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.2016-05-174.0CVE-2016-3721
CONFIRM
CONFIRM
CONFIRMcloudbees -- jenkinsCloudBees Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name."2016-05-174.0CVE-2016-3722
CONFIRM
CONFIRMcloudbees -- jenkinsCloudBees Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.2016-05-174.0CVE-2016-3723
CONFIRM
CONFIRMcloudbees -- jenkinsCloudBees Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.2016-05-174.0CVE-2016-3724
CONFIRM
CONFIRMcloudbees -- jenkinsCloudBees Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).2016-05-175.0CVE-2016-3725
CONFIRM
CONFIRMcloudbees -- jenkinsMultiple open redirect vulnerabilities in CloudBees Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.2016-05-175.8CVE-2016-3726
CONFIRM
CONFIRMcloudbees -- jenkinsThe API URL computer/(master)/api/xml in CloudBees Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.2016-05-174.0CVE-2016-3727
CONFIRM
CONFIRMenlightenment -- imlib2imlib2 before 1.4.9 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) by drawing a 2x1 ellipse.2016-05-135.0CVE-2011-5326
MLIST
CONFIRM
CONFIRM
DEBIANenlightenment -- imlib2imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a GIF image without a colormap.2016-05-135.0CVE-2014-9762
CONFIRM
CONFIRM
DEBIANenlightenment -- imlib2imlib2 before 1.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted PNM file.2016-05-135.0CVE-2014-9763
CONFIRM
CONFIRM
DEBIANenlightenment -- imlib2imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a crafted GIF file.2016-05-135.0CVE-2014-9764
CONFIRM
CONFIRM
DEBIANenlightenment -- imlib2Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted image, which triggers an invalid read operation.2016-05-135.0CVE-2014-9771
CONFIRM
CONFIRM
CONFIRM
CONFIRM
DEBIANenlightenment -- imlib2Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted coordinates.2016-05-135.0CVE-2016-3993
MLIST
CONFIRM
CONFIRM
DEBIANenlightenment -- imlib2The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read.2016-05-136.4CVE-2016-3994
MLIST
CONFIRM
CONFIRM
DEBIANf5 -- big-ip_access_policy_managerF5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP DNS 12.x before 12.0.0 HF1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 HF10; Enterprise Manager 3.0.0 through 3.1.1; BIG-IQ Cloud and BIG-IQ Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 on the 3900, 6900, 8900, 8950, 11000, 11050, PB100 and PB200 platforms, when software SYN cookies are configured on virtual servers, allow remote attackers to cause a denial of service (High-Speed Bridge hang) via an invalid TCP segment.2016-05-134.3CVE-2015-8099
CONFIRM
SECTRACK
SECTRACKfilemaker -- filemakerThe server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors.2016-05-145.0CVE-2016-1208
JVNDB
JVN
CONFIRMgnome -- librsvgThe _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document.2016-05-205.0CVE-2015-7557
CONFIRM
CONFIRM
MLISTgnome -- librsvglibrsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.2016-05-205.0CVE-2015-7558
CONFIRM
CONFIRM
MLIST
MLISTgnome -- librsvgThe _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.2016-05-205.0CVE-2016-4348
CONFIRM
MLIST
MLIST
MLIST
MLIST
SUSEgoogle -- chromeBlink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site.2016-05-146.8CVE-2016-1660
CONFIRM
CONFIRM
CONFIRM
CONFIRMgoogle -- chromeThe SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site.2016-05-146.8CVE-2016-1663
CONFIRM
CONFIRM
CONFIRMgoogle -- chromeThe HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site.2016-05-144.3CVE-2016-1664
CONFIRM
CONFIRM
CONFIRMgoogle -- chromeThe JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code.2016-05-144.3CVE-2016-1665
CONFIRM
CONFIRM
CONFIRMgoogle -- chromeThe TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.2016-05-146.8CVE-2016-1667
CONFIRM
CONFIRM
CONFIRMgoogle -- chromeThe forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.2016-05-146.8CVE-2016-1668
CONFIRM
CONFIRM
CONFIRMgoogle -- chromeGoogle Chrome before 50.0.2661.102 on Android mishandles / (slash) and \ (backslash) characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to net/base/escape.cc and net/base/filename_util.cc.2016-05-146.8CVE-2016-1671
MLIST
CONFIRM
CONFIRM
CONFIRMhp -- system_management_homepageHPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors.2016-05-146.6CVE-2016-2015
HPibm -- spss_statisticsStack-based buffer overflow in the Initialize function in an ActiveX control in IBM SPSS Statistics 19 and 20 before 20.0.0.2-IF0008, 21 before 21.0.0.2-IF0010, 22 before 22.0.0.2-IF0011, 23 before 23.0.0.3-IF0001, and 24 before 24.0.0.0-IF0003 allows remote authenticated users to execute arbitrary code via a long argument.2016-05-146.0CVE-2015-8530
CONFIRMibm -- websphere_application_serverIBM WebSphere Application Server (WAS) 7.0 before 7.0.0.41, 8.0 before 8.0.0.13, and 8.5 before 8.5.5.10, when FIPS 140-2 is enabled, misconfigures TLS, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.2016-05-174.3CVE-2016-0306
CONFIRM
AIXAPARibm -- bluemixThe Auto-Scaling agent in Liberty for Java in IBM Bluemix before 2.7-20160321-1358 allows remote authenticated users to disable X.509 certificate validation, and consequently bypass an intended HTTPS trust-management feature, via unspecified vectors.2016-05-174.0CVE-2016-0323
CONFIRMibm -- b2b_advanced_communicationsIBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 through 1.0.0.4 do not require HTTPS, which might allow remote attackers to obtain sensitive information by sniffing the network.2016-05-145.0CVE-2016-0341
CONFIRM
AIXAPARibm -- cognos_tm1IBM Cognos TM1 10.2.2 before FP5, when the host/pmhub/pm/admin AdminGroups setting is empty, allows remote authenticated users to cause a denial of service (configuration outage) via a non-empty value.2016-05-144.0CVE-2016-0381
CONFIRMjansson_project -- janssonJansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data.2016-05-175.0CVE-2016-4425
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
DEBIANmariadb -- mariadbOracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.2016-05-164.3CVE-2015-3152
MISC
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
MISCopenafs -- openafsOff-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes.2016-05-134.9CVE-2015-8312
CONFIRM
DEBIAN
CONFIRMopenafs -- openafsThe newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID.2016-05-134.0CVE-2016-2860
CONFIRM
MLIST
CONFIRM
DEBIAN
CONFIRMopenafs -- openafsThe client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic.2016-05-135.0CVE-2016-4536
CONFIRM
CONFIRM
MLISTphp -- phpfile before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a zero root_storage value in a CDF file, related to cdf.c and readcdf.c.2016-05-165.0CVE-2014-0236
CONFIRM
CONFIRM
CONFIRMphp -- phpPHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files.2016-05-166.4CVE-2015-3411
CONFIRM
CONFIRM
CONFIRMphp -- phpPHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension.2016-05-165.0CVE-2015-3412
CONFIRM
CONFIRM
CONFIRMphp -- phpThe mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.2016-05-165.0CVE-2015-4604
CONFIRM
MLIST
CONFIRM
CONFIRMphp -- phpThe mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.2016-05-165.0CVE-2015-4605
CONFIRM
MLIST
CONFIRM
CONFIRMphp -- phpThe php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352.2016-05-165.0CVE-2015-4644
CONFIRM
CONFIRM
MLIST
CONFIRMphp -- phpThe xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838.2016-05-165.0CVE-2015-6837
CONFIRM
CONFIRMphp -- phpThe xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837.2016-05-165.0CVE-2015-6838
CONFIRM
CONFIRMphp -- phpext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.2016-05-164.3CVE-2015-8838
CONFIRM
CONFIRM
CONFIRMphp -- phpStack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls.2016-05-165.0CVE-2015-8873
CONFIRM
CONFIRM
CONFIRMphp -- phpStack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.2016-05-165.0CVE-2015-8874
CONFIRM
CONFIRMphp -- phpThe make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c.2016-05-166.4CVE-2016-3185
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMqemu -- qemuThe esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors.2016-05-204.6CVE-2016-4439
MLIST
CONFIRM
MLISTtheforeman -- foremanForeman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission.2016-05-206.5CVE-2016-2100
MLIST
CONFIRM
CONFIRMtheforeman -- foremanEval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/.2016-05-206.8CVE-2016-3728
CONFIRM
MLIST
CONFIRM
CONFIRMx-stream -- xstreamMultiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document.2016-05-175.0CVE-2016-3674
CONFIRM
CONFIRM
MLIST
MLIST
DEBIANxmlsoft -- libxml2The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.2016-05-175.0CVE-2016-3627
MLIST
MLIST
FULLDISC
SUSExmlsoft -- libxml2The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.2016-05-175.0CVE-2016-3705
CONFIRM
FULLDISC
SUSEBack to top

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapache -- ambariThe agent in Apache Ambari before 2.1.2 uses weak permissions for the (1) /var/lib/ambari-agent/data and (2) /var/lib/ambari-agent/keys directories, which allows local users to obtain sensitive information by reading files in the directories.2016-05-182.1CVE-2016-0707
CONFIRMapple -- apple_tvRace condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors.2016-05-202.6CVE-2016-1807
CONFIRM
CONFIRM
CONFIRM
CONFIRM
APPLE
APPLE
APPLE
APPLEapple -- safariThe "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory.2016-05-202.1CVE-2016-1849
CONFIRM
CONFIRM
APPLE
APPLEapple -- mac_os_xThe Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows physically proximate attackers to reset expired passwords in the lock-screen state via unspecified vectors.2016-05-202.1CVE-2016-1851
CONFIRM
APPLEapple -- iphone_osSiri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state, which allows physically proximate attackers to obtain sensitive contact and photo information via unspecified vectors.2016-05-202.1CVE-2016-1852
CONFIRM
APPLEgoogle -- chromeRace condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID.2016-05-142.6CVE-2016-1670
CONFIRM
CONFIRM
CONFIRMhaxx -- curlThe (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate.2016-05-202.6CVE-2016-3739
CONFIRM
CONFIRM
CONFIRM
SECTRACKhp -- base-vxfs-50Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and default:user: entries, which allows local users to bypass intended access restrictions by leveraging the configuration of a parent directory.2016-05-142.1CVE-2016-2016
HPibm -- algo_oneCross-site scripting (XSS) vulnerability in IBM Algorithmics Algo One Algo Risk Application (ARA) 4.9.1 through 5.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.2016-05-143.5CVE-2016-0390
CONFIRMiodata -- wn-gdn/r3_firmwareThe WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-GDN/R3-S, and WN-GDN/R3-U devices does not limit PIN guesses, which allows remote attackers to obtain network access via a brute-force attack.2016-05-143.3CVE-2016-1206
CONFIRM
JVNDB
JVNiodata -- wn-g300r2_firmwareCross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R devices with firmware 1.12 and earlier, WN-G300R2 devices with firmware 1.12 and earlier, and WN-G300R3 devices with firmware 1.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2016-05-143.5CVE-2016-1207
CONFIRM
JVNDB
JVNqemu -- qemuThe get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command.2016-05-202.1CVE-2016-4441
MLIST
CONFIRM
MLISTBack to top

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocisco -- iseThe Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815.2016-05-20not yet calculatedCVE-2016-1402
CISCOcisco -- unified_computing_system_central_softwareCross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250.2016-05-20not yet calculatedCVE-2016-1401
CISCOphp -- fileinfoThe file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.2016-05-20not yet calculatedCVE-2015-8865
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
APPLE
CONFIRM
CONFIRMphp -- gd_graphics_libraryThe gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function.2016-05-21not yet calculatedCVE-2015-8877
CONFIRM
CONFIRM
CONFIRM
CONFIRMphp -- phpDirectory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive.2016-05-21not yet calculatedCVE-2014-9767
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRMphp -- phpDouble free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by triggering an error.2016-05-21not yet calculatedCVE-2015-8880
CONFIRMphp -- phpext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.2016-05-21not yet calculatedCVE-2015-8866
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRMphp -- phpext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive.2016-05-21not yet calculatedCVE-2016-4342
CONFIRM
MLIST
CONFIRM
CONFIRMphp -- phpInteger overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.2016-05-21not yet calculatedCVE-2016-4345
CONFIRM
MLIST
CONFIRMphp -- phpInteger overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.2016-05-21not yet calculatedCVE-2016-4346
CONFIRM
MLIST
CONFIRMphp -- phpmain/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses.2016-05-21not yet calculatedCVE-2015-8878
CONFIRM
CONFIRMphp -- phpMultiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call.2016-05-20not yet calculatedCVE-2016-4073
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
APPLEphp -- phpThe bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.2016-05-21not yet calculatedCVE-2016-4537
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRMphp -- phpThe bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.2016-05-21not yet calculatedCVE-2016-4538
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRMphp -- phpThe exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.2016-05-21not yet calculatedCVE-2016-4543
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRMphp -- phpThe exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.2016-05-21not yet calculatedCVE-2016-4542
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRMphp -- phpThe exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.2016-05-21not yet calculatedCVE-2016-4544
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRMphp -- phpThe grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.2016-05-21not yet calculatedCVE-2016-4540
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRMphp -- phpThe grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.2016-05-21not yet calculatedCVE-2016-4541
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRMphp -- phpThe odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.2016-05-21not yet calculatedCVE-2015-8879
CONFIRM
CONFIRMphp -- phpThe openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.2016-05-21not yet calculatedCVE-2015-8867
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRMphp -- phpThe phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.2016-05-21not yet calculatedCVE-2016-4343
CONFIRM
MLIST
MISC
MISCphp -- phpThe xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero.2016-05-21not yet calculatedCVE-2016-4539
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRMphp -- phpZend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data.2016-05-21not yet calculatedCVE-2015-8876
CONFIRM
CONFIRMphp --  phpInteger overflow in the xml_utf8_encode function in ext/xml/xml.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long argument to the utf8_encode function, leading to a heap-based buffer overflow.2016-05-21not yet calculatedCVE-2016-4344
CONFIRM
MLIST
CONFIRMruby -- safemode_gemThe Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.2016-05-20not yet calculatedCVE-2016-3693
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
CONFIRMwordpress -- media_elementCross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via the query string.2016-05-21not yet calculatedCVE-2016-4567
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLISTwordpress -- puploadCross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.2016-05-21not yet calculatedCVE-2016-4566
CONFIRM
MISC
CONFIRM
CONFIRM
CONFIRM
MLISTwordpress -- wordpressCross-site scripting (XSS) vulnerability in the user list table in WordPress before 4.3.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted e-mail address, a different vulnerability than CVE-2015-5714.2016-05-21not yet calculatedCVE-2015-7989
CONFIRM
CONFIRM
CONFIRM
CONFIRMwordpress -- wordpressCross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.2016-05-21not yet calculatedCVE-2015-5714
CONFIRM
CONFIRM
CONFIRM
CONFIRMwordpress -- wordpressCross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3440.2016-05-21not yet calculatedCVE-2015-8834
CONFIRM
CONFIRMwordpress -- wordpressMultiple cross-site scripting (XSS) vulnerabilities in wp-includes/class-wp-theme.php in WordPress before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a (1) stylesheet name or (2) template name to wp-admin/customize.php.2016-05-21not yet calculatedCVE-2016-1564
CONFIRM
CONFIRM
CONFIRM
MLIST
MISCwordpress -- wordpressOpen redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers incorrect hostname parsing, as demonstrated by an https:example.com URL.2016-05-21not yet calculatedCVE-2016-2221
CONFIRM
CONFIRM
CONFIRMwordpress -- wordpressThe wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address.2016-05-21not yet calculatedCVE-2016-2222
CONFIRM
CONFIRM
CONFIRMwordpress -- xmlrpcThe mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors.2016-05-21not yet calculatedCVE-2015-5715
CONFIRM
CONFIRM
CONFIRM
CONFIRMBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: security

Top Asian News 8:58 a.m. GMT (Yahoo Security)

SANS diary - Sun, 05/22/2016 - 10:00
Categories: security
Syndicate content