Weekly Vulnerabilities Reports > February 8 to 14, 2016

Overview

137 new vulnerabilities reported during this period, including 50 critical vulnerabilities and 17 high severity vulnerabilities. This weekly summary report vulnerabilities in 115 products from 33 vendors including Microsoft, Linux, Adobe, Apple, and Google. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", "Permissions, Privileges, and Access Controls", "Improper Input Validation", and "Cross-site Scripting".

  • 117 reported vulnerabilities are remotely exploitables.
  • 23 reported vulnerabilities have public exploit available.
  • 10 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 124 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 64 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 44 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

50 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-02-11 CVE-2016-1287 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Adaptive Security Appliance Software

Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco ASA Software before 8.4(7.30), 8.7 before 8.7(1.18), 9.0 before 9.0(4.38), 9.1 before 9.1(7), 9.2 before 9.2(4.5), 9.3 before 9.3(3.7), 9.4 before 9.4(2.4), and 9.5 before 9.5(2.2) on ASA 5500 devices, ASA 5500-X devices, ASA Services Module for Cisco Catalyst 6500 and Cisco 7600 devices, ASA 1000V devices, Adaptive Security Virtual Appliance (aka ASAv), Firepower 9300 ASA Security Module, and ISA 3000 devices allows remote attackers to execute arbitrary code or cause a denial of service (device reload) via crafted UDP packets, aka Bug IDs CSCux29978 and CSCux42019.

10.0
2016-02-10 CVE-2016-0984 Adobe
Linux
Apple
Microsoft
Google
Unspecified vulnerability in Adobe products

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, and CVE-2016-0983.

10.0
2016-02-10 CVE-2016-0983 Adobe
Apple
Microsoft
Linux
Google
Unspecified vulnerability in Adobe products

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, and CVE-2016-0984.

10.0
2016-02-10 CVE-2016-0982 Adobe
Apple
Microsoft
Linux
Google
Unspecified vulnerability in Adobe products

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0983, and CVE-2016-0984.

10.0
2016-02-10 CVE-2016-0981 Adobe
Apple
Google
Microsoft
Linux
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, and CVE-2016-0980.

10.0
2016-02-10 CVE-2016-0980 Adobe
Apple
Google
Microsoft
Linux
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, and CVE-2016-0981.

10.0
2016-02-10 CVE-2016-0979 Adobe
Apple
Google
Microsoft
Linux
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0980, and CVE-2016-0981.

10.0
2016-02-10 CVE-2016-0978 Adobe
Linux
Apple
Microsoft
Google
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.

10.0
2016-02-10 CVE-2016-0977 Adobe
Apple
Google
Microsoft
Linux
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.

10.0
2016-02-10 CVE-2016-0976 Adobe
Apple
Linux
Microsoft
Google
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.

10.0
2016-02-10 CVE-2016-0974 Adobe
Linux
Apple
Google
Microsoft
Unspecified vulnerability in Adobe products

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0975, CVE-2016-0982, CVE-2016-0983, and CVE-2016-0984.

10.0
2016-02-10 CVE-2016-0972 Adobe
Apple
Linux
Microsoft
Google
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.

10.0
2016-02-10 CVE-2016-0971 Adobe
Apple
Google
Microsoft
Linux
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

Heap-based buffer overflow in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors.

10.0
2016-02-10 CVE-2016-0970 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.

10.0
2016-02-10 CVE-2016-0969 Adobe
Apple
Linux
Microsoft
Google
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.

10.0
2016-02-10 CVE-2016-0968 Adobe
Apple
Microsoft
Linux
Google
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.

10.0
2016-02-10 CVE-2016-0967 Adobe
Apple
Google
Microsoft
Linux
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.

10.0
2016-02-10 CVE-2016-0966 Adobe
Apple
Linux
Microsoft
Google
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.

10.0
2016-02-10 CVE-2016-0965 Adobe
Linux
Apple
Google
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.

10.0
2016-02-10 CVE-2016-0964 Adobe
Linux
Apple
Google
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.

10.0
2016-02-10 CVE-2016-0953 Adobe
Apple
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Bridge CC and Photoshop CC

Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0951 and CVE-2016-0952.

10.0
2016-02-10 CVE-2016-0952 Adobe
Apple
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Bridge CC and Photoshop CC

Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0951 and CVE-2016-0953.

10.0
2016-02-10 CVE-2016-0951 Adobe
Apple
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Bridge CC and Photoshop CC

Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0952 and CVE-2016-0953.

10.0
2016-02-10 CVE-2016-0949 Adobe Security vulnerability in Adobe Connect

Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL.

10.0
2016-02-08 CVE-2016-2230 Openelec Credentials Management vulnerability in Openelec

OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session.

10.0
2016-02-08 CVE-2015-8787 Linux Incomplete Fix Null Pointer Deference Denial of Service vulnerability in Linux Kernel

The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by sending certain IPv4 packets to an incompletely configured interface, a related issue to CVE-2003-1604.

10.0
2016-02-13 CVE-2016-1522 Fedoraproject
Mozilla
Debian
SIL
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.

9.3
2016-02-10 CVE-2016-0985 Adobe
Apple
Google
Microsoft
Linux
Redhat
Opensuse
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion." <a href="http://cwe.mitre.org/data/definitions/843.html">CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')</a>
9.3
2016-02-10 CVE-2016-0975 Adobe
Apple
Linux
Microsoft
Google
Unspecified vulnerability in Adobe products

Use-after-free vulnerability in the instanceof function in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code by leveraging improper reference handling, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0982, CVE-2016-0983, and CVE-2016-0984.

9.3
2016-02-10 CVE-2016-0973 Adobe
Apple
Microsoft
Linux
Google
Unspecified vulnerability in Adobe products

Use-after-free vulnerability in the URLRequest object implementation in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via a URLLoader.load call, a different vulnerability than CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, CVE-2016-0983, and CVE-2016-0984.

9.3
2016-02-10 CVE-2016-0084 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."

9.3
2016-02-10 CVE-2016-0072 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060, CVE-2016-0061, CVE-2016-0063, and CVE-2016-0067.

9.3
2016-02-10 CVE-2016-0071 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 9

Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2016-02-10 CVE-2016-0067 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060, CVE-2016-0061, CVE-2016-0063, and CVE-2016-0072.

9.3
2016-02-10 CVE-2016-0064 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 10

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2016-02-10 CVE-2016-0063 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060, CVE-2016-0061, CVE-2016-0067, and CVE-2016-0072.

9.3
2016-02-10 CVE-2016-0062 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge and Internet Explorer

Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."

9.3
2016-02-10 CVE-2016-0061 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge and Internet Explorer

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060, CVE-2016-0063, CVE-2016-0067, and CVE-2016-0072.

9.3
2016-02-10 CVE-2016-0060 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge and Internet Explorer

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0061, CVE-2016-0063, CVE-2016-0067, and CVE-2016-0072.

9.3
2016-02-10 CVE-2016-0058 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Windows 10, Windows 8.1 and Windows Server 2012

Buffer overflow in the PDF Library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote attackers to execute arbitrary code via a crafted PDF document that triggers API calls, aka "Microsoft PDF Library Buffer Overflow Vulnerability."

9.3
2016-02-10 CVE-2016-0056 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Office, Office Compatibility Pack and Word

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3
2016-02-10 CVE-2016-0055 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Office 2007

Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3
2016-02-10 CVE-2016-0054 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3
2016-02-10 CVE-2016-0053 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3
2016-02-10 CVE-2016-0052 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0022.

9.3
2016-02-10 CVE-2016-0046 Microsoft Improper Input Validation vulnerability in Microsoft Windows 10, Windows 8.1 and Windows Server 2012

Windows Reader in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote attackers to execute arbitrary code via a crafted Reader file, aka "Microsoft Windows Reader Vulnerability."

9.3
2016-02-10 CVE-2016-0038 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Memory Corruption Vulnerability."

9.3
2016-02-10 CVE-2016-0036 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote authenticated users to execute arbitrary code via crafted data, aka "Remote Desktop Protocol (RDP) Elevation of Privilege Vulnerability."

9.3
2016-02-10 CVE-2016-0022 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0052.

9.3
2016-02-13 CVE-2016-0865 Tollgrade Credentials Management vulnerability in Tollgrade Smartgrid Lighthouse Sensor Management System 4.1.0/5.0

Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote authenticated users to change arbitrary passwords via unspecified vectors.

9.0

17 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-02-13 CVE-2016-1524 Netgear Unspecified vulnerability in Netgear Prosafe Network Management Software 300 1.5.0.11

Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI.

8.3
2016-02-13 CVE-2016-1525 Netgear Path Traversal vulnerability in Netgear Prosafe Network Management Software 300 1.5.0.11

Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a ..

7.8
2016-02-10 CVE-2016-0958 Adobe
Apple
Linux
Microsoft
Information Exposure vulnerability in Adobe Experience Manager 5.6.1/6.0.0/6.1.0

Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object.

7.8
2016-02-10 CVE-2016-0957 Adobe
Apple
Linux
Microsoft
Security Bypass vulnerability in Adobe Dispatcher and Experience Manager

Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.

7.8
2016-02-10 CVE-2016-0956 Apache
Adobe
Apple
Linux
Microsoft
Information Exposure vulnerability in multiple products

The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.

7.8
2016-02-08 CVE-2016-2200 Siemens Improper Input Validation vulnerability in Siemens Simatic S7-1500 CPU Firmware 1.5.1/1.6/1.8.2

Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to cause a denial of service (STOP mode transition) via crafted packets on TCP port 102.

7.8
2016-02-08 CVE-2016-0603 Microsoft
Oracle
Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in the Java SE component in Oracle Java SE 6u111, 7u95, 8u71, and 8u72, when running on Windows, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.

7.6
2016-02-12 CVE-2016-1986 HP Code Injection vulnerability in HP Continuous Delivery Automation 1.3.0

HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

7.5
2016-02-08 CVE-2015-8360 Atlassian Improper Input Validation vulnerability in Atlassian Bamboo

An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port.

7.5
2016-02-08 CVE-2014-9757 Atlassian Improper Input Validation vulnerability in Atlassian Bamboo

The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message.

7.5
2016-02-10 CVE-2016-0051 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability."

7.2
2016-02-10 CVE-2016-0048 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

7.2
2016-02-10 CVE-2016-0042 Microsoft DLL Loading Local Privilege Escalation vulnerability in Microsoft Windows

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "Windows DLL Loading Remote Code Execution Vulnerability." <a href="http://cwe.mitre.org/data/definitions/426.html">CWE-426: Untrusted Search Path</a>

7.2
2016-02-10 CVE-2016-0041 Microsoft DLL Loading Multiple Local Privilege Escalation vulnerability in Microsoft Windows

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability." <a href="http://cwe.mitre.org/data/definitions/426.html">CWE-426: Untrusted Search Path</a>

7.2
2016-02-10 CVE-2016-0040 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."

7.2
2016-02-08 CVE-2016-0728 Google
HP
Linux
Local Privilege Escalation vulnerability in Linux Kernel

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.

7.2
2016-02-08 CVE-2015-8539 Novell
Linux
Permissions, Privileges, and Access Controls vulnerability in multiple products

The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c.

7.2

66 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-02-08 CVE-2015-8709 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

** DISPUTED ** kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call.

6.9
2016-02-14 CVE-2016-1627 Opensuse
Debian
Google
Permissions, Privileges, and Access Controls vulnerability in multiple products

The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL, related to browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js.

6.8
2016-02-14 CVE-2016-1624 Opensuse
Google
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted data with brotli compression.

6.8
2016-02-14 CVE-2016-1623 Debian
Google
Opensuse
Permissions, Privileges, and Access Controls vulnerability in multiple products

The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp, HTMLFrameOwnerElement.h, LocalFrame.cpp, and WebLocalFrameImpl.cpp.

6.8
2016-02-14 CVE-2016-1622 Google
Debian
Opensuse
Permissions, Privileges, and Access Controls vulnerability in Google Chrome

The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.

6.8
2016-02-13 CVE-2016-1949 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox

Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file.

6.8
2016-02-13 CVE-2016-1521 Debian
SIL
Mozilla
Fedoraproject
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.

6.8
2016-02-13 CVE-2016-0863 Tollgrade Cross-Site Request Forgery (CSRF) vulnerability in Tollgrade Smartgrid Lighthouse Sensor Management System 4.1.0/5.0

Cross-site request forgery (CSRF) vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to hijack the authentication of arbitrary users.

6.8
2016-02-12 CVE-2016-2330 Ffmpeg
Canonical
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image, gif_encode_init, and gif_encode_close functions.

6.8
2016-02-12 CVE-2016-2329 Opensuse
Ffmpeg
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted TIFF file, related to the tiff_decode_tag and decode_frame functions.

6.8
2016-02-12 CVE-2016-2328 Ffmpeg Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg

libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate certain height values, which allows remote attackers to cause a denial of service (out-of-bounds array read access) or possibly have unspecified other impact via a crafted .cine file, related to the bayer_to_rgb24_wrapper and bayer_to_yv12_wrapper functions.

6.8
2016-02-12 CVE-2016-2327 Ffmpeg Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg

libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes in certain row calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .avi file, related to the apng_encode_frame and encode_apng functions.

6.8
2016-02-12 CVE-2016-2326 Debian
Canonical
Ffmpeg
Integer Overflow or Wraparound vulnerability in multiple products

Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file.

6.8
2016-02-12 CVE-2016-1320 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Collaboration 11.0.0/9.0.0/9.0.5

The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286.

6.8
2016-02-10 CVE-2016-0948 Adobe Cross-Site Request Forgery (CSRF) vulnerability in Adobe Connect

Cross-site request forgery (CSRF) vulnerability in Adobe Connect before 9.5.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2016-02-10 CVE-2015-7678 Ipswitch Cross-Site Request Forgery (CSRF) vulnerability in Ipswitch Moveit Mobile 1.2.0.962

Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2016-02-08 CVE-2015-8361 Atlassian Improper Access Control vulnerability in Atlassian Bamboo

Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port.

6.4
2016-02-08 CVE-2016-2048 Djangoproject Improper Access Control vulnerability in Djangoproject Django 1.9/1.9.1

Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission.

6.0
2016-02-08 CVE-2015-3252 Apache Credentials Management vulnerability in Apache Cloudstack

Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server.

6.0
2016-02-13 CVE-2016-1526 Debian
Mozilla
SIL
Fedoraproject
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.

5.8
2016-02-08 CVE-2016-2268 Dell Cryptographic Issues vulnerability in Dell Secureworks 2.0.6

Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.8
2016-02-08 CVE-2016-0723 Linux Local Race Condition vulnerability in Linux Kernel

Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.

5.6
2016-02-12 CVE-2016-0882 EMC Unspecified vulnerability in EMC Documentum XCP 2.1/2.2

EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

5.5
2016-02-13 CVE-2016-0864 Tollgrade Information Exposure vulnerability in Tollgrade Smartgrid Lighthouse Sensor Management System 4.1.0/5.0

Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to obtain sensitive report and username information via unspecified vectors.

5.0
2016-02-13 CVE-2015-8630 MIT Denial of Service vulnerability in MIT Kerberos 5

The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.

5.0
2016-02-12 CVE-2016-1324 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Spark 201506Base

The REST interface in Cisco Spark 2015-06 allows remote attackers to cause a denial of service (resource outage) by accessing an administrative page, aka Bug ID CSCuv84125.

5.0
2016-02-12 CVE-2016-1322 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Spark 20150704Base

The REST interface in Cisco Spark 2015-07-04 allows remote attackers to bypass intended access restrictions and create arbitrary user accounts via unspecified web requests, aka Bug ID CSCuv72584.

5.0
2016-02-12 CVE-2016-1315 Cisco Improper Access Control vulnerability in Cisco Email Security Appliance Firmeware

The proxy engine in Cisco Advanced Malware Protection (AMP), when used with Email Security Appliance (ESA) 9.5.0-201, 9.6.0-051, and 9.7.0-125, allows remote attackers to bypass intended content restrictions via a malformed e-mail message containing an encoded file, aka Bug ID CSCux45338.

5.0
2016-02-10 CVE-2016-0950 Adobe Improper Input Validation vulnerability in Adobe Connect

Adobe Connect before 9.5.2 allows remote attackers to spoof the user interface via unspecified vectors.

5.0
2016-02-10 CVE-2015-7680 Ipswitch Information Exposure vulnerability in Ipswitch Moveit DMZ 8.1

Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx.

5.0
2016-02-10 CVE-2016-0050 Microsoft Improper Input Validation vulnerability in Microsoft Windows Server 2008 and Windows Server 2012

Network Policy Server (NPS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 misparses username queries, which allows remote attackers to cause a denial of service (RADIUS authentication outage) via crafted requests, aka "Network Policy Server RADIUS Implementation Denial of Service Vulnerability."

5.0
2016-02-10 CVE-2016-0047 Microsoft Information Exposure vulnerability in Microsoft .Net Framework

WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka "Windows Forms Information Disclosure Vulnerability."

5.0
2016-02-10 CVE-2016-0044 Microsoft Improper Input Validation vulnerability in Microsoft Windows 8.1, Windows RT 8.1 and Windows Server 2012

Sync Framework in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows remote attackers to cause a denial of service (SyncShareSvc service outage) via crafted "change batch" data, aka "Windows DLL Loading Denial of Service Vulnerability."

5.0
2016-02-10 CVE-2016-0037 Microsoft Improper Input Validation vulnerability in Microsoft Windows Server 2012 R2

The forms-based authentication implementation in Active Directory Federation Services (ADFS) 3.0 in Microsoft Windows Server 2012 R2 allows remote attackers to cause a denial of service (daemon outage) via crafted data, aka "Microsoft Active Directory Federation Services Denial of Service Vulnerability."

5.0
2016-02-10 CVE-2016-0033 Microsoft Code Injection vulnerability in Microsoft .Net Framework

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance degradation) via crafted XSLT data, aka ".NET Framework Stack Overflow Denial of Service Vulnerability."

5.0
2016-02-09 CVE-2016-1319 Cisco Information Exposure vulnerability in Cisco products

Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958.

5.0
2016-02-09 CVE-2016-1316 Cisco Information Exposure vulnerability in Cisco Telepresence Video Communication Server Software

Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362.

5.0
2016-02-08 CVE-2016-2201 Siemens Improper Input Validation vulnerability in Siemens Simatic S7-1500 CPU Firmware 1.8.2

Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to bypass a replay protection mechanism via packets on TCP port 102.

5.0
2016-02-08 CVE-2015-8785 Linux
Novell
Resource Management Errors vulnerability in multiple products

The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.

4.9
2016-02-08 CVE-2015-8767 Linux
Debian
Canonical
Race Condition vulnerability in Linux Kernel

net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.

4.9
2016-02-08 CVE-2015-7566 Novell
Linux
Local Denial of Service vulnerability in RETIRED: Linux Kernel

The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.

4.9
2016-02-08 CVE-2015-7550 Linux Null Pointer Deference Local Denial of Service vulnerability in Linux Kernel

The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls.

4.9
2016-02-08 CVE-2015-7513 Linux Denial of Service vulnerability in Linux Kernel KVM 'kvm_pit_load_count()' Function Divide By Zero

arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions.

4.9
2016-02-08 CVE-2013-4312 Oracle
Linux
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.

4.9
2016-02-14 CVE-2016-1626 Google
Opensuse
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.

4.3
2016-02-14 CVE-2016-1625 Opensuse
Google
Debian
Permissions, Privileges, and Access Controls vulnerability in multiple products

The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page (NTP) navigation target is on the most-visited or suggestions list, which allows remote attackers to bypass intended restrictions via unspecified vectors, related to instant_service.cc and search_tab_helper.cc.

4.3
2016-02-13 CVE-2016-1523 Fedoraproject
Mozilla
SIL
Debian
Multiple Security vulnerability in Libgraphite

The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font.

4.3
2016-02-13 CVE-2016-0866 Tollgrade Cross-site Scripting vulnerability in Tollgrade Smartgrid Lighthouse Sensor Management System 4.1.0/5.0

Cross-site scripting (XSS) vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2016-02-12 CVE-2016-2073 Xmlsoft
Debian
Canonical
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.

4.3
2016-02-10 CVE-2016-0955 Adobe
Apple
Linux
Microsoft
Cross-site Scripting vulnerability in Adobe Experience Manager 6.1.0

Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog.

4.3
2016-02-10 CVE-2015-7679 Ipswitch Cross-site Scripting vulnerability in Ipswitch Moveit Mobile 1.2.0.962

Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/.

4.3
2016-02-10 CVE-2016-0080 Microsoft Information Exposure vulnerability in Microsoft Edge

Microsoft Edge mishandles exceptions during window-message dispatch operations, which allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge ASLR Bypass."

4.3
2016-02-10 CVE-2016-0077 Microsoft Data Processing Errors vulnerability in Microsoft Edge and Internet Explorer

Microsoft Internet Explorer 9 through 11 and Microsoft Edge misparse HTTP responses, which allows remote attackers to spoof web sites via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability."

4.3
2016-02-10 CVE-2016-0059 Microsoft Information Exposure vulnerability in Microsoft Internet Explorer 10/11/9

The Hyperlink Object Library in Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted URL in a (1) e-mail message or (2) Office document, aka "Internet Explorer Information Disclosure Vulnerability."

4.3
2016-02-10 CVE-2016-0039 Microsoft Cross-site Scripting vulnerability in Microsoft Sharepoint Foundation 2013

Cross-site scripting (XSS) vulnerability in SharePoint Server in Microsoft SharePoint Foundation 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."

4.3
2016-02-09 CVE-2016-1318 Cisco Cross-site Scripting vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module 1.1Base

Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCux15489.

4.3
2016-02-08 CVE-2016-2214 Huawei Cross-site Scripting vulnerability in Huawei Agile Controller-Campus V100R001C00Spc315

Cross-site scripting (XSS) vulnerability in an unspecified portal authentication page in Huawei Agile Controller-Campus with software before V100R001C00SPC319 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2016-02-08 CVE-2016-2091 Libdwarf Project Out-of-bounds Read vulnerability in Libdwarf Project Libdwarf 20151114

The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 20151114 allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file.

4.3
2016-02-08 CVE-2016-2089 Jasper Project Improper Input Validation vulnerability in Jasper Project Jasper 1.900.1

The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.

4.3
2016-02-13 CVE-2015-8631 MIT
Opensuse
Debian
Redhat
Oracle
Missing Release of Resource after Effective Lifetime vulnerability in multiple products

Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.

4.0
2016-02-12 CVE-2016-1323 Cisco Information Exposure vulnerability in Cisco Spark 201506Base

The REST interface in Cisco Spark 2015-06 allows remote authenticated users to obtain sensitive information via a request for an unspecified file, aka Bug ID CSCuv84048.

4.0
2016-02-12 CVE-2016-0881 EMC Injection vulnerability in EMC Documentum XCP 2.1/2.2

EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository information by appending a query to a REST request.

4.0
2016-02-10 CVE-2015-7677 Ipswitch Information Exposure vulnerability in Ipswitch Moveit DMZ 8.1

The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll.

4.0
2016-02-10 CVE-2015-7675 Ipswitch Information Exposure vulnerability in Ipswitch Moveit DMZ and Moveit Mobile

The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the (1) serverFileIds parameter to mobile/sendMsg or (2) arg01 parameter to human.aspx.

4.0
2016-02-09 CVE-2016-1317 Cisco Information Exposure vulnerability in Cisco Unified Communications Manager 11.5(0.98000.480)

Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098.

4.0
2016-02-08 CVE-2015-3251 Apache Information Exposure vulnerability in Apache Cloudstack 4.4.4/4.5.1

Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls.

4.0

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-02-13 CVE-2015-8629 MIT
Oracle
Debian
Opensuse
Redhat
Out-of-bounds Read vulnerability in multiple products

The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.

2.1
2016-02-10 CVE-2016-0049 Microsoft Credentials Management vulnerability in Microsoft products

Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate password changes, which allows remote attackers to bypass authentication by deploying a crafted Key Distribution Center (KDC) and then performing a sign-in action, aka "Windows Kerberos Security Feature Bypass."

2.1
2016-02-08 CVE-2015-2012 IBM Information Exposure vulnerability in IBM Websphere MQ

The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file.

2.1
2016-02-08 CVE-2015-8575 Linux Information Exposure vulnerability in Linux Kernel

The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.

2.1