Weekly Vulnerabilities Reports > March 21 to 27, 2016
Overview
75 new vulnerabilities reported during this period, including 24 critical vulnerabilities and 10 high severity vulnerabilities. This weekly summary report vulnerabilities in 42 products from 20 vendors including Apple, Cisco, Redhat, HP, and Oracle. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", "Improper Input Validation", "Resource Management Errors", and "Permissions, Privileges, and Access Controls".
- 68 reported vulnerabilities are remotely exploitables.
- 11 reported vulnerabilities have public exploit available.
- 6 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 68 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 56 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 21 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
24 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2016-03-24 | CVE-2016-1761 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. | 10.0 |
2016-03-24 | CVE-2016-1741 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 10.0 |
2016-03-22 | CVE-2016-1998 | HP | Improper Input Validation vulnerability in HP Service Manager HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | 10.0 |
2016-03-22 | CVE-2016-1997 | HP | Improper Input Validation vulnerability in HP products HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | 10.0 |
2016-03-24 | CVE-2016-0636 | Redhat Oracle | Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component. | 9.3 |
2016-03-24 | CVE-2016-1783 | Apple Webkitgtk | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 9.3 |
2016-03-24 | CVE-2016-1778 | Apple | Resource Management Errors vulnerability in Apple Iphone OS and Safari WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 9.3 |
2016-03-24 | CVE-2016-1775 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. | 9.3 |
2016-03-24 | CVE-2016-1759 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 9.3 |
2016-03-24 | CVE-2016-1757 | Apple | Race Condition vulnerability in Apple Iphone OS and mac OS X Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app. | 9.3 |
2016-03-24 | CVE-2016-1756 | Apple | Unspecified vulnerability in Apple Iphone OS and mac OS X The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | 9.3 |
2016-03-24 | CVE-2016-1755 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754. | 9.3 |
2016-03-24 | CVE-2016-1754 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1755. | 9.3 |
2016-03-24 | CVE-2016-1753 | Apple | Integer Overflow or Wraparound vulnerability in Apple products Multiple integer overflows in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allow attackers to execute arbitrary code in a privileged context via a crafted app. | 9.3 |
2016-03-24 | CVE-2016-1750 | Apple | Use After Free vulnerability in Apple products Use-after-free vulnerability in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context via a crafted app. | 9.3 |
2016-03-24 | CVE-2016-1749 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 9.3 |
2016-03-24 | CVE-2016-1747 | Apple | Improper Input Validation vulnerability in Apple mac OS X IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1746. | 9.3 |
2016-03-24 | CVE-2016-1746 | Apple | Improper Input Validation vulnerability in Apple mac OS X IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1747. | 9.3 |
2016-03-24 | CVE-2016-1744 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1743. | 9.3 |
2016-03-24 | CVE-2016-1743 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1744. | 9.3 |
2016-03-24 | CVE-2016-1740 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products FontParser in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document. | 9.3 |
2016-03-24 | CVE-2016-1736 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1735. | 9.3 |
2016-03-24 | CVE-2016-1735 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1736. | 9.3 |
2016-03-24 | CVE-2016-1733 | Apple | Improper Input Validation vulnerability in Apple mac OS X AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 9.3 |
10 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2016-03-26 | CVE-2016-1350 | Cisco | Resource Management Errors vulnerability in Cisco IOS and IOS XE Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293. | 7.8 |
2016-03-26 | CVE-2016-1349 | Cisco | Resource Management Errors vulnerability in Cisco IOS and IOS XE The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410. | 7.8 |
2016-03-26 | CVE-2016-1348 | Cisco | Resource Management Errors vulnerability in Cisco IOS and IOS XE Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821. | 7.8 |
2016-03-24 | CVE-2016-1347 | Cisco | Resource Management Errors vulnerability in Cisco IOS The Wide Area Application Services (WAAS) Express implementation in Cisco IOS 15.1 through 15.5 allows remote attackers to cause a denial of service (device reload) via a crafted TCP segment, aka Bug ID CSCuq59708. | 7.8 |
2016-03-26 | CVE-2016-1351 | Cisco | Resource Management Errors vulnerability in Cisco IOS and Nx-Os The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.1 and 15.2 and NX-OS 4.1 through 6.2 allows remote attackers to cause a denial of service (device reload) via a crafted header in a packet, aka Bug ID CSCuu64279. | 7.5 |
2016-03-24 | CVE-2016-1738 | Apple | 7PK - Security Features vulnerability in Apple mac OS X dyld in Apple OS X before 10.11.4 allows attackers to bypass a code-signing protection mechanism via a modified app. | 7.2 |
2016-03-24 | CVE-2016-1734 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted USB device. | 7.2 |
2016-03-26 | CVE-2016-1344 | Cisco | Resource Management Errors vulnerability in Cisco IOS and IOS XE The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417. | 7.1 |
2016-03-24 | CVE-2016-1771 | Apple | Data Processing Errors vulnerability in Apple Safari The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site. | 7.1 |
2016-03-24 | CVE-2016-1752 | Apple | Improper Input Validation vulnerability in Apple products The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app. | 7.1 |
35 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2016-03-24 | CVE-2016-1366 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XR The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial of service (overwrite) via unspecified vectors, aka Bug ID CSCuw75848. | 6.8 |
2016-03-24 | CVE-2016-1769 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file. | 6.8 |
2016-03-24 | CVE-2016-1768 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767. | 6.8 |
2016-03-24 | CVE-2016-1767 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768. | 6.8 |
2016-03-24 | CVE-2016-1751 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS, Tvos and Watchos The kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS before 2.2 does not properly restrict the execute permission, which allows attackers to bypass a code-signing protection mechanism via a crafted app. | 6.8 |
2016-03-24 | CVE-2016-1737 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X Carbon in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dfont file. | 6.8 |
2016-03-24 | CVE-2015-6854 | Broadcom | Insufficient Verification of Data Authenticity vulnerability in Broadcom Single Sign-On The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request. | 6.4 |
2016-03-24 | CVE-2015-6853 | Broadcom | Insufficient Verification of Data Authenticity vulnerability in Broadcom Single Sign-On The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request. | 6.4 |
2016-03-24 | CVE-2016-1599 | Microfocus | Cross-site Scripting vulnerability in Microfocus Self Service Password Reset Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 6.1 |
2016-03-24 | CVE-2016-1786 | Apple | Information Exposure vulnerability in Apple Iphone OS and Safari The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted web site. | 5.8 |
2016-03-24 | CVE-2016-1762 | Apple Debian Canonical Xmlsoft Redhat Mcafee | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | 5.8 |
2016-03-25 | CVE-2016-2340 | Graniteds | XML External Entity Information Disclosure vulnerability in Graniteds Granite Data Services 3.1.1Snapshot The AMF framework in Granite Data Services 3.1.1-SNAPSHOT allows remote authenticated users to read arbitrary files, send TCP requests to intranet servers, or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.5 |
2016-03-22 | CVE-2016-3116 | Dropbear SSH Project | Security Bypass vulnerability in Dropbear SSH CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data. | 5.5 |
2016-03-22 | CVE-2016-3115 | Openbsd Oracle | Remote Command Injection vulnerability in OpenSSH Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. | 5.5 |
2016-03-24 | CVE-2016-1787 | Apple | Information Exposure vulnerability in Apple mac OS X Server Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors. | 5.0 |
2016-03-24 | CVE-2016-1777 | Apple | Cryptographic Issues vulnerability in Apple mac OS X Server Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | 5.0 |
2016-03-24 | CVE-2016-1776 | Apple | Improper Access Control vulnerability in Apple mac OS X Server Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request. | 5.0 |
2016-03-24 | CVE-2016-1774 | Apple | Improper Access Control vulnerability in Apple mac OS X Server The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions. | 5.0 |
2016-03-24 | CVE-2016-1766 | Apple | Unspecified vulnerability in Apple Iphone OS The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors. | 5.0 |
2016-03-24 | CVE-2016-1765 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Xcode otool in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors. | 4.6 |
2016-03-24 | CVE-2015-7551 | Apple Ruby Lang | Improper Input Validation vulnerability in multiple products The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. | 4.6 |
2016-03-26 | CVE-2016-1160 | WP Favorite Posts Project | Cross-site Scripting vulnerability in WP Favorite Posts Project WP Favorite Posts Cross-site scripting (XSS) vulnerability in the WP Favorite Posts plugin before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2016-03-24 | CVE-2016-1785 | Apple | Information Exposure vulnerability in Apple Iphone OS and Safari The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | 4.3 |
2016-03-24 | CVE-2016-1784 | Apple | Resource Exhaustion vulnerability in Apple Iphone OS, Safari and Tvos The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) via a crafted web site. | 4.3 |
2016-03-24 | CVE-2016-1782 | Apple | Improper Access Control vulnerability in Apple Iphone OS and Safari WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that specify a TCP port number, which allows remote attackers to bypass intended port restrictions via a crafted web site. | 4.3 |
2016-03-24 | CVE-2016-1781 | Apple | Data Processing Errors vulnerability in Apple Iphone OS and Safari WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors. | 4.3 |
2016-03-24 | CVE-2016-1780 | Apple | Information Exposure vulnerability in Apple Iphone OS WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site. | 4.3 |
2016-03-24 | CVE-2016-1779 | Apple | Information Exposure vulnerability in Apple Iphone OS and Safari WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request. | 4.3 |
2016-03-24 | CVE-2016-1772 | Apple | Information Exposure vulnerability in Apple Safari The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors. | 4.3 |
2016-03-24 | CVE-2016-1770 | Apple | Improper Access Control vulnerability in Apple mac OS X The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL. | 4.3 |
2016-03-24 | CVE-2016-1764 | Apple | Information Exposure vulnerability in Apple mac OS X The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL. | 4.3 |
2016-03-24 | CVE-2016-1758 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app. | 4.3 |
2016-03-24 | CVE-2016-1748 | Apple | Information Exposure vulnerability in Apple products IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | 4.3 |
2016-03-24 | CVE-2009-2197 | Apple | Data Processing Errors vulnerability in Apple Safari Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog. | 4.3 |
2016-03-21 | CVE-2015-7454 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager and Websphere Process Server Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors. | 4.0 |
6 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2016-03-26 | CVE-2016-3119 | Opensuse MIT | NULL Pointer Dereference Remote Denial of Service vulnerability in MIT Kerberos 5 The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. | 3.5 |
2016-03-24 | CVE-2016-1763 | Apple | Improper Input Validation vulnerability in Apple Iphone OS Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread. | 3.5 |
2016-03-24 | CVE-2016-1788 | Apple | Cryptographic Issues vulnerability in Apple Iphone OS, mac OS X and Watchos Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages. | 2.6 |
2016-03-24 | CVE-2016-1773 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors. | 2.1 |
2016-03-24 | CVE-2016-1745 | Apple | Unspecified vulnerability in Apple mac OS X IOFireWireFamily in Apple OS X before 10.11.4 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. | 2.1 |
2016-03-24 | CVE-2016-1732 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors. | 2.1 |