Weekly Vulnerabilities Reports > April 11 to 17, 2016

Overview

221 new vulnerabilities reported during this period, including 29 critical vulnerabilities and 60 high severity vulnerabilities. This weekly summary report vulnerabilities in 246 products from 78 vendors including Debian, Microsoft, Apache, Redhat, and Canonical. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", and "Improper Input Validation".

  • 182 reported vulnerabilities are remotely exploitables.
  • 15 reported vulnerabilities have public exploit available.
  • 52 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 174 reported vulnerabilities are exploitable by an anonymous user.
  • Debian has the most reported vulnerabilities, with 56 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 7 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

29 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-04-15 CVE-2016-0889 Dell Improper Input Validation vulnerability in Dell EMC Unisphere

An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname.

10.0
2016-04-13 CVE-2016-4009 Python Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Python Pillow

Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.

10.0
2016-04-13 CVE-2016-4007 Opensuse Arbitrary Command Execution vulnerability in openSUSE

Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."

10.0
2016-04-12 CVE-2016-3657 Paloaltonetworks Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Paloaltonetworks Pan-Os

Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to cause a denial of service (device crash) or possibly execute arbitrary code via an SSL VPN request.

10.0
2016-04-12 CVE-2016-3655 Paloaltonetworks Improper Input Validation vulnerability in Paloaltonetworks Pan-Os

The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call.

10.0
2016-04-12 CVE-2016-3987 Trendmicro Improper Access Control vulnerability in Trendmicro Password Manager

The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.

10.0
2016-04-12 CVE-2015-8833 Cypherpunks Unspecified vulnerability in Cypherpunks Pidgin-Otr

Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the "Authenticate buddy" menu item.

10.0
2016-04-11 CVE-2016-2385 Debian
Kamailio
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memory corruption and process crash) or possibly execute arbitrary code via a large SIP packet.

10.0
2016-04-12 CVE-2016-2170 Apache Improper Input Validation vulnerability in Apache Ofbiz

Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

9.8
2016-04-12 CVE-2016-0733 Apache Improper Authentication vulnerability in Apache Ranger 0.4.0/0.4.1/0.5.0

The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid username.

9.8
2016-04-12 CVE-2015-8841 Eset Out-of-bounds Write vulnerability in Eset Nod32

Heap-based buffer overflow in the Archive support module in ESET NOD32 before update 11861 allows remote attackers to execute arbitrary code via a large number of languages in an EPOC installation file of type SIS_FILE_MULTILANG.

9.8
2016-04-12 CVE-2016-1034 Adobe Arbitrary File Read and Write vulnerability in Adobe Creative Cloud

The Sync Process in the JavaScript API for Creative Cloud Libraries in Adobe Creative Cloud Desktop Application before 3.6.0.244 allows remote attackers to read or write to arbitrary files via unspecified vectors.

9.4
2016-04-13 CVE-2016-3981 Optipng Project
Canonical
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file.

9.3
2016-04-13 CVE-2016-1495 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Mate S Firmware

Integer overflow in the graphics drivers in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, which triggers a heap-based buffer overflow.

9.3
2016-04-13 CVE-2015-8304 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei P7 Firmware

Integer overflow in Huawei P7 phones with software before P7-L07 V100R001C01B606 allows remote attackers to gain privileges via a crafted application with the system or camera permission.

9.3
2016-04-12 CVE-2016-0153 Microsoft Improper Access Control vulnerability in Microsoft products

OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Remote Code Execution Vulnerability."

9.3
2016-04-12 CVE-2016-0147 Microsoft Improper Input Validation vulnerability in Microsoft XML Core Services 3.0

Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka "MSXML 3.0 Remote Code Execution Vulnerability."

9.3
2016-04-12 CVE-2016-0145 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold and 1511; Office 2007 SP3 and 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, and 3.5.1; Skype for Business 2016; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability."

9.3
2016-04-12 CVE-2016-0139 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Excel, Excel Viewer and Word for mac

Microsoft Excel 2010 SP2, Word for Mac 2011, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3
2016-04-12 CVE-2016-0136 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3
2016-04-12 CVE-2016-0127 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3
2016-04-12 CVE-2016-0122 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3
2016-04-12 CVE-2016-3986 Avast Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Avast

Avast allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted PE file, related to authenticode parsing.

9.3
2016-04-11 CVE-2016-3065 Postgresql Permissions, Privileges, and Access Controls vulnerability in Postgresql 9.5/9.5.1

The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service (server crash) via a crafted bytea value in a BRIN index page.

9.1
2016-04-14 CVE-2016-4014 SAP XML External Entity Injection vulnerability in SAP Netweaver 7.4

XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389.

9.0
2016-04-12 CVE-2016-3654 Paloaltonetworks Improper Input Validation vulnerability in Paloaltonetworks Pan-Os

The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command parameter.

9.0
2016-04-12 CVE-2016-2405 Huawei Permissions, Privileges, and Access Controls vulnerability in Huawei Policy Center Firmware V100R003C10

Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to gain privileges and cause a denial of service (system crash) via a crafted URL.

9.0
2016-04-12 CVE-2016-0785 Apache Improper Input Validation vulnerability in Apache Struts

Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.

9.0
2016-04-11 CVE-2016-1235 OAR Project
Debian
Permissions, Privileges, and Access Controls vulnerability in multiple products

The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options.

9.0

60 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-04-14 CVE-2015-8540 Redhat
Libpng
Fedoraproject
Debian
Numeric Errors vulnerability in multiple products

Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.

8.8
2016-04-13 CVE-2016-2313 Cacti
Opensuse
Permissions, Privileges, and Access Controls vulnerability in multiple products

auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database.

8.8
2016-04-13 CVE-2016-3630 Fedoraproject
Opensuse
Mercurial
Debian
Suse
Data Processing Errors vulnerability in multiple products

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.

8.8
2016-04-12 CVE-2016-1568 Qemu
Redhat
Debian
Use After Free vulnerability in multiple products

Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.

8.8
2016-04-11 CVE-2016-0710 Apache SQL Injection vulnerability in Apache Jetspeed

Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.

8.8
2016-04-12 CVE-2016-3168 Drupal
Debian
7PK - Security Features vulnerability in multiple products

The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a "reflected file download vulnerability."

8.5
2016-04-12 CVE-2016-2857 Qemu
Canonical
Debian
Redhat
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.

8.4
2016-04-15 CVE-2015-5348 Apache Data Processing Errors vulnerability in Apache Camel

Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using (1) camel-jetty or (2) camel-servlet as a consumer in Camel routes, allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.

8.1
2016-04-14 CVE-2015-5343 Apache
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.

8.0
2016-04-15 CVE-2016-1274 Juniper Data Processing Errors vulnerability in Juniper Junos 14.1X53

Juniper Junos OS 14.1X53 before 14.1X53-D30 on QFX Series switches allows remote attackers to cause a denial of service (PFE panic) via a high rate of unspecified VXLAN packets.

7.8
2016-04-15 CVE-2016-1269 Juniper Resource Management Errors vulnerability in Juniper Junos

Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R9, 13.2X51 before 13.2X51-D39, 13.3 before 13.3R8, 14.1 before 14.1R6, 14.1X53 before 14.1X53-D30, 14.2 before 14.2R4-S1, 15.1 before 15.1R2, 15.1X49 before 15.1X49-D30, and 16.1 before 16.1R1 allow remote attackers to cause a denial of service (socket consumption) via crafted TCP timestamps.

7.8
2016-04-15 CVE-2016-1268 Juniper Improper Input Validation vulnerability in Juniper Screenos 6.3.0

The administrative web services interface in Juniper ScreenOS before 6.3.0r21 allows remote attackers to cause a denial of service (reboot) via a crafted SSL packet.

7.8
2016-04-14 CVE-2015-8676 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products

Memory leak in Huawei S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI, and S5300LI Campus series switches with software V200R001C00 before V200R001SPH018, V200R002C00 before V200R003SPH011, and V200R003C00 before V200R003SPH011; S9300, S7700, and S9700 Campus series switches with software V200R001C00 before V200R001SPH023, V200R002C00 before V200R003SPH011, and V200R003C00 before V200R003SPH011; and S2300 and S3300 Campus series switches with software V100R006C05 before V100R006SPH022 allows remote attackers to cause a denial of service (memory consumption and reboot) via a large number of ICMPv6 packets.

7.8
2016-04-13 CVE-2016-2515 Hawk Project Resource Management Errors vulnerability in Hawk Project Hawk 3.1.2/4.1.0

Hawk before 3.1.3 and 4.x before 4.1.1 allow remote attackers to cause a denial of service (CPU consumption or partial outage) via a long (1) header or (2) URI that is matched against an improper regular expression.

7.8
2016-04-13 CVE-2015-8682 Huawei Improper Input Validation vulnerability in Huawei Mate S Firmware and P8 Firmware

The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and GRA-CL10 before GRA-CL10C92B350 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to obtain sensitive information from stack memory or cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access.

7.8
2016-04-12 CVE-2016-0167 Microsoft Unspecified vulnerability in Microsoft products

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0165.

7.8
2016-04-12 CVE-2016-0165 Microsoft Unspecified vulnerability in Microsoft products

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0167.

7.8
2016-04-12 CVE-2016-0151 Microsoft Unspecified vulnerability in Microsoft products

The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka "Windows CSRSS Security Feature Bypass Vulnerability."

7.8
2016-04-12 CVE-2016-0150 Microsoft Data Processing Errors vulnerability in Microsoft Windows 10 1511

HTTP.sys in Microsoft Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability."

7.8
2016-04-12 CVE-2015-8702 Debian
Inspircd
Improper Input Validation vulnerability in multiple products

The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\032" (whitespace) character in a hostname.

7.8
2016-04-11 CVE-2015-5349 Apache Command Injection vulnerability in Apache Directory Studio and Ldap Studio

The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet.

7.8
2016-04-11 CVE-2016-3678 Huawei Improper Input Validation vulnerability in Huawei products

Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 allow remote attackers to cause a denial of service (switch restart) via crafted traffic.

7.8
2016-04-12 CVE-2016-0166 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 11

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

7.6
2016-04-12 CVE-2016-0164 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 10/11

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

7.6
2016-04-12 CVE-2016-0159 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 9

Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

7.6
2016-04-12 CVE-2016-0157 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0155 and CVE-2016-0156.

7.6
2016-04-12 CVE-2016-0156 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0155 and CVE-2016-0157.

7.6
2016-04-12 CVE-2016-0155 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0156 and CVE-2016-0157.

7.6
2016-04-12 CVE-2016-0154 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge and Internet Explorer

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."

7.6
2016-04-15 CVE-2015-5271 Redhat
Openstack
Information Exposure vulnerability in multiple products

The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.

7.5
2016-04-15 CVE-2010-5325 Redhat
Linuxfoundation
Oracle
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title.

7.5
2016-04-14 CVE-2016-4018 SAP Improper Access Control vulnerability in SAP Hana

The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and conduct unspecified other attacks via unspecified vectors, aka SAP Security Note 2262742.

7.5
2016-04-14 CVE-2015-8560 Canonical
Debian
Linuxfoundation
Arbitrary Command Execution vulnerability in cups-filters

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.

7.5
2016-04-14 CVE-2016-1352 Cisco OS Command Injection vulnerability in Cisco Unified Computing System Central Software 1.3(0.1)

Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856.

7.5
2016-04-13 CVE-2016-2054 Debian
Xymon
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long filename, involving handling a "config" command.

7.5
2016-04-13 CVE-2015-7545 GIT Project
Redhat
Canonical
Opensuse
Improper Input Validation vulnerability in multiple products

The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.

7.5
2016-04-13 CVE-2014-9766 Pixman
Canonical
Numeric Errors vulnerability in multiple products

Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values.

7.5
2016-04-11 CVE-2015-8710 Xmlsoft
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.

7.5
2016-04-11 CVE-2015-8708 Claws Mail Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Claws-Mail 3.13.1

Stack-based buffer overflow in the conv_euctojis function in codeconv.c in Claws Mail 3.13.1 allows remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion.

7.5
2016-04-11 CVE-2016-2193 Postgresql 7PK - Security Features vulnerability in Postgresql 9.5/9.5.1

PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role.

7.5
2016-04-11 CVE-2015-8614 Claws Mail
Opensuse
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion.

7.3
2016-04-11 CVE-2015-5329 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Openstack 7.0

The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the default credentials.

7.3
2016-04-16 CVE-2016-1340 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Unified Computing System Platform Emulator 2.5(2)Ts4/3.0(2C)A/3.0(2C)Ts9

Heap-based buffer overflow in Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted libclimeta.so filename arguments, aka Bug ID CSCux68837.

7.2
2016-04-16 CVE-2016-1339 Cisco OS Command Injection vulnerability in Cisco Unified Computing System Platform Emulator 2.5(2)Ts4/3.0(2C)A/3.0(2C)Ts9

Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted arguments on a ucspe-copy command line, aka Bug ID CSCux68832.

7.2
2016-04-15 CVE-2016-1271 Juniper Improper Input Validation vulnerability in Juniper Junos

Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D25, 13.2 before 13.2R8, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.2 before 14.2R4, 15.1 before 15.1R1 or 15.1F2, and 15.1X49 before 15.1X49-D15 allow local users to gain privileges via crafted combinations of CLI commands and arguments, a different vulnerability than CVE-2015-3003, CVE-2014-3816, and CVE-2014-0615.

7.2
2016-04-13 CVE-2016-2780 Huawei DLL Loading Local Code Execution vulnerability in Huawei Utps Firmware 23.009.09.00.983

Untrusted search path vulnerability in Huawei UTPS before UTPS-V200R003B015D15SP00C983 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in an unspecified directory.

7.2
2016-04-13 CVE-2015-8620 Avast Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Avast products

Heap-based buffer overflow in the Avast virtualization driver (aswSnx.sys) in Avast Internet Security, Pro Antivirus, Premier, and Free Antivirus before 11.1.2253 allows local users to gain privileges via a Unicode file path in an IOCTL request.

7.2
2016-04-12 CVE-2016-0160 Microsoft Remote Code Execution vulnerability in Microsoft Internet Explorer 11

Microsoft Internet Explorer 11 mishandles DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability." <a href="http://cwe.mitre.org/data/definitions/426.html">CWE-426: Untrusted Search Path</a>

7.2
2016-04-12 CVE-2016-0148 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft .Net Framework 4.6/4.6.1

Microsoft .NET Framework 4.6 and 4.6.1 mishandles library loading, which allows local users to gain privileges via a crafted application, aka ".NET Framework Remote Code Execution Vulnerability."

7.2
2016-04-12 CVE-2016-0143 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0165 and CVE-2016-0167.

7.2
2016-04-12 CVE-2016-0135 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Windows 10 1511

The Secondary Logon Service in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."

7.2
2016-04-12 CVE-2016-0088 Microsoft Improper Access Control vulnerability in Microsoft Windows 10, Windows 8.1 and Windows Server 2012

Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Execution Vulnerability."

7.2
2016-04-12 CVE-2016-3157 XEN
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access.

7.2
2016-04-12 CVE-2016-2558 Nvidia Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia GPU Driver R340 and GPU Driver R352

The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information, cause a denial of service (crash), or gain privileges via unspecified vectors related to an untrusted pointer, which trigger uninitialized or out-of-bounds memory access.

7.2
2016-04-12 CVE-2016-2557 Nvidia Permissions, Privileges, and Access Controls vulnerability in Nvidia GPU Driver R340 and GPU Driver R352

The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information from kernel memory, cause a denial of service (crash), or possibly gain privileges via unspecified vectors, which trigger uninitialized or out-of-bounds memory access.

7.2
2016-04-12 CVE-2016-2556 Nvidia Permissions, Privileges, and Access Controls vulnerability in Nvidia GPU Driver R340 and GPU Driver R352

The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows improperly allows access to restricted functionality, which allows local users to gain privileges via unspecified vectors.

7.2
2016-04-11 CVE-2016-2393 Lenovo Permissions, Privileges, and Access Controls vulnerability in Lenovo Fingerprint Manager and Touch Fingerprint

Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating local checks.

7.2
2016-04-11 CVE-2016-0709 Apache Path Traversal vulnerability in Apache Jetspeed

Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a ..

7.2
2016-04-13 CVE-2016-1496 Huawei Resource Management Errors vulnerability in Huawei P8 Firmware

The graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 allows attackers to cause a denial of service (system crash) via a crafted application, aka a "semaphore deadlock issue."

7.1
2016-04-11 CVE-2015-0266 Apache Permissions, Privileges, and Access Controls vulnerability in Apache Ranger 0.4.0

The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs.

7.1

117 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-04-13 CVE-2015-8843 Foxitsoftware Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Foxitsoftware Foxit Reader

The Foxit Cloud Update Service (FoxitCloudUpdateService) in Foxit Reader 6.1 through 6.2.x and 7.x before 7.2.2, when an update to the Cloud plugin is available, allows local users to gain privileges by writing crafted data to a shared memory region, which triggers memory corruption.

6.9
2016-04-15 CVE-2016-2076 Vmware Improper Authentication vulnerability in VMWare products

Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site.

6.8
2016-04-14 CVE-2015-8677 Huawei Resource Management Errors vulnerability in Huawei products

Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH008, and V200R006C00 before V200R006SPH002; S9300, S7700, and S9700 Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH009, and V200R006C00 before V200R006SPH003; S5720HI and S5720EI Campus series switches with software V200R006C00 before V200R006SPH002; and S2300 and S3300 Campus series switches with software V100R006C05 before V100R006SPH022 allows remote authenticated users to cause a denial of service (memory consumption and device restart) by logging in and out of the (1) HTTPS or (2) SFTP server, related to SSL session information.

6.8
2016-04-13 CVE-2016-3982 Opensuse
Debian
Optipng Project
Canonical
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.

6.8
2016-04-13 CVE-2016-3069 Mercurial
Debian
Suse
Opensuse
Fedoraproject
Redhat
Improper Input Validation vulnerability in multiple products

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.

6.8
2016-04-13 CVE-2016-3068 Debian
Mercurial
Fedoraproject
Redhat
Suse
Opensuse
Improper Input Validation vulnerability in multiple products

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.

6.8
2016-04-13 CVE-2016-1577 Canonical
Jasper Project
Denial of Service vulnerability in JasPer

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137.

6.8
2016-04-12 CVE-2016-2118 Samba
Canonical
Debian
7PK - Security Features vulnerability in multiple products

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."

6.8
2016-04-12 CVE-2016-3171 PHP
Drupal
Debian
Data Processing Errors vulnerability in multiple products

Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.

6.8
2016-04-12 CVE-2016-3169 Debian
Drupal
Permissions, Privileges, and Access Controls vulnerability in multiple products

The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.

6.8
2016-04-12 CVE-2016-1866 Saltstack
Opensuse
Improper Access Control vulnerability in multiple products

Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream.

6.8
2016-04-14 CVE-2015-8554 XEN Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in XEN

Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries, related to a "write path."

6.6
2016-04-15 CVE-2016-1264 Juniper Permissions, Privileges, and Access Controls vulnerability in Juniper Junos

Race condition in the Op command in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 12.3X50 before 12.3X50-D50, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.2X52 before 13.2X52-D30, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.1X53 before 14.1X53-D30, 14.2 before 14.2R4, 15.1 before 15.1F2 or 15.1R2, 15.1X49 before 15.1X49-D10 or 15.1X49-D20, and 16.1 before 16.1R1 allows remote authenticated users to gain privileges via the URL option.

6.5
2016-04-14 CVE-2015-7999 Citrix SQL Injection vulnerability in Citrix Command Center 5.1/5.2

Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5
2016-04-13 CVE-2016-2056 Xymon
Debian
Command Injection vulnerability in multiple products

xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c.

6.5
2016-04-12 CVE-2016-3172 Cacti SQL Injection vulnerability in Cacti

SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action.

6.5
2016-04-12 CVE-2016-3162 Drupal
Debian
Improper Access Control vulnerability in multiple products

The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files.

6.5
2016-04-12 CVE-2016-2166 Apache
Fedoraproject
Information Exposure vulnerability in multiple products

The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.

6.5
2016-04-12 CVE-2015-5167 Apache Permissions, Privileges, and Access Controls vulnerability in Apache Ranger 0.4.0/0.4.1/0.5.0

The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API.

6.5
2016-04-11 CVE-2015-8604 Cacti SQL Injection vulnerability in Cacti

SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action.

6.5
2016-04-11 CVE-2015-7330 Puppet 7PK - Security Features vulnerability in Puppet Enterprise 2015.3.0

Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protection mechanism by leveraging the Puppet communications protocol.

6.5
2016-04-11 CVE-2016-0735 Apache Permissions, Privileges, and Access Controls vulnerability in Apache Ranger 0.5.0/0.5.1

Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy.

6.5
2016-04-11 CVE-2016-3675 Huawei SQL Injection vulnerability in Huawei Policy Center Firmware V100R003C00/V100R003C10

SQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to system databases.

6.5
2016-04-11 CVE-2016-3659 Cacti SQL Injection vulnerability in Cacti

SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter.

6.5
2016-04-12 CVE-2016-3167 PHP
Drupal
Debian
Open redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" parameter.
6.4
2016-04-11 CVE-2016-2171 Apache Permissions, Privileges, and Access Controls vulnerability in Apache Jetspeed 2.3.0

The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the REST API.

6.4
2016-04-14 CVE-2016-3079 Redhat Cross-site Scripting vulnerability in Redhat Satellite and Spacewalk-Java

Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a (3) snapshot tag or (4) system group in System Set Manager (SSM).

6.1
2016-04-14 CVE-2016-2103 Redhat Cross-site Scripting vulnerability in Redhat Satellite 5.7

Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the list_1680466951_oldfilterval parameter to systems/PhysicalList.do or (2) unspecified vectors involving systems/VirtualSystemsList.do.

6.1
2016-04-11 CVE-2015-0265 Apache Cross-site Scripting vulnerability in Apache Ranger 0.4.0

Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header.

6.1
2016-04-11 CVE-2016-0712 Apache Cross-site Scripting vulnerability in Apache Jetspeed

Cross-site scripting (XSS) vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to portal.

6.1
2016-04-11 CVE-2016-0711 Apache Cross-site Scripting vulnerability in Apache Jetspeed

Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a (1) link, (2) page, or (3) folder resource.

6.1
2016-04-14 CVE-2011-4600 Canonical
Redhat
Improper Access Control vulnerability in multiple products

The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query.

5.9
2016-04-12 CVE-2016-2001 HP Information Disclosure vulnerability in HP UCMDB

HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain sensitive information or conduct URL redirection attacks via unspecified vectors.

5.8
2016-04-12 CVE-2016-0128 Microsoft 7PK - Security Features vulnerability in Microsoft products

The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "Windows SAM and LSAD Downgrade Vulnerability" or "BADLOCK."

5.8
2016-04-12 CVE-2016-3164 Drupal
Debian
Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, related to path manipulation.
5.8
2016-04-12 CVE-2015-8474 Debian
Redmine
Open Redirection vulnerability in Redmine

Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted back_url parameter, as demonstrated by "@attacker.com," a different vulnerability than CVE-2014-1985.

5.8
2016-04-11 CVE-2016-3676 Huawei 7PK - Security Features vulnerability in Huawei E3276S Firmware E3276S150Tcpuv200R002B250D04Sp00C00

Huawei E3276s USB modems with software before E3276s-150TCPU-V200R002B436D09SP00C00 allow man-in-the-middle attackers to intercept, spoof, or modify network traffic via unspecified vectors related to a fake network.

5.8
2016-04-14 CVE-2015-8550 XEN
Novell
Improper Access Control vulnerability in multiple products

Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.

5.7
2016-04-14 CVE-2015-0284 Redhat Cross-site Scripting vulnerability in Redhat Satellite and Spacewalk-Java

Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details.

5.4
2016-04-12 CVE-2016-2140 Openstack Information Exposure vulnerability in Openstack Nova

The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.

5.3
2016-04-11 CVE-2015-7528 Kubernetes
Redhat
Information Exposure vulnerability in multiple products

Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name.

5.3
2016-04-11 CVE-2015-7502 Redhat Information Exposure vulnerability in Redhat Cloudforms and Cloudforms Management Engine

Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files.

5.1
2016-04-15 CVE-2016-2212 Magento Information Exposure vulnerability in Magento

The getOrderByStatusUrlKey function in the Mage_Rss_Helper_Order class in app/code/core/Mage/Rss/Helper/Order.php in Magento Enterprise Edition before 1.14.2.3 and Magento Community Edition before 1.9.2.3 allows remote attackers to obtain sensitive order information via the order_id in a JSON object in the data parameter in an RSS feed request to index.php/rss/order/status.

5.0
2016-04-15 CVE-2016-2146 Fedoraproject
Uninett
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data.

5.0
2016-04-15 CVE-2016-2145 Fedoraproject
Uninett
Improper Input Validation vulnerability in multiple products

The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data.

5.0
2016-04-15 CVE-2016-1270 Juniper Data Processing Errors vulnerability in Juniper Junos

The rpd daemon in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D40, 13.3 before 13.3R6, 14.1 before 14.1R4, and 14.2 before 14.2R2, when configured with BGP-based L2VPN or VPLS, allows remote attackers to cause a denial of service (daemon restart) via a crafted L2VPN family BGP update.

5.0
2016-04-14 CVE-2016-4017 SAP Denial of Service vulnerability in SAP HANA

The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710.

5.0
2016-04-14 CVE-2016-4015 SAP Denial of Service vulnerability in SAP NetWeaver Enqueue Server

The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784.

5.0
2016-04-14 CVE-2016-1378 Cisco Information Exposure vulnerability in Cisco IOS

Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP) port, aka Bug ID CSCum62591.

5.0
2016-04-13 CVE-2015-8806 Xmlsoft
Canonical
Debian
dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.
5.0
2016-04-13 CVE-2015-3146 Libssh
Canonical
Debian
Fedoraproject
Denial of Service vulnerability in libssh

The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.

5.0
2016-04-13 CVE-2016-2055 Xymon
Debian
Information Exposure vulnerability in multiple products

xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command.

5.0
2016-04-13 CVE-2015-8555 Citrix
XEN
Information Exposure vulnerability in multiple products

Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors.

5.0
2016-04-13 CVE-2015-8080 Redislabs
Debian
Opensuse
Redhat
Integer Overflow or Wraparound vulnerability in multiple products

Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.

5.0
2016-04-12 CVE-2016-1376 Cisco Improper Input Validation vulnerability in Cisco IOS XR

Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (CRC and symbol errors, and interface flap) via crafted bit patterns in packets, aka Bug ID CSCuv78548.

5.0
2016-04-12 CVE-2016-1035 Adobe Information Exposure vulnerability in Adobe Robohelp 9/9.0.0.228/9.0.1

Adobe RoboHelp Server 9 before 9.0.1 mishandles SQL queries, which allows attackers to obtain sensitive information via unspecified vectors.

5.0
2016-04-12 CVE-2016-3656 Paloaltonetworks Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Paloaltonetworks Pan-Os

The GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote attackers to cause a denial of service (service crash) via a crafted request.

5.0
2016-04-12 CVE-2016-3170 Debian
Drupal
Information Exposure vulnerability in multiple products

The "have you forgotten your password" links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in.

5.0
2016-04-12 CVE-2016-3165 Drupal Improper Access Control vulnerability in Drupal

The Form API in Drupal 6.x before 6.38 ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has "#access" set to FALSE in the server-side form definition.

5.0
2016-04-12 CVE-2016-3163 Debian
Drupal
7PK - Security Features vulnerability in multiple products

The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same method.

5.0
2016-04-12 CVE-2015-8537 Debian
Redmine
Information Exposure vulnerability in multiple products

app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed.

5.0
2016-04-12 CVE-2015-8346 Redmine
Debian
Information Management Errors vulnerability in multiple products

app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.

5.0
2016-04-12 CVE-2015-8108 Lenovo 7PK - Security Features vulnerability in Lenovo EMC Firmware 4.1.204.33661

The management interface in LenovoEMC EZ Media & Backup (hm3), ix2/ix2-dl, ix4-300d, px12-400r/450r, px6-300d, px2-300d, px4-300r, px4-400d, px4-400r, and px4-300d NAS devices with firmware before 4.1.204.33661 allows remote attackers to obtain sensitive device information via unspecified vectors.

5.0
2016-04-11 CVE-2015-5303 Openstack 7PK - Security Features vulnerability in Openstack Tripleo Heat Templates

The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.

5.0
2016-04-11 CVE-2014-9759 Mantisbt Information Exposure vulnerability in Mantisbt 1.3.0

Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request.

5.0
2016-04-11 CVE-2012-6700 Debian
Dhcpcd Project
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response.

5.0
2016-04-11 CVE-2012-6699 Debian
Dhcpcd Project
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response.

5.0
2016-04-11 CVE-2012-6698 Debian
Dhcpcd Project
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response.

5.0
2016-04-11 CVE-2016-2164 Apache Information Exposure vulnerability in Apache Openmeetings

The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.

5.0
2016-04-11 CVE-2016-0783 Apache Information Exposure vulnerability in Apache Openmeetings

The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time.

5.0
2016-04-11 CVE-2015-8240 F5 Data Processing Errors vulnerability in F5 products

The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and BIG-IP PEM before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.0 HF6 and BIG-IP PSM before 11.4.1 HF10 does not properly handle TCP options, which allows remote attackers to cause a denial of service via unspecified vectors, related to the tm.minpathmtu database variable.

5.0
2016-04-12 CVE-2016-1885 Freebsd Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Freebsd 10.1/10.2/9.3

Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service (kernel panic) via an i386_set_ldt system call, which triggers a heap-based buffer overflow.

4.9
2016-04-13 CVE-2015-8551 Linux
Debian
Opensuse
Suse
NULL Pointer Dereference vulnerability in multiple products

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks."

4.7
2016-04-15 CVE-2016-1267 Juniper Race Condition vulnerability in Juniper Junos

Race condition in the RPC functionality in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.1X53 before 14.1X53-D30, 14.2 before 14.2R3-S4, 15.1 before 15.1F2, or 15.1R2, 15.1X49 before 15.1X49-D20, and 16.1 before 16.1R1 allows local users to read, delete, or modify arbitrary files via unspecified vectors.

4.4
2016-04-15 CVE-2016-1273 Juniper Cryptographic Issues vulnerability in Juniper Junos

Juniper Junos OS before 13.2X51-D40, 14.x before 14.1X53-D30, and 15.x before 15.1X53-D20 on QFX5100 and QFX10002 switches do not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic encryption and authentication protection mechanisms via unspecified vectors.

4.3
2016-04-14 CVE-2016-4016 SAP Cross-site Scripting vulnerability in SAP Java AS 7.4

Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigation/NavigationApplication, aka SAP Security Note 2201295.

4.3
2016-04-13 CVE-2016-0787 Fedoraproject
Opensuse
Libssh2
Debian
Information Exposure vulnerability in multiple products

The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."

4.3
2016-04-13 CVE-2016-0757 Openstack Improper Access Control vulnerability in Openstack Image Registry and Delivery Service (Glance) 11.0.0/11.0.1/2015.1.2

OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image.

4.3
2016-04-13 CVE-2016-0739 Redhat
Canonical
Libssh
Fedoraproject
Debian
Information Exposure vulnerability in multiple products

libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."

4.3
2016-04-13 CVE-2015-8784 Libtiff
Debian
Out-of-bounds Write vulnerability in multiple products

The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif.

4.3
2016-04-13 CVE-2015-8683 Libtiff
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image.

4.3
2016-04-13 CVE-2015-8665 Libtiff Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff 4.0.6

tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.

4.3
2016-04-13 CVE-2015-1547 Debian
Libtiff
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.

4.3
2016-04-13 CVE-2014-9655 Debian
Remotesensing
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.

4.3
2016-04-13 CVE-2016-3686 F5 Information Exposure vulnerability in F5 Big-Ip Access Policy Manager and Big-Ip Edge Gateway

The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 HF6 and BIG-IP Edge Gateway 11.0.0 through 11.3.0 might allow remote attackers to obtain sensitive SessionId information by leveraging access to the Location HTTP header in a redirect.

4.3
2016-04-13 CVE-2016-2533 Python
Python Imaging Project
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.

4.3
2016-04-13 CVE-2016-2228 Debian
Horde
Fedoraproject
Cross-site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to xplorer/gollem/manager.php.

4.3
2016-04-13 CVE-2016-2191 Optipng
Canonical
Debian
Opensuse
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.

4.3
2016-04-13 CVE-2016-0775 Python
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.

4.3
2016-04-13 CVE-2016-0740 Python
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.

4.3
2016-04-13 CVE-2015-8807 Fedoraproject
Horde
Debian
Cross-site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields.

4.3
2016-04-13 CVE-2015-8606 Silverstripe Cross-site Scripting vulnerability in Silverstripe

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm.

4.3
2016-04-13 CVE-2015-7555 Giflib Project
Fedoraproject
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service (program crash) via crafted image and logical screen width fields in a GIF file.

4.3
2016-04-13 CVE-2016-2116 Canonical
Jasper Project
Resource Management Errors vulnerability in multiple products

Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file.

4.3
2016-04-12 CVE-2016-1377 Cisco Cross-site Scripting vulnerability in Cisco Unity Connection

Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776.

4.3
2016-04-12 CVE-2016-0162 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka "Internet Explorer Information Disclosure Vulnerability."

4.3
2016-04-12 CVE-2016-0161 Microsoft 7PK - Security Features vulnerability in Microsoft Edge

Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0158.

4.3
2016-04-12 CVE-2016-0158 Microsoft 7PK - Security Features vulnerability in Microsoft Edge

Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0161.

4.3
2016-04-12 CVE-2015-7520 Apache Cross-site Scripting vulnerability in Apache Wicket

Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a <input> element.

4.3
2016-04-12 CVE-2015-5347 Apache Cross-site Scripting vulnerability in Apache Wicket

Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 might allow remote attackers to inject arbitrary web script or HTML via a ModalWindow title.

4.3
2016-04-12 CVE-2016-4003 Apache Cross-site Scripting vulnerability in Apache Struts

Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter.

4.3
2016-04-12 CVE-2016-2162 Apache Cross-site Scripting vulnerability in Apache Struts

Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.

4.3
2016-04-12 CVE-2016-3166 Debian
Drupal
CRLF injection vulnerability in the drupal_set_header function in Drupal 6.x before 6.38, when used with PHP before 5.1.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers.
4.3
2016-04-12 CVE-2015-3268 Apache Cross-site Scripting vulnerability in Apache Ofbiz

Cross-site scripting (XSS) vulnerability in the DisplayEntityField.getDescription method in ModelFormField.java in Apache OFBiz before 12.04.06 and 13.07.x before 13.07.03 allows remote attackers to inject arbitrary web script or HTML via the description attribute of a display-entity element.

4.3
2016-04-11 CVE-2015-8398 Atlassian Cross-site Scripting vulnerability in Atlassian Confluence

Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check.

4.3
2016-04-11 CVE-2016-2163 Apache Cross-site Scripting vulnerability in Apache Openmeetings

Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event.

4.3
2016-04-11 CVE-2015-5233 Theforeman
Redhat
Permissions, Privileges, and Access Controls vulnerability in multiple products

Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual report show/delete pages or (b) APIs.

4.2
2016-04-14 CVE-2015-8336 Huawei Permissions, Privileges, and Access Controls vulnerability in Huawei Fusioncompute Firmware

Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors.

4.0
2016-04-14 CVE-2015-5247 Redhat
Canonical
Improper Access Control vulnerability in multiple products

The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.

4.0
2016-04-13 CVE-2016-2084 F5 Information Exposure vulnerability in F5 products

F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP DNS 12.0.0 before build 1.14.628; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, and 11.6.0 before build 6.204.442; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 build 685-HF10; BIG-IQ Cloud, Device, and Security 4.2.0 through 4.5.0; and BIG-IQ ADC 4.5.0 do not properly regenerate certificates and keys when deploying cloud images in Amazon Web Services (AWS), Azure or Verizon cloud services environments, which allows attackers to obtain sensitive information or cause a denial of service (disruption) by leveraging a target instance configuration.

4.0
2016-04-13 CVE-2015-0861 Tryton
Debian
Permissions, Privileges, and Access Controls vulnerability in multiple products

model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records.

4.0
2016-04-13 CVE-2014-6276 Roundup Tracker
Debian
Permissions, Privileges, and Access Controls vulnerability in multiple products

schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.

4.0
2016-04-12 CVE-2016-4004 Dell Path Traversal vulnerability in Dell Openmanage Server Administrator 8.2

Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile.

4.0
2016-04-12 CVE-2015-8473 Debian
Redmine
Information Exposure vulnerability in multiple products

The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.

4.0
2016-04-12 CVE-2015-8021 F5 Improper Access Control vulnerability in F5 products

Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x before 11.2.1 HF11, 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; BIG-IP AAM 11.4.0 before HF8 and 11.4.1 before HF6; BIG-IP AFM and PEM 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; and BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF11 and 11.3.0 allows remote authenticated users to upload files via uploadImage.php.

4.0
2016-04-11 CVE-2015-8399 Atlassian Information Exposure vulnerability in Atlassian Confluence

Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.

4.0
2016-04-11 CVE-2016-0784 Apache Path Traversal vulnerability in Apache Openmeetings

Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a ..

4.0

15 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-04-15 CVE-2016-3144 Fourkitchens
Fedoraproject
Cross-site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitrary web script or HTML via a class name.

3.5
2016-04-15 CVE-2015-7676 Ipswitch Cross-site Scripting vulnerability in Ipswitch Moveit DMZ 8.1

Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading HTML files.

3.5
2016-04-13 CVE-2016-2058 Debian
Xymon
Cross-site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the "detailed status" page, or (2) remote authenticated users to inject arbitrary web script or HTML via an acknowledgement message, which is not properly handled in the "status" page.

3.5
2016-04-12 CVE-2016-3985 Pulsesecure Improper Access Control vulnerability in Pulsesecure Pulse Connect Secure 8.1R7/8.2R1

The Terminal Services Remote Desktop Protocol (RDP) client session restrictions feature in Pulse Connect Secure (aka PCS) 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access restrictions via unspecified vectors.

3.3
2016-04-12 CVE-2016-0887 Dell Information Exposure vulnerability in Dell products

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.

2.6
2016-04-11 CVE-2015-5313 Redhat Path Traversal vulnerability in Redhat Libvirt

Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a ..

2.5
2016-04-15 CVE-2016-3961 Canonical
XEN
Improper Input Validation vulnerability in multiple products

Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area.

2.1
2016-04-13 CVE-2016-2057 Xymon
Debian
Permissions, Privileges, and Access Controls vulnerability in multiple products

lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue.

2.1
2016-04-13 CVE-2015-8553 XEN
Redhat
Information Exposure vulnerability in multiple products

Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits.

2.1
2016-04-12 CVE-2016-0090 Microsoft Information Exposure vulnerability in Microsoft Windows 10, Windows 8.1 and Windows Server 2012

Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability."

2.1
2016-04-12 CVE-2016-0089 Microsoft Information Exposure vulnerability in Microsoft Windows 10, Windows 8.1 and Windows Server 2012

Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability."

2.1
2016-04-12 CVE-2015-5158 Qemu Out-of-bounds Write vulnerability in Qemu

Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance crash) via an invalid opcode in a SCSI command descriptor block.

2.1
2016-04-13 CVE-2016-3159 Oracle
XEN
Fedoraproject
Debian
Improper Access Control vulnerability in multiple products

The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits.

1.7
2016-04-13 CVE-2016-3158 XEN
Fedoraproject
Oracle
Improper Access Control vulnerability in multiple products

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits.

1.7
2016-04-13 CVE-2015-8552 XEN
Canonical
Debian
Novell
Improper Input Validation vulnerability in multiple products

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks."

1.7