Weekly Vulnerabilities Reports > May 16 to 22, 2016

Overview

171 new vulnerabilities reported during this period, including 43 critical vulnerabilities and 28 high severity vulnerabilities. This weekly summary report vulnerabilities in 58 products from 34 vendors including Apple, PHP, Redhat, Debian, and Opensuse. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Information Exposure", "Improper Access Control", and "Permissions, Privileges, and Access Controls".

  • 161 reported vulnerabilities are remotely exploitables.
  • 12 reported vulnerabilities have public exploit available.
  • 23 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 154 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 74 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 32 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

43 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-05-22 CVE-2015-8880 PHP Double Free Memory Corruption vulnerability in PHP

Double free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by triggering an error.

10.0
2016-05-18 CVE-2016-2077 Microsoft
Vmware
Permissions, Privileges, and Access Controls vulnerability in VMWare Player and Workstation

VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors.

10.0
2016-05-16 CVE-2016-2554 PHP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP

Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive.

10.0
2016-05-16 CVE-2015-5589 PHP Improper Input Validation vulnerability in PHP

The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call.

10.0
2016-05-16 CVE-2015-4642 Microsoft
PHP
OS Command Injection vulnerability in PHP

The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function.

10.0
2016-05-16 CVE-2015-4603 PHP
Redhat
Remote Security vulnerability in PHP

The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue.

10.0
2016-05-16 CVE-2015-4602 Redhat
PHP
The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.
10.0
2016-05-16 CVE-2015-4601 Redhat
PHP
Memory Corruption vulnerability in PHP

PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600.

10.0
2016-05-16 CVE-2015-4600 Redhat
PHP
Remote Code Execution and Denial of service vulnerability in Redhat and PHP

The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods.

10.0
2016-05-16 CVE-2015-4599 PHP
Redhat
Remote Memory Corruption vulnerability in PHP

The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.

10.0
2016-05-19 CVE-2016-2208 Symantec Resource Management Errors vulnerability in Symantec Anti-Virus Engine 20151.1.0.32

The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file.

9.4
2016-05-20 CVE-2016-1846 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference and memory corruption) via a crafted app.

9.3
2016-05-20 CVE-2016-1834 Canonical
Apple
Debian
Redhat
Xmlsoft
Mcafee
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.

9.3
2016-05-20 CVE-2016-1831 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

The kernel in Apple iOS before 9.3.2 and OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3
2016-05-20 CVE-2016-1829 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1828, and CVE-2016-1830.

9.3
2016-05-20 CVE-2016-1828 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1829, and CVE-2016-1830.

9.3
2016-05-20 CVE-2016-1827 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1828, CVE-2016-1829, and CVE-2016-1830.

9.3
2016-05-20 CVE-2016-1826 Apple Multiple Security vulnerability in Apple Mac OS X APPLE-SA-2016-05-16-4

Integer overflow in the dtrace implementation in the kernel in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3
2016-05-20 CVE-2016-1825 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

IOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3
2016-05-20 CVE-2016-1824 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1823.

9.3
2016-05-20 CVE-2016-1823 Apple Out-Of-Bounds Read vulnerability in Apple products

The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read and memory corruption) via a crafted IOHIDReportType enum, which triggers an incorrect cast, a different vulnerability than CVE-2016-1824.

9.3
2016-05-20 CVE-2016-1822 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

IOFireWireFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3
2016-05-20 CVE-2016-1821 Apple Multiple Security vulnerability in Apple Mac OS X APPLE-SA-2016-05-16-4

IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

9.3
2016-05-20 CVE-2016-1820 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

Buffer overflow in IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3
2016-05-20 CVE-2016-1819 Apple USE After Free vulnerability in Apple products

Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1818.

9.3
2016-05-20 CVE-2016-1818 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1819.

9.3
2016-05-20 CVE-2016-1817 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1818 and CVE-2016-1819.

9.3
2016-05-20 CVE-2016-1816 Apple Multiple Security vulnerability in Apple Mac OS X APPLE-SA-2016-05-16-4

IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

9.3
2016-05-20 CVE-2016-1815 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3
2016-05-20 CVE-2016-1813 Apple Null Pointer Dereference vulnerability in Apple products

The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

9.3
2016-05-20 CVE-2016-1812 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

Buffer overflow in Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3
2016-05-20 CVE-2016-1810 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

The Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3
2016-05-20 CVE-2016-1808 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

The Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3
2016-05-20 CVE-2016-1806 Apple Improper Access Control vulnerability in Apple mac OS X

Crash Reporter in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3
2016-05-20 CVE-2016-1805 Apple Improper Access Control vulnerability in Apple mac OS X

CoreStorage in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3
2016-05-20 CVE-2016-1804 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

The Multi-Touch subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3
2016-05-20 CVE-2016-1800 Apple Improper Input Validation vulnerability in Apple mac OS X

Captive Network Assistant in Apple OS X before 10.11.5 mishandles a custom URL scheme, which allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.

9.3
2016-05-20 CVE-2016-1799 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

Audio in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3
2016-05-20 CVE-2016-1797 Apple Improper Access Control vulnerability in Apple mac OS X

Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app.

9.3
2016-05-20 CVE-2016-1795 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

AppleGraphicsPowerManagement in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3
2016-05-20 CVE-2016-1794 Apple Multiple Security vulnerability in Apple Mac OS X APPLE-SA-2016-05-16-4

The AppleGraphicsControlClient::checkArguments method in AppleGraphicsControl in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

9.3
2016-05-20 CVE-2016-1793 Apple Multiple Security vulnerability in Apple Mac OS X APPLE-SA-2016-05-16-4

AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

9.3
2016-05-20 CVE-2016-1792 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

The AMD subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3

28 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-05-20 CVE-2016-1830 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1828, and CVE-2016-1829.

8.5
2016-05-22 CVE-2016-4342 Opensuse
PHP
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive.

8.3
2016-05-20 CVE-2016-1809 Apple Information Disclosure vulnerability in Apple Mac OS X

Disk Utility in Apple OS X before 10.11.5 uses incorrect encryption keys for disk images, which has unspecified impact and attack vectors.

7.8
2016-05-22 CVE-2016-4544 PHP
Opensuse
Fedoraproject
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.

7.5
2016-05-22 CVE-2016-4543 HP
PHP
Fedoraproject
Opensuse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.

7.5
2016-05-22 CVE-2016-4542 PHP
Opensuse
Fedoraproject
Buffer Errors vulnerability in PHP

The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.

7.5
2016-05-22 CVE-2016-4541 Fedoraproject
PHP
Opensuse
Local Memory Corruption vulnerability in PHP 'grapheme_string.c' Out of Bounds Read

The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.

7.5
2016-05-22 CVE-2016-4540 Fedoraproject
Opensuse
PHP
Local Memory Corruption vulnerability in PHP 'grapheme_string.c' Out of Bounds Read

The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.

7.5
2016-05-22 CVE-2016-4539 PHP
Opensuse
Fedoraproject
Buffer Errors vulnerability in PHP

The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero.

7.5
2016-05-22 CVE-2016-4538 PHP
Fedoraproject
Opensuse
Improper Input Validation vulnerability in PHP

The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.

7.5
2016-05-22 CVE-2016-4537 PHP
Opensuse
Fedoraproject
Improper Input Validation vulnerability in PHP

The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.

7.5
2016-05-22 CVE-2016-4346 PHP
Opensuse
Numeric Errors vulnerability in PHP

Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.

7.5
2016-05-22 CVE-2016-4345 PHP Numeric Errors vulnerability in PHP

Integer overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.

7.5
2016-05-22 CVE-2016-4344 PHP Numeric Errors vulnerability in PHP

Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long argument to the utf8_encode function, leading to a heap-based buffer overflow.

7.5
2016-05-22 CVE-2015-8876 PHP Security Bypass vulnerability in PHP

Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data.

7.5
2016-05-20 CVE-2016-4073 PHP
Apple
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call.

7.5
2016-05-20 CVE-2016-4072 PHP
Apple
Improper Input Validation vulnerability in multiple products

The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar/phar.c.

7.5
2016-05-20 CVE-2016-4071 PHP
Apple
Improper Input Validation vulnerability in multiple products

Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call.

7.5
2016-05-20 CVE-2015-8865 PHP
Apple
Buffer Errors vulnerability in PHP

The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.

7.5
2016-05-16 CVE-2015-8835 PHP NULL Pointer Dereference Denial of Service vulnerability in PHP

The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c.

7.5
2016-05-16 CVE-2015-6835 PHP Remote Code Execution vulnerability in PHP 'php_var_unserialize()' Function Use After Free

The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content.

7.5
2016-05-16 CVE-2015-6834 PHP Remote Code Execution vulnerability in PHP

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.

7.5
2016-05-16 CVE-2015-4643 PHP
Debian
Redhat
Oracle
Buffer Errors vulnerability in PHP

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.

7.5
2016-05-16 CVE-2015-4598 Redhat
PHP
Improper Input Validation vulnerability in multiple products

PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files.

7.5
2016-05-16 CVE-2015-4116 Opensuse
PHP
Use After Free Local Arbitrary Code Execution vulnerability in PHP

Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation.

7.5
2016-05-20 CVE-2016-1742 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Itunes

Untrusted search path vulnerability in the installer in Apple iTunes before 12.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

7.2
2016-05-18 CVE-2016-4480 Oracle
XEN
Permissions, Privileges, and Access Controls vulnerability in multiple products

The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.

7.2
2016-05-22 CVE-2015-8878 PHP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP

main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses.

7.1

92 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-05-22 CVE-2016-2157 Moodle Cross-Site Request Forgery (CSRF) vulnerability in Moodle

Cross-site request forgery (CSRF) vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage Assignment plugins.

6.8
2016-05-22 CVE-2016-4343 PHP Uninitialized Pointer Denial of Service vulnerability in PHP

The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.

6.8
2016-05-22 CVE-2015-8866 PHP
Canonical
XML External Entity Injection vulnerability in PHP 'libxml_disable_entity_loader()'

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.

6.8
2016-05-20 CVE-2016-3728 Theforeman Improper Access Control vulnerability in Theforeman Foreman 1.10.3/1.11.0/1.11.1

Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/.

6.8
2016-05-20 CVE-2016-3693 Safemode Project Permissions, Privileges, and Access Controls vulnerability in Safemode Project Safemode

The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.

6.8
2016-05-20 CVE-2016-1859 Apple
Webkitgtk
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

6.8
2016-05-20 CVE-2016-1857 Apple
Webkitgtk
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856.

6.8
2016-05-20 CVE-2016-1856 Apple
Webkitgtk
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1857.

6.8
2016-05-20 CVE-2016-1855 Apple Buffer Errors vulnerability in Apple Iphone OS, Safari and Tvos

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1856, and CVE-2016-1857.

6.8
2016-05-20 CVE-2016-1854 Apple
Webkitgtk
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1855, CVE-2016-1856, and CVE-2016-1857.

6.8
2016-05-20 CVE-2016-1850 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

SceneKit in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.

6.8
2016-05-20 CVE-2016-1848 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.

6.8
2016-05-20 CVE-2016-1847 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

6.8
2016-05-20 CVE-2016-1841 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

6.8
2016-05-20 CVE-2016-1840 Debian
Apple
Canonical
Redhat
Xmlsoft
Mcafee
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.

6.8
2016-05-20 CVE-2016-1835 Canonical
Apple
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.

6.8
2016-05-20 CVE-2016-1803 Apple Null Pointer Dereference vulnerability in Apple products

CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

6.8
2016-05-20 CVE-2016-2100 Theforeman Improper Access Control vulnerability in Theforeman Foreman

Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission.

6.5
2016-05-16 CVE-2016-3185 PHP Improper Input Validation vulnerability in PHP

The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c.

6.4
2016-05-16 CVE-2015-3411 Redhat
PHP
Improper Input Validation vulnerability in multiple products

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files.

6.4
2016-05-22 CVE-2016-2221 Wordpress Unspecified vulnerability in Wordpress

Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers incorrect hostname parsing, as demonstrated by an https:example.com URL.

5.8
2016-05-17 CVE-2016-3726 Jenkins
Redhat
Open Redirection vulnerability in Jenkins

Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.

5.8
2016-05-22 CVE-2016-2190 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log.

5.0
2016-05-22 CVE-2016-2222 Wordpress Unspecified vulnerability in Wordpress 4.4.1

The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php.

5.0
2016-05-22 CVE-2015-8879 PHP Improper Input Validation vulnerability in PHP

The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.

5.0
2016-05-22 CVE-2015-8877 Libgd
PHP
Resource Management Errors vulnerability in multiple products

The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function.

5.0
2016-05-22 CVE-2015-8867 PHP
Canonical
Cryptographic Issues vulnerability in multiple products

The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.

5.0
2016-05-21 CVE-2016-1402 Cisco Buffer Errors vulnerability in Cisco Identity Services Engine Software 1.2.0.899

The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815.

5.0
2016-05-20 CVE-2016-4348 Gnome
Debian
Opensuse
Improper Input Validation vulnerability in multiple products

The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.

5.0
2016-05-20 CVE-2015-7558 Debian
Gnome
Improper Input Validation vulnerability in multiple products

librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.

5.0
2016-05-20 CVE-2015-7557 Gnome Improper Input Validation vulnerability in Gnome Librsvg

The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document.

5.0
2016-05-20 CVE-2016-4070 PHP Numeric Errors vulnerability in PHP

** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function.

5.0
2016-05-20 CVE-2016-1853 Apple Information Exposure vulnerability in Apple mac OS X

Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support.

5.0
2016-05-20 CVE-2016-1844 Apple Improper Access Control vulnerability in Apple mac OS X

The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors.

5.0
2016-05-20 CVE-2016-1843 Apple Improper Input Validation vulnerability in Apple mac OS X

The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors.

5.0
2016-05-20 CVE-2016-1842 Apple Improper Access Control vulnerability in Apple Iphone OS, mac OS X and Watchos

MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.

5.0
2016-05-20 CVE-2016-1801 Apple Information Exposure vulnerability in Apple Iphone OS, mac OS X and Tvos

The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 mishandles URLs in http and https requests, which allows remote attackers to obtain sensitive information via unspecified vectors.

5.0
2016-05-17 CVE-2016-4425 Jansson Project Improper Input Validation vulnerability in Jansson Project Jansson

Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data.

5.0
2016-05-17 CVE-2016-3725 Jenkins
Redhat
Permissions, Privileges, and Access Controls vulnerability in Jenkins

Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check.

5.0
2016-05-17 CVE-2016-3705 Canonical
Xmlsoft
Debian
HP
Opensuse
Improper Input Validation vulnerability in multiple products

The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.

5.0
2016-05-17 CVE-2016-3674 Debian
Fedoraproject
Xstream Project
Information Exposure vulnerability in multiple products

Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document.

5.0
2016-05-17 CVE-2016-3627 Opensuse
Debian
HP
Xmlsoft
Canonical
Improper Input Validation vulnerability in multiple products

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.

5.0
2016-05-16 CVE-2015-8874 Opensuse
PHP
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.

5.0
2016-05-16 CVE-2015-8873 PHP
Opensuse
Improper Input Validation vulnerability in PHP

Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls.

5.0
2016-05-16 CVE-2015-6838 PHP
Xmlsoft
Denial of Service vulnerability in PHP 'xsltprocessor.c' Null Pointer Deference

The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837.

5.0
2016-05-16 CVE-2015-6837 PHP
Xmlsoft
Denial of Service vulnerability in PHP 'valuePop()' Function Null Pointer Deference

The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838.

5.0
2016-05-16 CVE-2015-4644 Redhat
PHP
Incomplete Fix Null Pointer Deference Denial of Service vulnerability in PHP

The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.

5.0
2016-05-16 CVE-2015-4605 PHP
Redhat
Improper Input Validation vulnerability in PHP

The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.

5.0
2016-05-16 CVE-2015-4604 PHP
Redhat
Improper Input Validation vulnerability in PHP

The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.

5.0
2016-05-16 CVE-2015-3412 PHP
Redhat
Information Exposure vulnerability in PHP

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension.

5.0
2016-05-16 CVE-2014-0236 PHP NULL Pointer Dereference Denial of Service vulnerability in PHP

file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a zero root_storage value in a CDF file, related to cdf.c and readcdf.c.

5.0
2016-05-20 CVE-2016-4439 Canonical
Qemu
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors.

4.6
2016-05-20 CVE-2016-1832 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

libc in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

4.6
2016-05-22 CVE-2016-2153 Moodle Cross-Site Scripting vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in the advanced-search feature in mod_data in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted field in a URL, as demonstrated by a search form field.

4.3
2016-05-22 CVE-2016-2152 Moodle Cross-Site Scripting vulnerability in Moodle

Multiple cross-site scripting (XSS) vulnerabilities in auth/db/auth.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an external DB profile field.

4.3
2016-05-22 CVE-2016-4567 Mediaelementjs
Wordpress
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn."

4.3
2016-05-22 CVE-2016-4566 Wordpress
Plupload
Cross-Site Scripting vulnerability in Wordpress

Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.

4.3
2016-05-22 CVE-2016-1564 Wordpress Cross-Site Scripting vulnerability in Wordpress

Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/class-wp-theme.php in WordPress before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a (1) stylesheet name or (2) template name to wp-admin/customize.php.

4.3
2016-05-22 CVE-2015-8834 Wordpress Cross-Site Scripting vulnerability in Wordpress

Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type.

4.3
2016-05-22 CVE-2015-5714 Wordpress Cross-Site Scripting vulnerability in Wordpress

Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.

4.3
2016-05-22 CVE-2014-9767 PHP
Hiphop Virtual Machine FOR PHP Project
Path Traversal vulnerability in PHP

Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive.

4.3
2016-05-21 CVE-2016-1401 Cisco Cross-Site Scripting vulnerability in Cisco Unified Computing System Central Software 1.4(1A)

Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250.

4.3
2016-05-20 CVE-2016-1858 Apple
Webkitgtk
Information Exposure vulnerability in multiple products

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site.

4.3
2016-05-20 CVE-2016-1839 Apple
Canonical
Debian
Redhat
Mcafee
Xmlsoft
Out-Of-Bounds Read vulnerability in multiple products

The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

4.3
2016-05-20 CVE-2016-1838 Canonical
Debian
Apple
Redhat
Mcafee
Xmlsoft
Out-Of-Bounds Read vulnerability in multiple products

The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

4.3
2016-05-20 CVE-2016-1837 Canonical
Debian
Apple
Redhat
Mcafee
Xmlsoft
USE After Free vulnerability in multiple products

Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document.

4.3
2016-05-20 CVE-2016-1836 Canonical
Debian
Apple
Redhat
Xmlsoft
Mcafee
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.

4.3
2016-05-20 CVE-2016-1833 Apple
Debian
Canonical
Redhat
Xmlsoft
Mcafee
Out-Of-Bounds Read vulnerability in multiple products

The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

4.3
2016-05-20 CVE-2016-1814 Apple Null Pointer Dereference vulnerability in Apple Iphone OS, mac OS X and Tvos

IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.

4.3
2016-05-20 CVE-2016-1811 Apple Null Pointer Dereference vulnerability in Apple products

ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.

4.3
2016-05-20 CVE-2016-1802 Apple Information Exposure vulnerability in Apple products

CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app.

4.3
2016-05-20 CVE-2016-1798 Apple Multiple Security vulnerability in Apple Mac OS X APPLE-SA-2016-05-16-4

Audio in Apple OS X before 10.11.5 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.

4.3
2016-05-20 CVE-2016-1796 Apple Information Exposure vulnerability in Apple mac OS X

Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds memory access) via a crafted app.

4.3
2016-05-20 CVE-2016-1791 Apple Information Exposure vulnerability in Apple mac OS X

The AMD subsystem in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.

4.3
2016-05-20 CVE-2016-1790 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS

Buffer overflow in the Accessibility component in Apple iOS before 9.3.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.

4.3
2016-05-17 CVE-2016-0306 IBM Information Exposure vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.41, 8.0 before 8.0.0.13, and 8.5 before 8.5.5.10, when FIPS 140-2 is enabled, misconfigures TLS, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

4.3
2016-05-16 CVE-2015-8838 PHP Improper Access Control vulnerability in PHP

ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.

4.3
2016-05-16 CVE-2015-3152 Oracle
Mariadb
Improper Access Control vulnerability in Oracle Mysql

Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.

4.3
2016-05-22 CVE-2016-2159 Moodle Improper Access Control vulnerability in Moodle

The save_submission function in mod/assign/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service request.

4.0
2016-05-22 CVE-2016-2158 Moodle Information Exposure vulnerability in Moodle

lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request.

4.0
2016-05-22 CVE-2016-2156 Moodle Information Exposure vulnerability in Moodle

calendar/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 provides calendar-event data without considering whether an activity is hidden, which allows remote authenticated users to obtain sensitive information via a web-service request.

4.0
2016-05-22 CVE-2016-2155 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

The grade-reporting feature in Singleview (aka Single View) in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/grade:manage capability, which allows remote authenticated users to modify "Exclude grade" settings by leveraging the Non-Editing Instructor role.

4.0
2016-05-22 CVE-2016-2154 Moodle Information Exposure vulnerability in Moodle

admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to a rule.

4.0
2016-05-22 CVE-2016-2151 Moodle Information Exposure vulnerability in Moodle

user/index.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 grants excessive authorization on the basis of the moodle/course:viewhiddenuserfields capability, which allows remote authenticated users to discover student e-mail addresses by leveraging the teacher role and reading a Participants list.

4.0
2016-05-22 CVE-2015-5715 Wordpress Permissions, Privileges, and Access Controls vulnerability in Wordpress

The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors.

4.0
2016-05-18 CVE-2016-0731 Apache Improper Access Control vulnerability in Apache Ambari

The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration.

4.0
2016-05-17 CVE-2016-3727 Jenkins
Redhat
Information Exposure vulnerability in Jenkins

The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.

4.0
2016-05-17 CVE-2016-3724 Redhat
Jenkins
Information Exposure vulnerability in multiple products

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.

4.0
2016-05-17 CVE-2016-3723 Jenkins
Redhat
Information Exposure vulnerability in Jenkins

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.

4.0
2016-05-17 CVE-2016-3722 Jenkins
Redhat
Permissions, Privileges, and Access Controls vulnerability in multiple products

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name."

4.0
2016-05-17 CVE-2016-3721 Redhat
Jenkins
Code vulnerability in multiple products

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.

4.0
2016-05-17 CVE-2016-0323 IBM Improper Access Control vulnerability in IBM Bluemix

The Auto-Scaling agent in Liberty for Java in IBM Bluemix before 2.7-20160321-1358 allows remote authenticated users to disable X.509 certificate validation, and consequently bypass an intended HTTPS trust-management feature, via unspecified vectors.

4.0

8 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-05-22 CVE-2015-7989 Wordpress Cross-Site Scripting vulnerability in Wordpress

Cross-site scripting (XSS) vulnerability in the user list table in WordPress before 4.3.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted e-mail address, a different vulnerability than CVE-2015-5714.

3.5
2016-05-20 CVE-2016-3739 Haxx Improper Input Validation vulnerability in Haxx Curl

The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate.

2.6
2016-05-20 CVE-2016-4441 Qemu
Canonical
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command.

2.1
2016-05-20 CVE-2016-1852 Apple Information Exposure vulnerability in Apple Iphone OS

Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state, which allows physically proximate attackers to obtain sensitive contact and photo information via unspecified vectors.

2.1
2016-05-20 CVE-2016-1851 Apple Multiple Security vulnerability in Apple Mac OS X APPLE-SA-2016-05-16-4

The Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows physically proximate attackers to reset expired passwords in the lock-screen state via unspecified vectors.

2.1
2016-05-20 CVE-2016-1849 Apple Information Exposure vulnerability in Apple Iphone OS and Safari

The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory.

2.1
2016-05-18 CVE-2016-0707 Apache Permissions, Privileges, and Access Controls vulnerability in Apache Ambari

The agent in Apache Ambari before 2.1.2 uses weak permissions for the (1) /var/lib/ambari-agent/data and (2) /var/lib/ambari-agent/keys directories, which allows local users to obtain sensitive information by reading files in the directories.

2.1
2016-05-20 CVE-2016-1807 Apple Race Condition vulnerability in Apple products

Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors.

1.9