Weekly Vulnerabilities Reports > June 6 to 12, 2016
Overview
96 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 31 high severity vulnerabilities. This weekly summary report vulnerabilities in 133 products from 47 vendors including HP, Redhat, Debian, Canonical, and Opensuse. Vulnerabilities are notably categorized as "Information Exposure", "Improper Input Validation", "Improper Access Control", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Permissions, Privileges, and Access Controls".
- 72 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 21 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 68 reported vulnerabilities are exploitable by an anonymous user.
- HP has the most reported vulnerabilities, with 27 reported vulnerabilities.
- Redhat has the most reported critical vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
9 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2016-06-10 | CVE-2016-4328 | Medhost | Hard Coded Credentials Authentication Bypass vulnerability in MEDHOST PIMS MEDHOST Perioperative Information Management System (aka PIMS or VPIMS) before 2015R1 has hardcoded credentials, which makes it easier for remote attackers to obtain sensitive information via direct requests to the application database server. | 10.0 |
2016-06-10 | CVE-2016-0916 | EMC | Improper Authentication vulnerability in EMC Networker EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance. | 10.0 |
2016-06-09 | CVE-2016-2310 | GE | Use of Hard-coded Credentials vulnerability in GE Multilink Firmware General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface. | 10.0 |
2016-06-10 | CVE-2016-5118 | Graphicsmagick Suse Oracle Opensuse Canonical Debian Imagemagick | The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. | 9.8 |
2016-06-09 | CVE-2016-4448 | HP Apple Xmlsoft Redhat Slackware Oracle Tenable Mcafee | Use of Externally-Controlled Format String vulnerability in multiple products Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. | 9.8 |
2016-06-09 | CVE-2016-0749 | Opensuse Debian Redhat Spice Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow. | 9.8 |
2016-06-07 | CVE-2016-4437 | Apache Redhat | Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter. | 9.8 |
2016-06-07 | CVE-2015-7611 | Apache | OS Command Injection vulnerability in Apache James Server 2.3.2 Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors. | 9.3 |
2016-06-08 | CVE-2016-2160 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat Openshift and Openshift Origin Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image. | 9.0 |
31 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2016-06-08 | CVE-2016-3738 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat Openshift 3.2 Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod. | 8.8 |
2016-06-07 | CVE-2016-3072 | Katello Redhat | SQL Injection vulnerability in multiple products Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter. | 8.8 |
2016-06-07 | CVE-2016-2335 | Opensuse Debian 7 ZIP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file. | 8.8 |
2016-06-08 | CVE-2016-2020 | HP | Unspecified vulnerability in HP products HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030. | 8.5 |
2016-06-07 | CVE-2015-5723 | Zend Debian Doctrine Project | Permissions, Privileges, and Access Controls vulnerability in multiple products Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code. | 7.8 |
2016-06-07 | CVE-2015-5260 | Redhat Debian Canonical Spice Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter. | 7.8 |
2016-06-08 | CVE-2016-2021 | HP | Unspecified vulnerability in HP products HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2022, and CVE-2016-2030. | 7.7 |
2016-06-08 | CVE-2016-2019 | HP | Unspecified vulnerability in HP products HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030. | 7.7 |
2016-06-08 | CVE-2015-8798 | Broadcom | Path Traversal vulnerability in Broadcom products Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary code via unspecified vectors. | 7.7 |
2016-06-10 | CVE-2016-3720 | Fedoraproject Fasterxml | XML External Entity Injection vulnerability in FasterXML Jackson XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors. | 7.5 |
2016-06-10 | CVE-2016-3706 | Opensuse GNU | Improper Input Validation vulnerability in multiple products Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. | 7.5 |
2016-06-10 | CVE-2016-2786 | Puppet | Improper Input Validation vulnerability in Puppet Agent and Puppet Enterprise The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate. | 7.5 |
2016-06-10 | CVE-2016-2785 | Puppet | Improper Access Control vulnerability in Puppet Puppet, Puppet Agent and Puppet Server Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding. | 7.5 |
2016-06-10 | CVE-2016-4326 | Chef | Remote Code Execution vulnerability in Chef Manage add-on The Chef Manage (formerly opscode-manage) add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie. | 7.5 |
2016-06-09 | CVE-2016-4447 | HP Canonical Debian Oracle Apple Xmlsoft Mcafee | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. | 7.5 |
2016-06-09 | CVE-2016-4523 | Trihedral | Out-of-bounds Read vulnerability in Trihedral Vtscada The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors. | 7.5 |
2016-06-08 | CVE-2016-5108 | Debian Videolan | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file. | 7.5 |
2016-06-08 | CVE-2016-4368 | HP | Improper Input Validation vulnerability in HP products HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21, and Universal Discovery 10.0 through 10.21 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | 7.5 |
2016-06-08 | CVE-2016-4366 | HP | Security vulnerability in HP Systems Insight Manager HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors. | 7.5 |
2016-06-08 | CVE-2016-4359 | HP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HP Loadrunner and Performance Center Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allows remote attackers to execute arbitrary code via a long -server_name value, aka ZDI-CAN-3516. | 7.5 |
2016-06-08 | CVE-2016-4357 | HP | Unspecified vulnerability in HP products HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2028. | 7.5 |
2016-06-08 | CVE-2016-2024 | HP | Security vulnerability in Multiple HP Products HPE Insight Control before 7.5.1 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors. | 7.5 |
2016-06-07 | CVE-2016-3087 | Apache | Improper Input Validation vulnerability in Apache Struts Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin. | 7.5 |
2016-06-07 | CVE-2015-7695 | Zend Debian | SQL Injection vulnerability in multiple products The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query. | 7.5 |
2016-06-07 | CVE-2014-9746 | Freetype Debian | Improper Input Validation vulnerability in multiple products The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font. | 7.5 |
2016-06-10 | CVE-2016-1420 | Cisco | Unspecified vulnerability in Cisco products The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347. | 7.2 |
2016-06-08 | CVE-2016-4364 | HP | Local Privilege Escalation vulnerability in HP Insight Control server deployment HPE Insight Control server deployment allows local users to gain privileges via unspecified vectors. | 7.2 |
2016-06-08 | CVE-2016-1418 | Cisco | Improper Input Validation vulnerability in Cisco Aironet Access Point Software 8.2(100.0) Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, 1850i, 2800, and 3800 access points allows local users to obtain Linux root access via crafted CLI command parameters, aka Bug ID CSCuy64037. | 7.2 |
2016-06-07 | CVE-2015-5228 | Opensuse Criu | Permissions, Privileges, and Access Controls vulnerability in multiple products The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path. | 7.2 |
2016-06-08 | CVE-2016-3708 | Redhat | Improper Access Control vulnerability in Redhat Openshift 3.2 Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary. | 7.1 |
2016-06-08 | CVE-2015-8799 | Broadcom | Path Traversal vulnerability in Broadcom products Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to write update-package data to arbitrary agent locations via unspecified vectors. | 7.1 |
45 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2016-06-10 | CVE-2016-4494 | KMC Controls | Cross-Site Request Forgery (CSRF) vulnerability in KMC Controls Bac-5051E Firmware Cross-site request forgery (CSRF) vulnerability on KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allows remote attackers to hijack the authentication of unspecified victims for requests that disclose the contents of a configuration file. | 6.8 |
2016-06-10 | CVE-2016-1419 | Cisco | Improper Input Validation vulnerability in Cisco Aironet Access Point Software 8.2(102.43) Cisco Access Point devices with software 8.2(102.43) allow remote attackers to cause a denial of service (device reload) via crafted ARP packets, aka Bug ID CSCuy55803. | 6.8 |
2016-06-07 | CVE-2016-4962 | Oracle XEN | Permissions, Privileges, and Access Controls vulnerability in multiple products The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore. | 6.8 |
2016-06-09 | CVE-2016-4370 | HPE | Remote Command Execution vulnerability in HP Project and Portfolio Management Center HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before 9.32.0002 allows remote authenticated users to execute arbitrary commands or obtain sensitive information via unspecified vectors. | 6.5 |
2016-06-08 | CVE-2016-2149 | Redhat | Information Exposure vulnerability in Redhat Openshift 3.2 Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace. | 6.5 |
2016-06-08 | CVE-2016-4369 | HP | Improper Access Control vulnerability in HP Discovery and Dependency Mapping Inventory 9.30/9.31/9.32 HPE Discovery and Dependency Mapping Inventory (DDMi) 9.30, 9.31, 9.32, 9.32 update 1, 9.32 update 2, and 9.32 update 3 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | 6.5 |
2016-06-08 | CVE-2015-8157 | Broadcom | SQL Injection vulnerability in Broadcom products SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2016-06-09 | CVE-2016-4532 | Trihedral | Path Traversal vulnerability in Trihedral Vtscada Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname. | 6.4 |
2016-06-09 | CVE-2016-4510 | Trihedral | Improper Authentication vulnerability in Trihedral Vtscada The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors. | 6.4 |
2016-06-08 | CVE-2016-4360 | HP | Remote Code Execution and Denial of Service vulnerability in HP Loadrunner and Performance Center web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555. | 6.4 |
2016-06-08 | CVE-2016-2029 | HP | Unspecified vulnerability in HP products HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4358. | 6.4 |
2016-06-08 | CVE-2016-2018 | HP | Unspecified vulnerability in HP products HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | 6.4 |
2016-06-06 | CVE-2015-5041 | IBM Suse Redhat | Information Exposure vulnerability in multiple products The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods. | 6.4 |
2016-06-10 | CVE-2016-4429 | Opensuse GNU Canonical | Out-of-bounds Write vulnerability in multiple products Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets. | 5.9 |
2016-06-10 | CVE-2016-3085 | Apache | 7PK - Security Features vulnerability in Apache Cloudstack Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin. | 5.8 |
2016-06-09 | CVE-2016-4449 | Debian Canonical Xmlsoft | Improper Input Validation vulnerability in multiple products XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. | 5.8 |
2016-06-08 | CVE-2016-2142 | Redhat | Information Exposure vulnerability in Redhat Openshift 3.1 Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file. | 5.5 |
2016-06-08 | CVE-2016-4362 | HP | Security Bypass vulnerability in HP Insight Control Server Deployment HPE Insight Control server deployment allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | 5.5 |
2016-06-08 | CVE-2016-2030 | HP | Unspecified vulnerability in HP products HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2022. | 5.5 |
2016-06-08 | CVE-2016-2028 | HP | Unspecified vulnerability in HP products HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4357. | 5.5 |
2016-06-08 | CVE-2016-2017 | HP | Unspecified vulnerability in HP products HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030. | 5.5 |
2016-06-08 | CVE-2016-3703 | Redhat | Improper Access Control vulnerability in Redhat Openshift 3.1/3.2 Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter. | 5.3 |
2016-06-07 | CVE-2016-3093 | Ognl Project Apache | Improper Input Validation vulnerability in multiple products Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors. | 5.3 |
2016-06-10 | CVE-2016-4495 | KMC Controls | Improper Access Control vulnerability in KMC Controls Bac-5051E Firmware KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow remote attackers to bypass intended access restrictions and read a configuration file via unspecified vectors. | 5.0 |
2016-06-10 | CVE-2016-1421 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(1) A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. | 5.0 |
2016-06-10 | CVE-2015-8268 | Idera | Information Exposure vulnerability in Idera Uptime Infrastructure Monitor 7.5/7.6 The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
2016-06-08 | CVE-2016-4367 | HP | Information Exposure vulnerability in HP Universal Cmbd Foundation The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
2016-06-08 | CVE-2016-4365 | HP | Information Disclosure vulnerability in HP Insight Control Server Deployment HPE Insight Control server deployment allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
2016-06-08 | CVE-2016-4361 | HP | Remote Code Execution and Denial of Service vulnerability in HP Loadrunner and Performance Center HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow remote attackers to cause a denial of service via unspecified vectors. | 5.0 |
2016-06-08 | CVE-2016-2027 | HP | Information Exposure vulnerability in HP products HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2026. | 5.0 |
2016-06-08 | CVE-2016-2026 | HP | Information Exposure vulnerability in HP products HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2027. | 5.0 |
2016-06-08 | CVE-2016-1405 | Clamav Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503. | 5.0 |
2016-06-07 | CVE-2016-4545 | F5 | Improper Input Validation vulnerability in F5 products Virtual servers in F5 BIG-IP 11.5.4, when SSL profiles are enabled, allow remote attackers to cause a denial of service (resource consumption and Traffic Management Microkernel restart) via an SSL alert during the handshake. | 5.0 |
2016-06-07 | CVE-2016-4450 | Canonical F5 Debian | NULL Pointer Dereference vulnerability in multiple products os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. | 5.0 |
2016-06-07 | CVE-2014-9747 | Freetype Debian | Resource Management Errors vulnerability in multiple products The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font. | 5.0 |
2016-06-08 | CVE-2015-8800 | Broadcom | Injection vulnerability in Broadcom products Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access. | 4.9 |
2016-06-08 | CVE-2016-4358 | HP | Unspecified vulnerability in HP products HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2029. | 4.8 |
2016-06-08 | CVE-2016-2022 | HP | Unspecified vulnerability in HP products HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2030. | 4.7 |
2016-06-07 | CVE-2016-5242 | XEN | Denial of Service vulnerability in Xen VMID Exhaustion The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS crash) by creating concurrent domains and holding references to them, related to VMID exhaustion. | 4.7 |
2016-06-10 | CVE-2016-5233 | Huawei | Information Exposure vulnerability in Huawei Mate 8 Firmware Huawei Mate 8 smartphones with software NXT-AL10 before NXT-AL10C00B182, NXT-CL00 before NXT-CL00C92B182, NXT-DL00 before NXT-DL00C17B182, and NXT-TL00 before NXT-TL00C01B182 allow remote base stations to obtain sensitive subscriber signal strength information via vectors involving improper security status verification, aka HWPSIRT-2015-12007. | 4.3 |
2016-06-10 | CVE-2016-0910 | EMC | Permissions, Privileges, and Access Controls vulnerability in EMC Data Domain OS EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors. | 4.3 |
2016-06-08 | CVE-2016-4363 | HP | Cross-site Scripting vulnerability in HP Insight Control Server Deployment HPE Insight Control server deployment allows remote attackers to modify data via unspecified vectors. | 4.3 |
2016-06-08 | CVE-2016-2078 | Microsoft Vmware | Cross-site Scripting vulnerability in VMWare Vcenter Server Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Windows allows remote attackers to inject arbitrary web script or HTML via the flashvars parameter. | 4.3 |
2016-06-07 | CVE-2013-7440 | Python | Data Processing Errors vulnerability in Python The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. | 4.3 |
2016-06-07 | CVE-2014-8177 | Redhat | Improper Access Control vulnerability in Redhat products The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined. | 4.0 |
11 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2016-06-09 | CVE-2016-2150 | Redhat Microsoft Opensuse Debian Spice Project | Improper Access Control vulnerability in multiple products SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261. | 3.6 |
2016-06-07 | CVE-2015-5261 | Canonical Redhat Debian Spice Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation. | 3.6 |
2016-06-08 | CVE-2016-3711 | Redhat | Information Exposure vulnerability in Redhat Openshift and Openshift Origin HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie. | 3.3 |
2016-06-10 | CVE-2016-4524 | ABB | Improper Access Control vulnerability in ABB Pcm600 ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords in unspecified temporary circumstances, which allows local users to obtain sensitive information via unknown vectors. | 2.1 |
2016-06-10 | CVE-2016-4516 | ABB | Information Exposure vulnerability in ABB Pcm600 ABB PCM600 before 2.7 improperly stores the main application password after a password change, which allows local users to obtain sensitive information via unspecified vectors. | 2.1 |
2016-06-09 | CVE-2016-1582 | Canonical | Information Exposure vulnerability in Canonical LXD and Ubuntu Linux LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors. | 2.1 |
2016-06-09 | CVE-2016-1581 | Canonical | Improper Access Control vulnerability in Canonical LXD and Ubuntu Linux LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors. | 2.1 |
2016-06-07 | CVE-2015-5231 | Criu Opensuse | Information Exposure vulnerability in multiple products The service daemon in CRIU does not properly restrict access to non-dumpable processes, which allows local users to obtain sensitive information via (1) process dumps or (2) ptrace access. | 2.1 |
2016-06-10 | CVE-2016-4527 | ABB | Credentials Management vulnerability in ABB Pcm600 ABB PCM600 before 2.7 improperly stores PCM600 authentication credentials, which allows local users to obtain sensitive information via unspecified vectors. | 1.9 |
2016-06-10 | CVE-2016-4511 | ABB | Cryptographic Issues vulnerability in ABB Pcm600 ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to the ACTConfig configuration file. | 1.9 |
2016-06-07 | CVE-2016-4963 | XEN | Improper Access Control vulnerability in XEN The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore. | 1.9 |