Weekly Vulnerabilities Reports > August 1 to 7, 2016

Overview

244 new vulnerabilities reported during this period, including 33 critical vulnerabilities and 56 high severity vulnerabilities. This weekly summary report vulnerabilities in 100 products from 47 vendors including Google, Linux, Mozilla, Wireshark, and PHP. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", and "Improper Access Control".

  • 202 reported vulnerabilities are remotely exploitables.
  • 13 reported vulnerabilities have public exploit available.
  • 36 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 234 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 102 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 25 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

33 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-08-05 CVE-2016-3840 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153.

10.0
2016-08-05 CVE-2014-9902 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management frame, aka Android internal bug 28668638 and Qualcomm internal bugs CR553937 and CR553941.

10.0
2016-08-05 CVE-2016-6147 SAP OS Command Injection vulnerability in SAP Trex 7.10

An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226.

10.0
2016-08-05 CVE-2016-6138 SAP Path Traversal vulnerability in SAP Trex 7.10

Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.

10.0
2016-08-03 CVE-2016-5670 Crestron Credentials Management vulnerability in Crestron Dm-Txrx-100-Str Firmware 1.2866.00026

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface.

10.0
2016-08-03 CVE-2016-5640 Crestron Command Injection vulnerability in Crestron Airmedia Am-100 Firmware

Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a ..

10.0
2016-08-06 CVE-2015-8942 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814652 and Qualcomm internal bug CR803246.

9.3
2016-08-06 CVE-2015-8941 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814502 and Qualcomm internal bug CR792473.

9.3
2016-08-06 CVE-2015-8940 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and Qualcomm internal bug CR792367.

9.3
2016-08-06 CVE-2015-8939 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28398884 and Qualcomm internal bug CR779021.

9.3
2016-08-06 CVE-2015-8938 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804030 and Qualcomm internal bug CR766022.

9.3
2016-08-06 CVE-2014-9891 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted application that makes an ioctl call, aka Android internal bug 28749283 and Qualcomm internal bug CR550061.

9.3
2016-08-06 CVE-2014-9890 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that sends an I2C command, aka Android internal bug 28770207 and Qualcomm internal bug CR529177.

9.3
2016-08-06 CVE-2014-9887 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804057 and Qualcomm internal bug CR636633.

9.3
2016-08-06 CVE-2014-9871 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28749803 and Qualcomm internal bug CR514717.

9.3
2016-08-06 CVE-2014-9870 Google
Linux
Permissions, Privileges, and Access Controls vulnerability in multiple products

The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal bug 28749743 and Qualcomm internal bug CR561044.

9.3
2016-08-06 CVE-2014-9869 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749728 and Qualcomm internal bug CR514711.

9.3
2016-08-06 CVE-2014-9867 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749629 and Qualcomm internal bug CR514702.

9.3
2016-08-06 CVE-2014-9866 Google Improper Input Validation vulnerability in Google Android

drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747684 and Qualcomm internal bug CR511358.

9.3
2016-08-06 CVE-2014-9865 Google Improper Access Control vulnerability in Google Android

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28748271 and Qualcomm internal bug CR550013.

9.3
2016-08-06 CVE-2014-9864 Google Improper Input Validation vulnerability in Google Android

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747998 and Qualcomm internal bug CR561841.

9.3
2016-08-06 CVE-2014-9863 Google Integer Overflow or Wraparound vulnerability in Google Android

Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug CR549470.

9.3
2016-08-05 CVE-2016-3857 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518.

9.3
2016-08-05 CVE-2016-3851 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X devices allows attackers to gain privileges by leveraging access to a privileged process, aka internal bug 29189941.

9.3
2016-08-05 CVE-2016-3845 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

The video driver in the kernel in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application, aka internal bug 28399876.

9.3
2016-08-05 CVE-2016-3844 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28299517.

9.3
2016-08-05 CVE-2016-3843 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071.

9.3
2016-08-05 CVE-2016-3842 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28377352 and Qualcomm internal bug CR1002974.

9.3
2016-08-05 CVE-2016-3833 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka internal bug 29189712.

9.3
2016-08-02 CVE-2016-6193 Huawei Permissions, Privileges, and Access Controls vulnerability in Huawei P8 Smartphone Firmware

Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6192.

9.3
2016-08-02 CVE-2016-6192 Huawei Permissions, Privileges, and Access Controls vulnerability in Huawei P8 Smartphone Firmware

Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6193.

9.3
2016-08-02 CVE-2016-3737 Redhat Improper Input Validation vulnerability in Redhat Jboss Operations Network

The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization.

9.0
2016-08-01 CVE-2016-1608 Novell Improper Access Control vulnerability in Novell Filr 1.2/2.0

vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer parameter.

9.0

56 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-08-05 CVE-2016-3832 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows attackers to bypass an unspecified protection mechanism via a crafted application, aka internal bug 28795098.

8.3
2016-08-07 CVE-2016-6515 Openbsd
Fedoraproject
Improper Input Validation vulnerability in multiple products

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.

7.8
2016-08-05 CVE-2014-9901 Google Improper Access Control vulnerability in Google Android

The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android internal bug 28670333 and Qualcomm internal bug CR548711.

7.8
2016-08-05 CVE-2016-3848 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28919417.

7.6
2016-08-05 CVE-2016-3846 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

The Serial Peripheral Interface driver in Android before 2016-08-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28817378.

7.6
2016-08-05 CVE-2016-6140 SAP Improper Access Control vulnerability in SAP Trex 7.10

SAP TREX 7.10 Revision 63 allows remote attackers to write to arbitrary files via vectors related to RFC-Gateway, aka SAP Security Note 2203591.

7.6
2016-08-05 CVE-2016-6139 SAP Arbitrary File Read vulnerability in SAP Trex 7.10

SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.

7.6
2016-08-07 CVE-2015-0573 Linux NULL Pointer Dereference vulnerability in Linux Kernel

drivers/media/platform/msm/broadcast/tsc.c in the TSC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via a crafted application that makes a TSC_GET_CARD_STATUS ioctl call.

7.5
2016-08-07 CVE-2016-5146 Google Multiple Security vulnerability in Google Chrome Prior to 52.0.2743.116

Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5
2016-08-07 CVE-2016-5144 Google Improper Access Control vulnerability in Google Chrome

The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5143.

7.5
2016-08-07 CVE-2016-5143 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144.

7.5
2016-08-07 CVE-2016-5142 Google Use After Free vulnerability in Google Chrome

The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp and SubtleCrypto.cpp.

7.5
2016-08-07 CVE-2016-5140 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome

Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000 data.

7.5
2016-08-07 CVE-2016-1951 Mozilla Integer Overflow or Wraparound vulnerability in Mozilla Netscape Portable Runtime

Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.

7.5
2016-08-07 CVE-2016-5773 PHP Use After Free vulnerability in PHP

php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.

7.5
2016-08-07 CVE-2016-5772 PHP Double Free vulnerability in PHP

Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.

7.5
2016-08-07 CVE-2016-5771 PHP Use After Free vulnerability in PHP

spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.

7.5
2016-08-07 CVE-2016-5770 PHP Integer Overflow or Wraparound vulnerability in PHP

Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096.

7.5
2016-08-07 CVE-2016-5769 PHP Integer Overflow or Wraparound vulnerability in PHP

Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions.

7.5
2016-08-07 CVE-2016-5768 PHP Double Free vulnerability in PHP

Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception.

7.5
2016-08-07 CVE-2016-5096 PHP Integer Overflow or Wraparound vulnerability in PHP

Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument.

7.5
2016-08-07 CVE-2016-5095 PHP Integer Overflow or Wraparound vulnerability in PHP

Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from a FILTER_SANITIZE_FULL_SPECIAL_CHARS filter_var call.

7.5
2016-08-07 CVE-2016-5094 PHP Integer Overflow or Wraparound vulnerability in PHP

Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function.

7.5
2016-08-07 CVE-2016-5093 PHP Out-of-bounds Read vulnerability in PHP

The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted locale_get_primary_language call.

7.5
2016-08-07 CVE-2016-3132 PHP Double Free vulnerability in PHP

Double free vulnerability in the SplDoublyLinkedList::offsetSet function in ext/spl/spl_dllist.c in PHP 7.x before 7.0.6 allows remote attackers to execute arbitrary code via a crafted index.

7.5
2016-08-07 CVE-2016-3078 PHP Integer Overflow or Wraparound vulnerability in PHP

Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class.

7.5
2016-08-05 CVE-2016-3821 Google NULL Pointer Dereference vulnerability in Google Android

libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference or memory corruption) via a crafted media file, aka internal bug 28166152.

7.5
2016-08-05 CVE-2016-3820 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 6.0/6.0.1

The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 mishandles slice numbers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28673410.

7.5
2016-08-05 CVE-2016-3819 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

Integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28533562.

7.5
2016-08-05 CVE-2016-2497 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

services/core/java/com/android/server/pm/PackageManagerService.java in the framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to increase intent-filter priority via a crafted application, aka internal bug 27450489.

7.5
2016-08-05 CVE-2016-4999 Redhat SQL Injection vulnerability in Redhat products

SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI.

7.5
2016-08-05 CVE-2016-6150 SAP Improper Access Control vulnerability in SAP Hana

The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550.

7.5
2016-08-05 CVE-2016-5261 Mozilla Integer Overflow or Wraparound vulnerability in Mozilla Firefox

Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering.

7.5
2016-08-05 CVE-2016-5254 Mozilla
Oracle
Use After Free vulnerability in multiple products

Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by leveraging keyboard access to use the Alt key during selection of top-level menu items.

7.5
2016-08-03 CVE-2016-5668 Crestron Multiple Security vulnerability in Crestron Dm-Txrx-100-Str Firmware 1.2866.00026

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call.

7.5
2016-08-03 CVE-2016-5667 Crestron Multiple Security vulnerability in Crestron Dm-Txrx-100-Str Firmware 1.2866.00026

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to a page other than index.html.

7.5
2016-08-02 CVE-2016-6178 Huawei Improper Input Validation vulnerability in Huawei products

Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with software before V800R007SPH019; NE5000E devices with software before V800R006SPH018; and CloudEngine devices 12800 with software before V100R003SPH010 and V100R005 before V100R005SPH006 allow remote attackers with control plane access to cause a denial of service or execute arbitrary code via a crafted packet.

7.5
2016-08-02 CVE-2016-5229 Atlassian Improper Access Control vulnerability in Atlassian Bamboo

Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization.

7.5
2016-08-01 CVE-2016-4837 EC Cube SQL Injection vulnerability in Ec-Cube Discount Coupon

SQL injection vulnerability in the Seed Coupon plugin before 1.6 for EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2016-08-01 CVE-2016-4373 HP Improper Access Control vulnerability in HP Operations Manager 9.20.0/9.21

The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

7.5
2016-08-07 CVE-2016-5340 Google
Linux
Improper Input Validation vulnerability in multiple products

The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name.

7.2
2016-08-07 CVE-2015-0568 Linux Use After Free vulnerability in Linux Kernel

Use-after-free vulnerability in the msm_set_crop function in drivers/media/video/msm/msm_camera.c in the MSM-Camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call.

7.2
2016-08-07 CVE-2014-9410 Linux Improper Input Validation vulnerability in Linux Kernel

The vfe31_proc_general function in drivers/media/video/msm/vfe/msm_vfe31.c in the MSM-VFE31 driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate a certain id value, which allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call.

7.2
2016-08-06 CVE-2016-6187 Linux Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel

The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 4.6.5 does not validate the buffer size, which allows local users to gain privileges by triggering an AppArmor setprocattr hook.

7.2
2016-08-06 CVE-2016-3841 Google
Linux
Use After Free vulnerability in multiple products

The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.

7.2
2016-08-06 CVE-2014-9888 Linux
Google
Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted application, aka Android internal bug 28803642 and Qualcomm internal bug CR642735.

7.2
2016-08-02 CVE-2016-6258 XEN
Citrix
Improper Access Control vulnerability in multiple products

The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.

7.2
2016-08-02 CVE-2016-2408 Pulsesecure
Microsoft
Permissions, Privileges, and Access Controls vulnerability in Pulsesecure products

An unspecified client-side component in Pulse Secure Desktop Client before 5.0r15.1, 5.1rX before 5.1r9.1, and 5.2rX before 5.2r4.1; Installer Service (formerly Juniper Installer Service) and Collaboration (formerly Secure Meeting) before 8.0r15.1, 8.1rX before 8.1r9.1, and 8.2rX before 8.2r4.1; and Odyssey Access Client before 5.6r18 on Windows allows local users to gain administrative privileges via unknown vectors.

7.2
2016-08-02 CVE-2016-1712 Paloaltonetworks Improper Input Validation vulnerability in Paloaltonetworks Pan-Os

Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper sanitization of the root_reboot local invocation.

7.2
2016-08-02 CVE-2016-1238 Debian
Perl
Permissions, Privileges, and Access Controls vulnerability in multiple products

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove .

7.2
2016-08-01 CVE-2016-1611 Novell Permissions, Privileges, and Access Controls vulnerability in Novell Filr 1.2/2.0

Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's content with arbitrary shell commands.

7.2
2016-08-05 CVE-2016-3830 Google Improper Input Validation vulnerability in Google Android

codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device hang or reboot) via crafted ADTS data, aka internal bug 29153599.

7.1
2016-08-05 CVE-2016-3829 Google Encoding Error vulnerability in Google Android 6.0/6.0.1

The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 does not initialize certain structure members, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29023649.

7.1
2016-08-05 CVE-2016-3828 Google Encoding Error vulnerability in Google Android 6.0/6.0.1

decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS NAL units, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28835995.

7.1
2016-08-05 CVE-2016-3827 Google Encoding Error vulnerability in Google Android

codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28816956.

7.1
2016-08-05 CVE-2016-1276 Juniper Resource Management Errors vulnerability in Juniper Junos

Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D23, 12.3X48 before 12.3X48-D25, and 15.1X49 before 15.1X49-D40 on a High-End SRX-Series chassis system with one or more Application Layer Gateways (ALGs) enabled allow remote attackers to cause a denial of service (CPU consumption, fab link failure, or flip-flop failovers) via vectors related to in-transit traffic matching ALG rules.

7.1

146 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-08-07 CVE-2016-2064 Linux Out-of-bounds Read vulnerability in Linux Kernel

sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted application that makes an ioctl call specifying many commands.

6.9
2016-08-06 CVE-2014-9868 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted mask value, aka Android internal bug 28749721 and Qualcomm internal bug CR511976.

6.9
2016-08-05 CVE-2016-3850 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted header field in a boot image, aka Android internal bug 27917291 and Qualcomm internal bug CR945164.

6.9
2016-08-05 CVE-2016-3849 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

The ION driver in Android before 2016-08-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28939740.

6.9
2016-08-05 CVE-2016-3847 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28871433.

6.9
2016-08-05 CVE-2016-2504 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Qualcomm internal bug CR1002974.

6.9
2016-08-05 CVE-2016-1278 Juniper Improper Authentication vulnerability in Juniper Junos 12.1X44/12.1X46

Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to "safe mode" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the "request system software" command with the "partition" option.

6.9
2016-08-07 CVE-2016-2065 Linux Out-of-bounds Write vulnerability in Linux Kernel

sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (out-of-bounds write and memory corruption) or possibly have unspecified other impact via a crafted application that makes an ioctl call triggering incorrect use of a parameters pointer.

6.8
2016-08-07 CVE-2016-5145 Google 7PK - Security Features vulnerability in Google Chrome

Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.

6.8
2016-08-07 CVE-2016-5139 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome 52.0.2743.82

Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.

6.8
2016-08-07 CVE-2016-6635 Wordpress Cross-Site Request Forgery (CSRF) vulnerability in Wordpress

Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option.

6.8
2016-08-07 CVE-2016-5767 Libgd
PHP
Integer Overflow or Wraparound vulnerability in Libgd

Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions.

6.8
2016-08-07 CVE-2016-5766 Redhat
Freebsd
Libgd
PHP
Fedoraproject
Debian
Integer Overflow or Wraparound vulnerability in multiple products

Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.

6.8
2016-08-07 CVE-2013-7456 Libgd
PHP
Out-of-bounds Read vulnerability in Libgd 2.1.0

gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function.

6.8
2016-08-06 CVE-2016-3856 Google Data Processing Errors vulnerability in Google Android

netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR959631.

6.8
2016-08-06 CVE-2016-3855 Google Out-of-bounds Read vulnerability in Google Android

drivers/thermal/supply_lm_core.c in the Qualcomm components in Android before 2016-08-05 does not validate a certain count parameter, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR990824.

6.8
2016-08-06 CVE-2016-3854 Google Out-of-bounds Read vulnerability in Google Android

drivers/media/video/msm/msm_mctl_buf.c in the Qualcomm components in Android before 2016-08-05 does not validate the image mode, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR897326.

6.8
2016-08-06 CVE-2015-8943 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815158 and Qualcomm internal bugs CR794217 and CR836226.

6.8
2016-08-06 CVE-2015-8937 Google Data Processing Errors vulnerability in Google Android

drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803962 and Qualcomm internal bug CR770548.

6.8
2016-08-06 CVE-2014-9889 Google Improper Input Validation vulnerability in Google Android

drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803645 and Qualcomm internal bug CR674712.

6.8
2016-08-06 CVE-2014-9886 Google Improper Input Validation vulnerability in Google Android

arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815575 and Qualcomm internal bug CR555030.

6.8
2016-08-06 CVE-2014-9885 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug 28769959 and Qualcomm internal bug CR562261.

6.8
2016-08-06 CVE-2014-9884 Google Improper Input Validation vulnerability in Google Android

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769920 and Qualcomm internal bug CR580740.

6.8
2016-08-06 CVE-2014-9883 Google Integer Underflow (Wrap or Wraparound) vulnerability in Google Android

Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28769912 and Qualcomm internal bug CR565160.

6.8
2016-08-06 CVE-2014-9882 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546 and Qualcomm internal bug CR552329.

6.8
2016-08-06 CVE-2014-9881 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application, aka Android internal bug 28769368 and Qualcomm internal bug CR539008.

6.8
2016-08-06 CVE-2014-9880 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769352 and Qualcomm internal bug CR556356.

6.8
2016-08-06 CVE-2014-9879 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221 and Qualcomm internal bug CR524490.

6.8
2016-08-06 CVE-2014-9878 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769208 and Qualcomm internal bug CR547479.

6.8
2016-08-06 CVE-2014-9877 Google Data Processing Errors vulnerability in Google Android

drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28768281 and Qualcomm internal bug CR547231.

6.8
2016-08-06 CVE-2014-9876 Google Numeric Errors vulnerability in Google Android

drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28767796 and Qualcomm internal bug CR483408.

6.8
2016-08-06 CVE-2014-9875 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal bug 28767589 and Qualcomm internal bug CR483310.

6.8
2016-08-06 CVE-2014-9874 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mach-msm/qdsp6v2/audio_utils.c and sound/soc/msm/qdsp6v2/q6asm.c, aka Android internal bug 28751152 and Qualcomm internal bug CR563086.

6.8
2016-08-06 CVE-2014-9873 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm internal bug CR556860.

6.8
2016-08-06 CVE-2014-9872 Google Improper Input Validation vulnerability in Google Android

The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28750155 and Qualcomm internal bug CR590721.

6.8
2016-08-05 CVE-2016-3822 Google
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315.

6.8
2016-08-05 CVE-2016-5392 Redhat Information Exposure vulnerability in Redhat Openshift 3.2

The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list.

6.8
2016-08-05 CVE-2016-1513 Apache Out-of-bounds Read vulnerability in Apache Openoffice

The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP file.

6.8
2016-08-05 CVE-2016-5264 Mozilla
Oracle
Use After Free vulnerability in multiple products

Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application.

6.8
2016-08-05 CVE-2016-5263 Mozilla
Oracle
Incorrect Type Conversion or Cast vulnerability in multiple products

The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion."

6.8
2016-08-05 CVE-2016-5259 Mozilla
Oracle
Use After Free vulnerability in multiple products

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop.

6.8
2016-08-05 CVE-2016-5258 Oracle
Mozilla
Use After Free vulnerability in multiple products

Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session.

6.8
2016-08-05 CVE-2016-5255 Mozilla Use After Free vulnerability in Mozilla Firefox

Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.

6.8
2016-08-05 CVE-2016-5252 Oracle
Mozilla
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations.

6.8
2016-08-05 CVE-2016-2838 Mozilla Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox and Firefox ESR

Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document.

6.8
2016-08-05 CVE-2016-2837 Mozilla
Oracle
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass.

6.8
2016-08-05 CVE-2016-2836 Mozilla Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox and Firefox ESR

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors.

6.8
2016-08-05 CVE-2016-2835 Mozilla Multiple Security vulnerability in Mozilla Firefox

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

6.8
2016-08-03 CVE-2016-5671 Crestron Cross-Site Request Forgery (CSRF) vulnerability in Crestron Dm-Txrx-100-Str Firmware

Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of arbitrary users.

6.8
2016-08-01 CVE-2016-5138 Google Integer Overflow or Wraparound vulnerability in Google Chrome

Integer overflow in the kbasep_vinstr_attach_client function in midgard/mali_kbase_vinstr.c in Google Chrome before 52.0.2743.85 allows remote attackers to cause a denial of service (heap-based buffer overflow and use-after-free) by leveraging an unrestricted multiplication.

6.8
2016-08-01 CVE-2016-1605 Netiq Path Traversal vulnerability in Netiq Sentinel 7.4/7.4.1

Directory traversal vulnerability in the ReportViewServlet servlet in the server in NetIQ Sentinel 7.4.x before 7.4.2 allows remote attackers to read arbitrary files via a PREVIEW value for the fileType field.

6.8
2016-08-01 CVE-2016-1607 Novell Cross-Site Request Forgery (CSRF) vulnerability in Novell Filr 1.2/2.0

Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request.

6.5
2016-08-07 CVE-2016-5116 Libgd
PHP
Opensuse
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.

6.4
2016-08-07 CVE-2016-5114 PHP Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP

sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer overflow) via a long string, as demonstrated by a long URI in a configuration with custom REQUEST_URI logging.

6.4
2016-08-06 CVE-2016-5696 Google
Oracle
Linux
Information Exposure vulnerability in multiple products

net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.

5.8
2016-08-05 CVE-2016-5266 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox

Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site.

5.8
2016-08-01 CVE-2016-5672 Intel Improper Input Validation vulnerability in Intel Crosswalk 19.49.514.4

Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for man-in-the-middle attackers to spoof SSL servers and obtain sensitive information via a crafted certificate.

5.8
2016-08-01 CVE-2016-4834 Vtiger Permissions, Privileges, and Access Controls vulnerability in Vtiger CRM

modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors.

5.5
2016-08-07 CVE-2015-3854 Google Improper Access Control vulnerability in Google Android

packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug 20918350.

5.0
2016-08-07 CVE-2016-5141 Google Improper Input Validation vulnerability in Google Chrome

Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.cpp and ScopedPageLoadDeferrer.cpp.

5.0
2016-08-07 CVE-2016-4029 Wordpress Improper Authorization vulnerability in Wordpress

WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.

5.0
2016-08-07 CVE-2016-6128 Debian
Opensuse
Libgd
Canonical
Improper Input Validation vulnerability in multiple products

The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.

5.0
2016-08-05 CVE-2016-3831 Google Improper Input Validation vulnerability in Google Android

The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device crash) via a NITZ time value of 2038-01-19 or later that is mishandled by the system clock, aka internal bug 29083635, related to a "Year 2038 problem."

5.0
2016-08-05 CVE-2016-6148 SAP Improper Input Validation vulnerability in SAP Hana 1.00.73.00.389160

SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 2233136.

5.0
2016-08-05 CVE-2016-6145 SAP Information Exposure vulnerability in SAP Hana DB 1.00.091.00.1418659308

The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailed_error_on_connect option is not supported or is configured as "False," which allows remote attackers to enumerate database users via a series of login attempts, aka SAP Security Note 2216869.

5.0
2016-08-05 CVE-2016-5250 Mozilla Information Exposure vulnerability in Mozilla Firefox

Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.

5.0
2016-08-03 CVE-2016-5669 Crestron Multiple Security vulnerability in Crestron Dm-Txrx-100-Str Firmware 1.2866.00026

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attacks against HTTPS sessions by leveraging the certificate's trust relationship.

5.0
2016-08-03 CVE-2016-5666 Crestron Multiple Security vulnerability in Crestron Dm-Txrx-100-Str Firmware 1.2866.00026

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of objresp.authenabled to 1.

5.0
2016-08-03 CVE-2016-5639 Crestron Path Traversal vulnerability in Crestron Airmedia Am-100 Firmware

Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a ..

5.0
2016-08-02 CVE-2016-6232 Canonical
KDE
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.

5.0
2016-08-01 CVE-2016-2180 Openssl
Oracle
Out-of-bounds Read vulnerability in multiple products

The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.

5.0
2016-08-01 CVE-2016-1610 Novell Path Traversal vulnerability in Novell Filr 1.2/2.0

Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access restrictions and write to arbitrary files via a ..

5.0
2016-08-01 CVE-2016-1461 Cisca Improper Input Validation vulnerability in Cisca Email Security Appliance

Cisco AsyncOS on Email Security Appliance (ESA) devices through 9.7.0-125 allows remote attackers to bypass malware detection via a crafted attachment in an e-mail message, aka Bug ID CSCuz14932.

5.0
2016-08-06 CVE-2016-6198 Linux
Oracle
Improper Access Control vulnerability in Linux Kernel

The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c.

4.9
2016-08-06 CVE-2016-6197 Oracle
Linux
Improper Input Validation vulnerability in multiple products

fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink.

4.9
2016-08-06 CVE-2016-5400 Linux Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel

Memory leak in the airspy_probe function in drivers/media/usb/airspy/airspy.c in the airspy USB driver in the Linux kernel before 4.7 allows local users to cause a denial of service (memory consumption) via a crafted USB device that emulates many VFL_TYPE_SDR or VFL_TYPE_SUBDEV devices and performs many connect and disconnect operations.

4.9
2016-08-05 CVE-2016-3853 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

Google Play services in Android before 2016-08-05 on Nexus devices allow local users to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26803208.

4.9
2016-08-02 CVE-2016-6259 XEN
Citrix
Improper Input Validation vulnerability in multiple products

Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.

4.9
2016-08-02 CVE-2016-5403 Canonical
Oracle
Qemu
Debian
Redhat
Resource Exhaustion vulnerability in multiple products

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

4.9
2016-08-06 CVE-2016-6480 Linux Race Condition vulnerability in Linux Kernel

Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability.

4.7
2016-08-05 CVE-2016-5253 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox

The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link.

4.7
2016-08-07 CVE-2016-2063 Linux Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel

Stack-based buffer overflow in the supply_lm_input_write function in drivers/thermal/supply_lm_core.c in the MSM Thermal driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application that sends a large amount of data through the debugfs interface.

4.6
2016-08-06 CVE-2016-6162 Linux Improper Input Validation vulnerability in Linux Kernel 4.7

net/core/skbuff.c in the Linux kernel 4.7-rc6 allows local users to cause a denial of service (panic) or possibly have unspecified other impact via certain IPv6 socket operations.

4.6
2016-08-06 CVE-2016-5412 Linux Resource Management Errors vulnerability in Linux Kernel

arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite loop) by making a H_CEDE hypercall during the existence of a suspended transaction.

4.6
2016-08-06 CVE-2016-3070 Debian
Linux
NULL Pointer Dereference vulnerability in multiple products

The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move.

4.6
2016-08-05 CVE-2016-3826 Google Improper Input Validation vulnerability in Google Android

services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the reply size for an AudioFlinger effect command, which allows attackers to gain privileges via a crafted application, aka internal bug 29251553.

4.6
2016-08-05 CVE-2016-3825 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allocates an incorrect amount of memory, which allows attackers to gain privileges via a crafted application, aka internal bug 28816964.

4.6
2016-08-05 CVE-2016-3824 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the buffer port, which allows attackers to gain privileges via a crafted application, aka internal bug 28816827.

4.6
2016-08-05 CVE-2016-3823 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to gain privileges via a crafted application, aka internal bug 28815329.

4.6
2016-08-02 CVE-2016-6185 Perl
Fedoraproject
Debian
Oracle
Canonical
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.
4.6
2016-08-06 CVE-2016-6516 Linux Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel

Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (heap-based buffer overflow) or possibly gain privileges by changing a certain count value, aka a "double fetch" vulnerability.

4.4
2016-08-07 CVE-2016-6634 Wordpress Cross-site Scripting vulnerability in Wordpress

Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2016-08-07 CVE-2016-5359 Wireshark Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Wireshark

epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted packet.

4.3
2016-08-07 CVE-2016-5358 Wireshark
Oracle
Improper Input Validation vulnerability in multiple products

epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3
2016-08-07 CVE-2016-5357 Wireshark
Oracle
Improper Input Validation vulnerability in multiple products

wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

4.3
2016-08-07 CVE-2016-5356 Wireshark Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Wireshark

wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

4.3
2016-08-07 CVE-2016-5355 Wireshark Improper Input Validation vulnerability in Wireshark

wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

4.3
2016-08-07 CVE-2016-5354 Wireshark NULL Pointer Dereference vulnerability in Wireshark

The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3
2016-08-07 CVE-2016-5353 Wireshark Improper Input Validation vulnerability in Wireshark

epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3
2016-08-07 CVE-2016-5352 Wireshark Out-of-bounds Read vulnerability in Wireshark

epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3
2016-08-07 CVE-2016-5351 Wireshark Improper Input Validation vulnerability in Wireshark

epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3
2016-08-07 CVE-2016-5350 Wireshark Resource Management Errors vulnerability in Wireshark

epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

4.3
2016-08-07 CVE-2015-8935 PHP Cross-site Scripting vulnerability in PHP

The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.

4.3
2016-08-06 CVE-2016-6513 Wireshark Resource Management Errors vulnerability in Wireshark

epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3
2016-08-06 CVE-2016-6512 Wireshark Improper Input Validation vulnerability in Wireshark

epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors.

4.3
2016-08-06 CVE-2016-6511 Wireshark Resource Management Errors vulnerability in Wireshark

epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large loop) via a crafted packet.

4.3
2016-08-06 CVE-2016-6510 Wireshark Numeric Errors vulnerability in Wireshark

Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.

4.3
2016-08-06 CVE-2016-6509 Wireshark Improper Input Validation vulnerability in Wireshark

epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 mishandles conversations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3
2016-08-06 CVE-2016-6508 Wireshark Resource Management Errors vulnerability in Wireshark

epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet.

4.3
2016-08-06 CVE-2016-6507 Wireshark Resource Management Errors vulnerability in Wireshark

epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

4.3
2016-08-06 CVE-2016-6506 Wireshark Resource Management Errors vulnerability in Wireshark

epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

4.3
2016-08-06 CVE-2016-6505 Wireshark Divide By Zero vulnerability in Wireshark

epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.

4.3
2016-08-06 CVE-2016-6504 Wireshark NULL Pointer Dereference vulnerability in Wireshark

epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.

4.3
2016-08-06 CVE-2016-6503 Wireshark Improper Input Validation vulnerability in Wireshark

The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3
2016-08-06 CVE-2015-8944 Google
Linux
Information Exposure vulnerability in multiple products

The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information by reading this file, aka Android internal bug 28814213 and Qualcomm internal bug CR786116.

4.3
2016-08-06 CVE-2014-9900 Google
Linux
Information Exposure vulnerability in multiple products

The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754.

4.3
2016-08-06 CVE-2014-9899 Google Information Exposure vulnerability in Google Android

drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28803909 and Qualcomm internal bug CR547910.

4.3
2016-08-06 CVE-2014-9898 Google Information Exposure vulnerability in Google Android

arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28814690 and Qualcomm internal bug CR554575.

4.3
2016-08-06 CVE-2014-9897 Google Information Exposure vulnerability in Google Android

sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28769856 and Qualcomm internal bug CR563752.

4.3
2016-08-06 CVE-2014-9896 Google Information Exposure vulnerability in Google Android

drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28767593 and Qualcomm internal bug CR551795.

4.3
2016-08-06 CVE-2014-9895 Google
Linux
Information Exposure vulnerability in multiple products

drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28750150 and Qualcomm internal bug CR570757, a different vulnerability than CVE-2014-1739.

4.3
2016-08-06 CVE-2014-9894 Google Information Exposure vulnerability in Google Android

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\0' character, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28749708 and Qualcomm internal bug CR545736.

4.3
2016-08-06 CVE-2014-9893 Google Information Exposure vulnerability in Google Android

drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28747914 and Qualcomm internal bug CR542223.

4.3
2016-08-06 CVE-2014-9892 Google
Linux
Information Exposure vulnerability in multiple products

The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.

4.3
2016-08-05 CVE-2016-3852 Google Information Exposure vulnerability in Google Android

The MediaTek Wi-Fi driver in Android before 2016-08-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29141147 and MediaTek internal bug ALPS02751738.

4.3
2016-08-05 CVE-2016-3839 Google Improper Access Control vulnerability in Google Android

Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of Bluetooth 911 functionality) via a crafted application that sends a signal to a Bluetooth process, aka internal bug 28885210.

4.3
2016-08-05 CVE-2016-3838 Google Improper Access Control vulnerability in Google Android 6.0/6.0.1

Android 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of locked-screen 911 functionality) via a crafted application that uses the app-pinning feature, aka internal bug 28761672.

4.3
2016-08-05 CVE-2016-3837 Google Information Exposure vulnerability in Google Android

service/jni/com_android_server_wifi_WifiNative.cpp in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application that provides a MAC address with too few characters, aka internal bug 28164077.

4.3
2016-08-05 CVE-2016-3836 Google Information Exposure vulnerability in Google Android

The SurfaceFlinger service in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application, related to lack of a default constructor in include/ui/FrameStats.h, aka internal bug 28592402.

4.3
2016-08-05 CVE-2016-3835 Google Information Exposure vulnerability in Google Android

The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 28920116.

4.3
2016-08-05 CVE-2016-3834 Google Information Exposure vulnerability in Google Android

The camera APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allow attackers to bypass intended access restrictions and obtain sensitive information about ANW buffer addresses via a crafted application, aka internal bug 28466701.

4.3
2016-08-05 CVE-2016-6186 Debian
Djangoproject
Cross-site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.

4.3
2016-08-05 CVE-2016-6144 SAP Improper Access Control vulnerability in SAP Hana 1.0/1.00

The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the password_lock_for_system_user is not supported or is configured as "False," which makes it easier for remote attackers to bypass authentication via a brute force attack, aka SAP Security Note 2216869.

4.3
2016-08-05 CVE-2016-5000 Apache XXE vulnerability in Apache POI

The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

4.3
2016-08-05 CVE-2016-3097 Redhat Cross-site Scripting vulnerability in Redhat Network Satellite 5.7

Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data.

4.3
2016-08-05 CVE-2016-3080 Redhat Cross-site Scripting vulnerability in Redhat Network Satellite 5.7

Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via the (1) RHNMD User or (2) Filesystem parameters, related to display of monitoring probes.

4.3
2016-08-05 CVE-2016-5268 Mozilla 7PK - Security Features vulnerability in Mozilla Firefox

Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to conduct spoofing attacks via a crafted URL, as demonstrated by misleading text after an about:neterror?d= substring.

4.3
2016-08-05 CVE-2016-5267 Mozilla
Google
Improper Input Validation vulnerability in Mozilla Firefox

Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set.

4.3
2016-08-05 CVE-2016-5262 Mozilla
Oracle
Cross-site Scripting vulnerability in multiple products

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.

4.3
2016-08-05 CVE-2016-5260 Mozilla Information Exposure vulnerability in Mozilla Firefox

Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which might allow attackers to discover cleartext passwords by reading a session restoration file.

4.3
2016-08-05 CVE-2016-5251 Mozilla Improper Input Validation vulnerability in Mozilla Firefox

Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL.

4.3
2016-08-05 CVE-2016-2839 Linux
Ffmpeg
Mozilla
Improper Input Validation vulnerability in Mozilla Firefox and Firefox ESR

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video.

4.3
2016-08-05 CVE-2016-2830 Mozilla Information Exposure vulnerability in Mozilla Firefox and Firefox ESR

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses.

4.3
2016-08-03 CVE-2016-4833 Nofollow Links Project Cross-site Scripting vulnerability in Nofollow Links Project Nofollow Links

Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin before 1.0.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2016-08-05 CVE-2016-5265 Oracle
Mozilla
Information Exposure vulnerability in multiple products

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same local directory.

4.0
2016-08-01 CVE-2016-3120 MIT NULL Pointer Dereference vulnerability in MIT Kerberos 5

The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.

4.0

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-08-05 CVE-2016-0782 Apache Cross-site Scripting vulnerability in Apache Activemq

The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue.

3.5
2016-08-05 CVE-2016-3196 Fortinet Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware

Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section.

3.5
2016-08-01 CVE-2016-1609 Novell Cross-site Scripting vulnerability in Novell Filr 1.2/2.0

Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input, as demonstrated by a crafted attribute of an IMG element in the phone field of a user profile.

3.5
2016-08-02 CVE-2016-6257 Amazonbasics
Dell
Logitech
Lenovo
Cryptographic Issues vulnerability in multiple products

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack."

3.3
2016-08-05 CVE-2016-6149 SAP Information Exposure vulnerability in SAP Hana Sps09 1.00.091.00.14186593

SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging the EXPORT statement to export files, aka SAP Security Note 2252941.

2.1
2016-08-05 CVE-2016-3640 SAP Information Exposure vulnerability in SAP Hana DB 1.00.091.00.14186593

The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905.

2.1
2016-08-06 CVE-2016-6156 Linux Race Condition vulnerability in Linux Kernel

Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a "double fetch" vulnerability.

1.9
2016-08-06 CVE-2016-6136 Linux Race Condition vulnerability in Linux Kernel

Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability.

1.9
2016-08-05 CVE-2015-8945 Openshift Credentials Management vulnerability in Openshift Origin

openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal.

1.9