Weekly Vulnerabilities Reports > September 12 to 18, 2016

Overview

159 new vulnerabilities reported during this period, including 28 critical vulnerabilities and 53 high severity vulnerabilities. This weekly summary report vulnerabilities in 96 products from 21 vendors including Microsoft, Adobe, PHP, Cisco, and Apple. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", "Out-of-bounds Write", "Use After Free", and "Permissions, Privileges, and Access Controls".

  • 142 reported vulnerabilities are remotely exploitables.
  • 7 reported vulnerabilities have public exploit available.
  • 21 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 149 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 53 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 16 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

28 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-09-17 CVE-2016-6938 Apple
Microsoft
Adobe
Use After Free vulnerability in Adobe products

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4255.

10.0
2016-09-17 CVE-2016-6937 Apple
Microsoft
Adobe
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, CVE-2016-4269, and CVE-2016-4270.

10.0
2016-09-16 CVE-2016-4263 Adobe Use After Free vulnerability in Adobe Digital Editions

Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspecified vectors.

10.0
2016-09-16 CVE-2016-4262 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Digital Editions

Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, and CVE-2016-4261.

10.0
2016-09-16 CVE-2016-4261 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Digital Editions

Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, and CVE-2016-4262.

10.0
2016-09-16 CVE-2016-4260 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Digital Editions

Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4261, and CVE-2016-4262.

10.0
2016-09-16 CVE-2016-4259 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Digital Editions

Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4260, CVE-2016-4261, and CVE-2016-4262.

10.0
2016-09-16 CVE-2016-4258 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Digital Editions

Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4257, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, and CVE-2016-4262.

10.0
2016-09-16 CVE-2016-4257 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Digital Editions

Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, and CVE-2016-4262.

10.0
2016-09-16 CVE-2016-4256 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Digital Editions

Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, and CVE-2016-4262.

10.0
2016-09-16 CVE-2016-6303 Nodejs
Openssl
Out-of-bounds Write vulnerability in multiple products

Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

9.8
2016-09-16 CVE-2016-2182 HP
Openssl
Oracle
Out-of-bounds Write vulnerability in multiple products

The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

9.8
2016-09-17 CVE-2016-1482 Cisco OS Command Injection vulnerability in Cisco Webex Meetings Server 2.6.0

Cisco WebEx Meetings Server 2.6 allows remote attackers to execute arbitrary commands by injecting these commands into an application script, aka Bug ID CSCuy83130.

9.3
2016-09-14 CVE-2016-3381 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Excel, Excel Viewer and Office Compatibility Pack

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3363.

9.3
2016-09-14 CVE-2016-3367 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Silverlight 5.0

StringBuilder in Microsoft Silverlight 5 before 5.1.50709.0 does not properly allocate memory for string-insert and string-append operations, which allows remote attackers to execute arbitrary code via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability."

9.3
2016-09-14 CVE-2016-3365 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3362.

9.3
2016-09-14 CVE-2016-3364 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Visio 2016

Microsoft Visio 2016 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3
2016-09-14 CVE-2016-3362 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3365.

9.3
2016-09-14 CVE-2016-3361 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Excel 2010

Microsoft Excel 2010 SP2 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3
2016-09-14 CVE-2016-3360 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP1, PowerPoint 2013 RT SP1, PowerPoint 2016 for Mac, Office Compatibility Pack SP3, PowerPoint Viewer, SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3
2016-09-14 CVE-2016-3359 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Excel, Excel Viewer and Office Compatibility Pack

Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3
2016-09-14 CVE-2016-3358 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3
2016-09-14 CVE-2016-3357 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, SharePoint Server 2013 SP1, Excel Automation Services on SharePoint Server 2013 SP1, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3
2016-09-14 CVE-2016-3356 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Windows 10 1607

The Graphics Device Interface (GDI) in Microsoft Windows 10 1607 allows remote attackers to execute arbitrary code via a crafted document, aka "GDI Remote Code Execution Vulnerability."

9.3
2016-09-14 CVE-2016-3348 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

9.3
2016-09-17 CVE-2016-5843 Otrs SQL Injection vulnerability in Otrs FAQ

Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters.

9.0
2016-09-14 CVE-2016-3368 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow remote authenticated users to execute arbitrary code by leveraging a domain account to make a crafted request, aka "Windows Remote Code Execution Vulnerability."

9.0
2016-09-14 CVE-2016-3345 Microsoft Improper Access Control vulnerability in Microsoft products

The SMBv1 server in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Authenticated Remote Code Execution Vulnerability."

9.0

53 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-09-14 CVE-2016-6932 Adobe Use After Free vulnerability in Adobe Flash Player

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, and CVE-2016-6931.

8.8
2016-09-14 CVE-2016-6931 Adobe Use After Free vulnerability in Adobe Flash Player

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, and CVE-2016-6932.

8.8
2016-09-14 CVE-2016-6930 Adobe Use After Free vulnerability in Adobe Flash Player

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6931, and CVE-2016-6932.

8.8
2016-09-14 CVE-2016-6929 Adobe Use After Free vulnerability in Adobe Flash Player

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.

8.8
2016-09-14 CVE-2016-6927 Adobe Use After Free vulnerability in Adobe Flash Player

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.

8.8
2016-09-14 CVE-2016-6926 Adobe Use After Free vulnerability in Adobe Flash Player

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.

8.8
2016-09-14 CVE-2016-6925 Adobe Use After Free vulnerability in Adobe Flash Player

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.

8.8
2016-09-14 CVE-2016-6924 Adobe Out-of-bounds Write vulnerability in Adobe Flash Player

Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, and CVE-2016-6922.

8.8
2016-09-14 CVE-2016-6923 Adobe Use After Free vulnerability in Adobe Flash Player

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.

8.8
2016-09-14 CVE-2016-6922 Adobe Out-of-bounds Write vulnerability in Adobe Flash Player

Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, and CVE-2016-6924.

8.8
2016-09-14 CVE-2016-6921 Adobe Use After Free vulnerability in Adobe Flash Player

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.

8.8
2016-09-14 CVE-2016-4287 Adobe Integer Overflow or Wraparound vulnerability in Adobe Flash Player

Integer overflow in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors.

8.8
2016-09-14 CVE-2016-4285 Adobe Out-of-bounds Write vulnerability in Adobe Flash Player

Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-6922, and CVE-2016-6924.

8.8
2016-09-14 CVE-2016-4284 Adobe Out-of-bounds Write vulnerability in Adobe Flash Player

Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.

8.8
2016-09-14 CVE-2016-4283 Adobe Out-of-bounds Write vulnerability in Adobe Flash Player

Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.

8.8
2016-09-14 CVE-2016-4282 Adobe Out-of-bounds Write vulnerability in Adobe Flash Player

Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.

8.8
2016-09-14 CVE-2016-4281 Adobe Out-of-bounds Write vulnerability in Adobe Flash Player

Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.

8.8
2016-09-14 CVE-2016-4280 Adobe Out-of-bounds Write vulnerability in Adobe Flash Player

Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.

8.8
2016-09-14 CVE-2016-4279 Adobe Use After Free vulnerability in Adobe Flash Player

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.

8.8
2016-09-14 CVE-2016-4276 Adobe Out-of-bounds Write vulnerability in Adobe Flash Player

Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.

8.8
2016-09-14 CVE-2016-4275 Adobe Out-of-bounds Write vulnerability in Adobe Flash Player

Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.

8.8
2016-09-14 CVE-2016-4274 Adobe Out-of-bounds Write vulnerability in Adobe Flash Player

Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.

8.8
2016-09-14 CVE-2016-4272 Adobe Use After Free vulnerability in Adobe Flash Player

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.

8.8
2016-09-14 CVE-2016-3369 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Windows 10 1511

Microsoft Windows 10 Gold and 1511 allows attackers to cause a denial of service via unspecified vectors, aka "Windows Denial of Service Vulnerability."

7.8
2016-09-14 CVE-2016-3363 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Excel, Excel Viewer and Office Compatibility Pack

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3381.

7.8
2016-09-12 CVE-2016-6399 Cisco Improper Input Validation vulnerability in Cisco products

Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE 4700 Application Control Engine appliances through A5 3.3 allow remote attackers to cause a denial of service (device reload) via crafted (1) SSL or (2) TLS packets, aka Bug ID CSCvb16317.

7.8
2016-09-14 CVE-2016-3377 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3350.

7.6
2016-09-14 CVE-2016-3375 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

The OLE Automation mechanism and VBScript scripting engine in Microsoft Internet Explorer 9 through 11, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

7.6
2016-09-14 CVE-2016-3350 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3377.

7.6
2016-09-14 CVE-2016-3330 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3294.

7.6
2016-09-14 CVE-2016-3294 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3330.

7.6
2016-09-18 CVE-2016-0897 Pivotal Software Cryptographic Issues vulnerability in Pivotal Software Operations Manager

Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote attack vectors.

7.5
2016-09-18 CVE-2016-0896 Pivotal Software 7PK - Security Features vulnerability in Pivotal Software Cloud Foundry Elastic Runtime

Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address.

7.5
2016-09-17 CVE-2016-7417 PHP Improper Input Validation vulnerability in PHP

ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.

7.5
2016-09-17 CVE-2016-7415 ICU Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Icu-Project International Components FOR Unicode

Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long locale string.

7.5
2016-09-17 CVE-2016-7414 PHP Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP

The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.

7.5
2016-09-17 CVE-2016-7413 PHP Use After Free vulnerability in PHP

Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call.

7.5
2016-09-17 CVE-2016-7411 PHP Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP

ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.

7.5
2016-09-16 CVE-2016-6302 Openssl
Oracle
Improper Input Validation vulnerability in multiple products

The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.

7.5
2016-09-16 CVE-2016-2181 Openssl
Oracle
Numeric Errors vulnerability in multiple products

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.

7.5
2016-09-16 CVE-2016-2179 Openssl
Oracle
Resource Management Errors vulnerability in multiple products

The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.

7.5
2016-09-12 CVE-2016-7134 PHP Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP

ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service (allocation error and heap-based buffer overflow) or possibly have unspecified other impact via a long string that is mishandled in a curl_escape call.

7.5
2016-09-12 CVE-2016-7129 PHP Improper Input Validation vulnerability in PHP

The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document.

7.5
2016-09-12 CVE-2016-7127 PHP Out-of-bounds Write vulnerability in PHP

The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments.

7.5
2016-09-12 CVE-2016-7126 PHP Out-of-bounds Write vulnerability in PHP

The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument.

7.5
2016-09-12 CVE-2016-7124 PHP Deserialization of Untrusted Data vulnerability in PHP

ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.

7.5
2016-09-12 CVE-2016-1469 Cisco Resource Management Errors vulnerability in Cisco Spa300 Firmware and Spa500 Firmware

The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385.

7.5
2016-09-18 CVE-2016-6402 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Computing System

UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d) allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263.

7.2
2016-09-18 CVE-2016-4705 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Xcode

otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4704.

7.2
2016-09-18 CVE-2016-4704 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Xcode

otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4705.

7.2
2016-09-14 CVE-2016-3355 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "GDI Elevation of Privilege Vulnerability."

7.2
2016-09-14 CVE-2016-3349 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The kernel-mode drivers in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

7.2
2016-09-14 CVE-2016-3346 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows 10 1511/1607

Microsoft Windows 10 Gold, 1511, and 1607 does not properly enforce permissions, which allows local users to obtain Administrator access via a crafted DLL, aka "Windows Permissions Enforcement Elevation of Privilege Vulnerability."

7.2

67 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-09-18 CVE-2016-6405 Cisco Improper Input Validation vulnerability in Cisco FOG Director 1.0(0)

Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to bypass intended access restrictions and write to arbitrary files via the Cartridge interface, aka Bug ID CSCuz89368.

6.8
2016-09-17 CVE-2016-7412 PHP Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP

ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.

6.8
2016-09-14 CVE-2016-3324 Microsoft Remote Memory Corruption vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

6.8
2016-09-14 CVE-2016-3297 Microsoft Remote Memory Corruption vulnerability in Microsoft Edge and Internet Explorer

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."

6.8
2016-09-12 CVE-2016-7133 PHP Integer Overflow or Wraparound vulnerability in PHP

Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long pathname.

6.8
2016-09-14 CVE-2016-4278 Adobe Unspecified vulnerability in Adobe Flash Player

Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4271 and CVE-2016-4277.

6.5
2016-09-14 CVE-2016-4277 Adobe Unspecified vulnerability in Adobe Flash Player

Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4271 and CVE-2016-4278.

6.5
2016-09-14 CVE-2016-4271 Adobe Unspecified vulnerability in Adobe Flash Player

Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4277 and CVE-2016-4278, aka a "local-with-filesystem Flash sandbox bypass" issue.

6.5
2016-09-14 CVE-2016-3351 Microsoft Unspecified vulnerability in Microsoft Edge and Internet Explorer

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."

6.5
2016-09-14 CVE-2016-3302 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607, when the lock screen is enabled, do not properly restrict the loading of web content, which allows physically proximate attackers to execute arbitrary code via a (1) crafted Wi-Fi access point or (2) crafted mobile-broadband device, aka "Windows Lock Screen Elevation of Privilege Vulnerability."

6.2
2016-09-16 CVE-2016-7420 Cryptopp Information Exposure vulnerability in Cryptopp Crypto++

Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory after an assertion failure, as demonstrated by reading a core dump.

5.9
2016-09-18 CVE-2016-6642 EMC Cross-Site Request Forgery (CSRF) vulnerability in EMC Vipr SRM 3.6.0/3.6.4

Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files.

5.8
2016-09-18 CVE-2016-0928 Pivotal Open Redirect vulnerability in Pivotal Cloud Foundry Elastic Runtime

Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

5.8
2016-09-14 CVE-2016-3378 Microsoft Improper Input Validation vulnerability in Microsoft Exchange Server 2013/2016

Open redirect vulnerability in Microsoft Exchange Server 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "Microsoft Exchange Open Redirect Vulnerability."

5.8
2016-09-12 CVE-2016-6394 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Firesight System Software

Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503.

5.8
2016-09-17 CVE-2016-6401 Cisco Resource Management Errors vulnerability in Cisco Carrier Routing System 5.1.4/5.1Base

Cisco Carrier Routing System (CRS) 5.1 and 5.1.4, as used in CRS Carrier Grade Services for CRS-1 and CRS-3 devices, allows remote attackers to cause a denial of service (line-card reload) via crafted IPv6-over-MPLS packets, aka Bug ID CSCva32494.

5.7
2016-09-12 CVE-2016-6375 Cisco Resource Management Errors vulnerability in Cisco products

Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow remote attackers to cause a denial of service (device reload) by sending crafted Inter-Access Point Protocol (IAPP) packets and then sending a traffic stream metrics (TSM) information request over SNMP, aka Bug ID CSCuz40221.

5.7
2016-09-14 CVE-2016-3353 Microsoft 7PK - Security Features vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Internet Explorer 9 through 11 mishandles .url files from the Internet zone, which allows remote attackers to bypass intended access restrictions via a crafted file, aka "Internet Explorer Security Feature Bypass."

5.1
2016-09-14 CVE-2016-3295 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge and Internet Explorer

Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."

5.1
2016-09-14 CVE-2016-3292 Microsoft Improper Input Validation vulnerability in Microsoft Internet Explorer 10/11

Microsoft Internet Explorer 10 and 11 mishandles integrity settings and zone settings, which allows remote attackers to bypass a sandbox protection mechanism via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."

5.1
2016-09-14 CVE-2016-3247 Microsoft Remote Memory Corruption vulnerability in Microsoft Edge and Internet Explorer

Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."

5.1
2016-09-18 CVE-2016-4746 Apple Information Exposure vulnerability in Apple Iphone OS

The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an unintended correction.

5.0
2016-09-18 CVE-2016-1433 Cisco Resource Management Errors vulnerability in Cisco IOS XR 6.0.0/6.0.1/6.0Base

Cisco IOS XR 6.0 and 6.0.1 on NCS 6000 devices allows remote attackers to cause a denial of service (OSPFv3 process reload) via crafted OSPFv3 packets, aka Bug ID CSCuz66289.

5.0
2016-09-18 CVE-2016-6639 Cloudfoundry
Pivotal
7PK - Security Features vulnerability in multiple products

Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers to obtain sensitive information via an HTTP GET request for this file.

5.0
2016-09-18 CVE-2016-0930 Pivotal Race Condition vulnerability in Pivotal Operations Manager

Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs exist.

5.0
2016-09-18 CVE-2016-0929 Pivotal Software Information Exposure vulnerability in Pivotal Software Rabbitmq

The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry (PCF) 1.6.x before 1.6.4 logs command lines of failed commands, which might allow context-dependent attackers to obtain sensitive information by reading the log data, as demonstrated by a syslog message that contains credentials from a command line.

5.0
2016-09-18 CVE-2016-0923 Dell Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dell Bsafe

The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging server behavior in which the first algorithm is used.

5.0
2016-09-18 CVE-2016-0922 EMC Improper Authorization vulnerability in EMC Vipr SRM 3.6.0/3.6.4

EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack.

5.0
2016-09-18 CVE-2016-0883 Pivotal Software Improper Authentication vulnerability in Pivotal Software Operations Manager

Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation.

5.0
2016-09-17 CVE-2016-7418 PHP Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP

The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.

5.0
2016-09-17 CVE-2016-7416 PHP Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP

ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument.

5.0
2016-09-17 CVE-2016-6644 EMC Permissions, Privileges, and Access Controls vulnerability in EMC Documentum D2 4.5/4.6

EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value.

5.0
2016-09-17 CVE-2016-6407 Cisco Resource Management Errors vulnerability in Cisco web Security Appliance

Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (link saturation) by making many HTTP requests for overlapping byte ranges simultaneously, aka Bug ID CSCuz27219.

5.0
2016-09-16 CVE-2016-6936 Adobe
Apple
Microsoft
Information Exposure vulnerability in Adobe AIR SDK & Compiler 22.0.0.153

Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics transport security, which might allow remote attackers to obtain sensitive information by leveraging access to a network over which analytics data is sent.

5.0
2016-09-12 CVE-2016-6398 Cisco Information Exposure vulnerability in Cisco IOS 15.5(3)M

The PPTP server in Cisco IOS 15.5(3)M does not properly initialize packet buffers, which allows remote attackers to obtain sensitive information from earlier network communication by reading packet data, aka Bug ID CSCvb16274.

5.0
2016-09-12 CVE-2016-6396 Cisco Improper Input Validation vulnerability in Cisco Firesight System Software

Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482.

5.0
2016-09-12 CVE-2016-6371 Cisco Path Traversal vulnerability in Cisco Hosted Collaboration Mediation Fulfillment 10.6(1)Base/10.6(2)Base/10.6(3)Base

Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717.

5.0
2016-09-12 CVE-2016-7132 PHP NULL Pointer Dereference vulnerability in PHP

ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing.

5.0
2016-09-12 CVE-2016-7131 PHP NULL Pointer Dereference vulnerability in PHP

ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character.

5.0
2016-09-12 CVE-2016-7130 PHP NULL Pointer Dereference vulnerability in PHP

The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document.

5.0
2016-09-12 CVE-2016-7128 PHP Information Exposure vulnerability in PHP

The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.

5.0
2016-09-12 CVE-2016-7125 PHP Injection vulnerability in PHP

ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection.

5.0
2016-09-14 CVE-2016-3306 Microsoft Data Processing Errors vulnerability in Microsoft products

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges, via a crafted application, aka "Windows Session Object Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3305.

4.6
2016-09-14 CVE-2016-3305 Microsoft Data Processing Errors vulnerability in Microsoft products

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges, via a crafted application, aka "Windows Session Object Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3306.

4.6
2016-09-18 CVE-2016-6404 Cisco Cross-site Scripting vulnerability in Cisco IOS 15.5(2)T

Cross-site scripting (XSS) vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.5(2)T and IOS XE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy19854.

4.3
2016-09-18 CVE-2016-6403 Cisco Resource Management Errors vulnerability in Cisco IOS

The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service via a crafted packet, aka Bug IDs CSCuy82904, CSCuy82909, and CSCuy82912.

4.3
2016-09-18 CVE-2016-4747 Apple Information Exposure vulnerability in Apple Iphone OS

Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors.

4.3
2016-09-18 CVE-2016-4741 Apple 7PK - Security Features vulnerability in Apple Iphone OS

The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates.

4.3
2016-09-18 CVE-2016-4719 Apple Information Exposure vulnerability in Apple Iphone OS and Watchos

The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application.

4.3
2016-09-18 CVE-2016-4620 Apple Information Exposure vulnerability in Apple Iphone OS

The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app.

4.3
2016-09-18 CVE-2016-6643 EMC Cross-site Scripting vulnerability in EMC Vipr SRM 3.6.0/3.6.4

Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2016-09-18 CVE-2016-0927 Pivotal Software Cross-site Scripting vulnerability in Pivotal Software Cloud Foundry Elastic Runtime

Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2016-09-18 CVE-2016-0926 Pivotal Software Cross-site Scripting vulnerability in Pivotal Software Cloud Foundry Elastic Runtime

Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework.

4.3
2016-09-14 CVE-2016-3379 Microsoft Cross-site Scripting vulnerability in Microsoft Exchange Server 2016

Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2016 Cumulative Update 1 and 2 allows remote attackers to inject arbitrary web script or HTML via a meeting-invitation request, aka "Microsoft Exchange Elevation of Privilege Vulnerability."

4.3
2016-09-14 CVE-2016-3374 Microsoft Information Exposure vulnerability in Microsoft products

The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka "PDF Library Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3370.

4.3
2016-09-14 CVE-2016-3373 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 does not properly implement registry access control, which allows local users to obtain sensitive account information via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."

4.3
2016-09-14 CVE-2016-3371 Microsoft Information Exposure vulnerability in Microsoft products

The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 does not properly enforce permissions, which allows local users to obtain sensitive information via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."

4.3
2016-09-14 CVE-2016-3370 Microsoft Information Exposure vulnerability in Microsoft products

The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka "PDF Library Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3374.

4.3
2016-09-14 CVE-2016-3366 Microsoft Improper Access Control vulnerability in Microsoft Outlook

Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, Outlook 2016, and Outlook 2016 for Mac do not properly implement RFC 2046, which allows remote attackers to bypass virus or spam detection via crafted MIME data in an e-mail attachment, aka "Microsoft Office Spoofing Vulnerability."

4.3
2016-09-14 CVE-2016-3354 Microsoft 7PK - Security Features vulnerability in Microsoft products

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "GDI Information Disclosure Vulnerability."

4.3
2016-09-14 CVE-2016-3352 Microsoft Improper Authorization vulnerability in Microsoft Windows 10, Windows 8.1 and Windows RT 8.1

Microsoft Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 do not properly check NTLM SSO requests for MSA logins, which makes it easier for remote attackers to determine passwords via a brute-force attack on NTLM password hashes, aka "Microsoft Information Disclosure Vulnerability."

4.3
2016-09-14 CVE-2016-0141 Microsoft Information Exposure vulnerability in Microsoft Office

The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 export a certificate-store private key during a document-save operation, which allows attackers to obtain sensitive information via unspecified vectors, aka "Microsoft Information Disclosure Vulnerability."

4.3
2016-09-14 CVE-2016-0137 Microsoft 7PK - Security Features vulnerability in Microsoft Office 2013/2016

The Click-to-Run (C2R) implementation in Microsoft Office 2013 SP1 and 2016 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft APP-V ASLR Bypass."

4.3
2016-09-12 CVE-2016-4852 AKI Null
Apple
Improper Input Validation vulnerability in Aki-Null Yorufukurou

YoruFukurou (NightOwl) before 2.85 relies on support for emoji skin-tone modifiers even though this support is missing from the CoreText CTFramesetter API on OS X 10.9, which allows remote attackers to cause a denial of service (application crash) via a crafted emoji character sequence.

4.3
2016-09-14 CVE-2016-0138 Microsoft Information Exposure vulnerability in Microsoft Exchange Server

Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging the Send As right, aka "Microsoft Exchange Information Disclosure Vulnerability."

4.0
2016-09-12 CVE-2016-6370 Cisco Path Traversal vulnerability in Cisco Hosted Collaboration Mediation Fulfillment 10.6(1)Base/10.6(2)Base/10.6(3)Base

Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a crafted pathname in an HTTP request, aka Bug ID CSCuz27255.

4.0
2016-09-12 CVE-2016-5954 IBM Improper Access Control vulnerability in IBM Websphere Portal

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files.

4.0

11 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-09-14 CVE-2016-3372 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows Server 2008 and Windows Vista

The kernel API in Microsoft Windows Vista SP2 and Windows Server 2008 SP2 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."

3.6
2016-09-18 CVE-2016-6641 EMC Cross-site Scripting vulnerability in EMC Vipr SRM 3.6.0/3.6.4

Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2016-09-17 CVE-2016-7419 Nextcloud
Owncloud
Cross-site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name.

3.5
2016-09-12 CVE-2016-6395 Cisco Cross-site Scripting vulnerability in Cisco Firesight System Software

Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658.

3.5
2016-09-12 CVE-2016-0331 IBM Cross-site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 6.0.1 and 6.0.2 before 6.0.2 iFix2 and Rational Collaborative Lifecycle Management 6.0.1 and 6.0.2 before 6.0.2 iFix2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2016-09-14 CVE-2016-3325 Microsoft Information Exposure vulnerability in Microsoft Edge and Internet Explorer

Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."

2.6
2016-09-14 CVE-2016-3291 Microsoft Information Exposure vulnerability in Microsoft Edge and Internet Explorer

Microsoft Internet Explorer 11 and Microsoft Edge mishandle cross-origin requests, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."

2.6
2016-09-18 CVE-2016-4749 Apple Information Exposure vulnerability in Apple Iphone OS

Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file.

2.1
2016-09-14 CVE-2016-3344 Microsoft Information Exposure vulnerability in Microsoft Windows 10 1511

The Secure Kernel Mode feature in Microsoft Windows 10 Gold and 1511 allows local users to obtain sensitive information via a crafted application, aka "Windows Secure Kernel Mode Information Disclosure Vulnerability."

2.1
2016-09-12 CVE-2016-5927 IBM Information Exposure vulnerability in IBM Tivoli Storage Manager FOR Space Management

IBM Tivoli Storage Manager for Space Management (aka Spectrum Protect for Space Management) 6.3.x before 6.3.2.6, 6.4.x before 6.4.3.3, and 7.1.x before 7.1.6, when certain dsmsetpw tracing is configured, allows local users to discover an encrypted password by reading application-trace output.

2.1
2016-09-18 CVE-2016-4740 Apple Information Exposure vulnerability in Apple Iphone OS

Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors.

1.9