MEMPHIS COMPUTER REPAIR . COM

Networking - WiFi, Data Recovery, Web Design, SEO, Computer Repair and Support



 

Memphis Computer Repair brings you top quality technicians at unbeatable rates 24 hours a day, 7 days a week. Our highly trained and experienced staff will assist you with all of your information technology needs. We service business computers, residential computers, servers, workstations, desktop PCs, and laptops.

Computer Related Services

Our skilled staff has more to offer than merely computer repair services. We specialize in building and implementing residential and business computer networks. Securing your network is only a click away! Guarauntee the safety of your data by only allowing access to who you choose! Are you sure you need a new printer? Don't buy a new printer for every computer you own. Save money by networking your computers and your printer! Any printer can be used on a network, be it a residential network or a business network.

Memphis Computer Repair is always open for business. We service and repair all bands and models of computers including: Dell, Gateway, Compaq, Hewlett-Packard HP, IBM, and all custom built computers.

Our discounted computer repair rates will fit your budget.

We stand behind our work with a 100% satisfaction guarauntee!

With every computer we service we include a comprehensive and easily read reapir ticket to keep you informed on what has been done. We replace difficult computer lingo with understandable terms that you will understand. We never perform unnecessary work and we will ALWAYS inform you of the cost before any work is done!

Have you been blindsided by a computer repair company that charged you an outrageous amount for repairs you think you might not have needed? You will know the complete cost of any computer work done before the service is performed. If computer repair cost is out of your budget, we will not charge you for the estimate.

Servicing The Following Locations

Memphis, TN, Olive Branch, Southaven, Horn Lake, Hernando, Byhalia, Barton, Collierville, Cordova, Germantown, West Memphis, AR, Oakland, TN, Bartlett, Raleigh, Millington, Tunica, MS, and all areas of Shelby County Tennessee, DeSoto County Mississippi, and Marshall County Mississippi.

Have questions? Need help?

We would be glad to help you; simply contact us via our contact page, Contact Us.

*based on 33.6 Kilobits per second Internet connection speed

Valid CSS!

Open a Service Request/Repair Ticket or Call us @
901-515-8433
Name:
Address:
City: State:
Zip:Phone Number:
Email Address:
Computer Brand:
Computer Model:
Problem or Service Requested



US-CERT: The United States Computer Emergency Readiness Team


05/04/2016 06:21 PM
ImageMagick Vulnerability
Original release date: May 04, 2016 | Last revised: May 05, 2016

ImageMagick, an open-source image processing software suite, has released versions 7.0.1-1 and 6.9.3-10 to address a vulnerability in previous software versions. Exploitation of this vulnerability may allow an attacker to take control of an affected system.

Users and administrators are encouraged to review the article ImageMagick Security Issue, the Openwall Security Blog, and Vulnerability Note VU#250519 for more information and apply the ImageMagick updates.


This product is provided subject to this Notification and this Privacy & Use policy.



05/04/2016 01:21 PM
Cisco Releases Security Updates
Original release date: May 04, 2016

Cisco has released security updates to address vulnerabilities in multiple products. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:


This product is provided subject to this Notification and this Privacy & Use policy.



05/03/2016 05:24 PM
Apple Releases Security Update
Original release date: May 03, 2016

Apple has released a security update for Xcode to address two vulnerabilities. Exploitation of either of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Apple security update for Xcode and update to version 7.3.1 for OS X El Capitan v10.11 and later.


This product is provided subject to this Notification and this Privacy & Use policy.



05/03/2016 01:17 PM
OpenSSL Releases Security Updates
Original release date: May 03, 2016

OpenSSL has released security updates to address vulnerabilities in previous versions. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

Available updates include:

  • OpenSSL 1.0.2h for 1.0.2 users
  • OpenSSL 1.0.1t for 1.0.1 users

US-CERT encourages users and administrators to review the OpenSSL Security Advisory page and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.



05/02/2016 08:01 AM
SB16-123: Vulnerability Summary for the Week of April 25, 2016
Original release date: May 02, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- airUse-after-free vulnerability in the TextField object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted text property, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8653, CVE-2015-8655, CVE-2015-8821, and CVE-2015-8822.2016-04-229.3CVE-2015-8823
CONFIRM
MISC
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- analytics_appmeasurement_for_flash_libraryCross-site scripting (XSS) vulnerability in Adobe Analytics AppMeasurement for Flash Library before 4.0.1, when debugTracking is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2016-04-224.3CVE-2016-1036
CONFIRM
allround_automations -- pl/sql_developerAllround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream.2016-04-256.8CVE-2016-2346
CERT-VN
MISC
blackberry -- enterprise_serverCross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1918.2016-04-224.3CVE-2016-1917
CONFIRM
blackberry -- enterprise_serverCross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1917.2016-04-224.3CVE-2016-1918
CONFIRM
blackberry -- enterprise_serverCross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.2016-04-224.3CVE-2016-3126
CONFIRM
foxitsoftware -- phantompdfUse-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted FlateDecode stream in a PDF document.2016-04-226.8CVE-2016-4059
CONFIRM
MISC
foxitsoftware -- phantompdfUse-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to cause a denial of service (application crash) via unspecified vectors.2016-04-225.0CVE-2016-4060
CONFIRM
foxitsoftware -- phantompdfFoxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of service (application crash) via a crafted content stream.2016-04-225.0CVE-2016-4061
CONFIRM
foxitsoftware -- phantompdfFoxit Reader and PhantomPDF before 7.3.4 on Windows improperly report format errors recursively, which allows remote attackers to cause a denial of service (application hang) via a crafted PDF.2016-04-224.3CVE-2016-4062
CONFIRM
foxitsoftware -- phantompdfUse-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via an object with a revision number of -1 in a PDF document.2016-04-226.8CVE-2016-4063
CONFIRM
MISC
MISC
foxitsoftware -- phantompdfUse-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge call.2016-04-226.8CVE-2016-4064
CONFIRM
MISC
foxitsoftware -- phantompdfThe ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted (1) JPEG, (2) GIF, or (3) BMP image.2016-04-226.8CVE-2016-4065
CONFIRM
MISC
MISC
MISC
linux -- linux_kernelMemory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times.2016-04-274.9CVE-2015-1339
CONFIRM
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernelThe aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.2016-04-274.9CVE-2015-7515
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernelDouble free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.2016-04-274.9CVE-2016-2384
CONFIRM
CONFIRM
CONFIRM
MLIST
linux -- linux_kernelRace condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time.2016-04-274.7CVE-2016-2544
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
linux -- linux_kernelThe snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call.2016-04-274.7CVE-2016-2545
CONFIRM
MLIST
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernelsound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.2016-04-274.7CVE-2016-2546
CONFIRM
MLIST
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernelsound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.2016-04-274.7CVE-2016-2547
CONFIRM
MLIST
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernelfs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.2016-04-274.9CVE-2016-2847
MLIST
CONFIRM
CONFIRM
CONFIRM
novell -- service_deskDirectory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.2016-04-226.5CVE-2016-1593
CONFIRM
MISC
MISC
novell -- service_deskMicro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a (1) downloadLogFiles or (2) downloadFile action.2016-04-224.0CVE-2016-1594
CONFIRM
MISC
MISC
novell -- service_deskLiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection attacks and obtain sensitive information via the entityName parameter.2016-04-224.0CVE-2016-1595
CONFIRM
MISC
MISC
qemu -- qemuBuffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes.2016-04-266.8CVE-2016-4002
MLIST
CONFIRM
MLIST
MLIST
samba -- sambaSamba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors.2016-04-244.3CVE-2015-5370
CONFIRM
samba -- sambaThe NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security.2016-04-244.3CVE-2016-2110
CONFIRM
samba -- sambaThe NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.2016-04-244.3CVE-2016-2111
CONFIRM
samba -- sambaThe bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.2016-04-244.3CVE-2016-2112
CONFIRM
samba -- sambaSamba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate.2016-04-245.8CVE-2016-2113
CONFIRM
samba -- sambaThe SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream.2016-04-244.3CVE-2016-2114
CONFIRM
samba -- sambaSamba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.2016-04-244.3CVE-2016-2115
CONFIRM
squid -- squid_cacheBuffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.2016-04-256.8CVE-2016-4051
CONFIRM
SECTRACK
MLIST
MLIST
squid -- squid_cacheMultiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.2016-04-256.8CVE-2016-4052
CONFIRM
SECTRACK
MLIST
MLIST
squid -- squid_cacheSquid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.2016-04-254.3CVE-2016-4053
CONFIRM
SECTRACK
MLIST
MLIST
squid -- squid_cacheBuffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.2016-04-256.8CVE-2016-4054
CONFIRM
SECTRACK
MLIST
MLIST
symantec -- messaging_gatewayThe management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input.2016-04-226.5CVE-2016-2204
CONFIRM
BID
wireshark -- wiresharkepan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet.2016-04-254.3CVE-2016-4006
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkepan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.2016-04-254.3CVE-2016-4076
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkepan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.2016-04-254.3CVE-2016-4077
CONFIRM
MISC
CONFIRM
CONFIRM
wireshark -- wiresharkThe IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c.2016-04-254.3CVE-2016-4078
CONFIRM
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkepan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet.2016-04-254.3CVE-2016-4079
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkepan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.2016-04-254.3CVE-2016-4080
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkepan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.2016-04-254.3CVE-2016-4081
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkepan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet.2016-04-254.3CVE-2016-4082
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkepan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.2016-04-254.3CVE-2016-4083
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkInteger signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and application crash) via a crafted packet that triggers an unexpected array size.2016-04-254.3CVE-2016-4084
CONFIRM
CONFIRM
CONFIRM
wireshark -- wiresharkStack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet.2016-04-254.3CVE-2016-4085
CONFIRM
CONFIRM
CONFIRM
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
blackberry -- enterprise_serverCross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a certain Export IT screen.2016-04-223.5CVE-2016-1916
CONFIRM
novell -- service_deskMultiple cross-site scripting (XSS) vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain (1) user name, (2) tf_aClientFirstName, (3) tf_aClientLastName, (4) ta_selectedTopicContent, (5) tf_orgUnitName, (6) tf_aManufacturerFullName, (7) tf_aManufacturerName, (8) tf_aManufacturerAddress, or (9) tf_aManufacturerCity parameter.2016-04-223.5CVE-2016-1596
CONFIRM
MISC
MISC
symantec -- messaging_gatewayThe management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges.2016-04-222.1CVE-2016-2203
CONFIRM
BID
Back to top

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- readerDouble free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via a crafted Graphics State dictionary.2016-04-30not yet calculatedCVE-2016-1111
CONFIRM
MISC
apache_struts -- dynamic_method_invocationApache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.2016-04-26not yet calculatedCVE-2016-3081
CONFIRM
SECTRACK
apache_struts -- xsltresultXSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.2016-04-26not yet calculatedCVE-2016-3082
SECTRACK
CONFIRM
atom -- electronUntrusted search path vulnerability in Atom Electron before 0.33.5 allows local users to gain privileges via a Trojan horse Node.js module in a parent directory of a directory named on a require line.2016-04-25not yet calculatedCVE-2016-1202
CONFIRM
CONFIRM
JVNDB
JVN
cisco -- apiThe API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521.2016-04-28not yet calculatedCVE-2016-1386
CISCO
cisco -- webex_meetings_server_(cwms)Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuy44695.2016-04-28not yet calculatedCVE-2016-1389
CISCO
cisco -- webex_productivityUntrusted search path vulnerability in Cisco WebEx Productivity Tools 2.40.5001.10012 allows local users to gain privileges via a Trojan horse cryptsp.dll, dwmapi.dll, msimg32.dll, ntmarta.dll, propsys.dll, riched20.dll, rpcrtremote.dll, secur32.dll, sxs.dll, or uxtheme.dll file in the current working directory, aka Bug ID CSCuy56140.2016-04-28not yet calculatedCVE-2016-4349
MISC
cisco -- xml_parserThe XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059.2016-04-30not yet calculatedCVE-2016-1343
CISCO
cybozu -- kintone_mobileThe Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application.2016-04-25not yet calculatedCVE-2016-1185
CONFIRM
JVNDB
JVN
ec_cube -- cross_site scripting_(xss)Cross-site scripting (XSS) vulnerability in the shiro8 (1) category_freearea_ addition_plugin plugin 1.0 and (2) itemdetail_freearea_ addition_plugin plugin 1.0 for EC-CUBE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2016-04-27not yet calculatedCVE-2016-1205
CONFIRM
JVNDB
JVN
gd_graphics_library -- integer_signedness_errorInteger signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.2016-04-26not yet calculatedCVE-2016-3074
CONFIRM
SECTRACK
BUGTRAQ
DEBIAN
FULLDISC
MISC
ibm -- db2IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted DRDA message.2016-04-27not yet calculatedCVE-2016-0211
CONFIRM
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
linux -- arch/powerpc/kernel/process.cThe tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.2016-04-27not yet calculatedCVE-2015-8845
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- arch/x86/mm/mmap.cThe arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.2016-04-27not yet calculatedCVE-2016-3672
CONFIRM
CONFIRM
CONFIRM
linux -- arch/x86/mm/tlb.cRace condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.2016-04-27not yet calculatedCVE-2016-2069
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- drivers/infiniband/hw/cxgb3/iwch_cm.cdrivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.2016-04-27not yet calculatedCVE-2015-8812
CONFIRM
CONFIRM
MLIST
CONFIRM
linux -- drivers/input/tablet/wacom_sys.cThe wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.2016-04-27not yet calculatedCVE-2016-3139
CONFIRM
MISC
CONFIRM
CONFIRM
CONFIRM
MISC
linux -- drivers/usb/core/hub.cThe hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.2016-04-27not yet calculatedCVE-2015-8816
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- drivers/usb/serial/visor.cThe treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.2016-04-27not yet calculatedCVE-2016-2782
CONFIRM
CONFIRM
MLIST
CONFIRM
linux -- fork_implementationThe fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h.2016-04-27not yet calculatedCVE-2016-2143
CONFIRM
CONFIRM
CONFIRM
linux -- fs/pipe.cThe (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-1805.2016-04-27not yet calculatedCVE-2016-0774
CONFIRM
CONFIRM
linux -- integer_xt_alloc_table_infoInteger overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.2016-04-27not yet calculatedCVE-2016-3135
CONFIRM
MISC
CONFIRM
CONFIRM
linux -- ipv4_implementationThe IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.2016-04-27not yet calculatedCVE-2016-3156
CONFIRM
CONFIRM
MLIST
CONFIRM
linux -- kernel/bpf/verifier.cThe adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions.2016-04-27not yet calculatedCVE-2016-2383
CONFIRM
CONFIRM
MLIST
CONFIRM
linux -- linux_kernelThe Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by leveraging incorrect tracking of descriptor ownership and sending each descriptor over a UNIX socket before closing it. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-4312.2016-04-27not yet calculatednot yet calculatedCVE-2016-2550
CONFIRM
CONFIRM
MLIST
CONFIRM
linux -- netfilter_subsystemThe netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.2016-04-27not yet calculatedCVE-2016-3134
CONFIRM
MISC
CONFIRM
CONFIRM
linux -- powerpc_platformsThe signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.2016-04-27not yet calculatedCVE-2015-8844
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- security/integrity/evm/evm_main.cThe evm_verify_hmac function in security/integrity/evm/evm_main.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to forge MAC values via a timing side-channel attack.2016-04-27not yet calculatedCVE-2016-2085
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux -- sound/core/seq/seq_clientmgr.cThe snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call.2016-04-27not yet calculatedCVE-2016-2543
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- sound/core/timer.csound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call.2016-04-27

not yet calculated

CVE-2016-2549
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- sound/core/timer.csound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions.2016-04-27not yet calculatedCVE-2016-2548
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- sound/usb/quirks.cThe create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.2016-04-27not yet calculatedCVE-2016-2184
CONFIRM
CONFIRM
CONFIRM
BUGTRAQ
BUGTRAQ
BUGTRAQ
CONFIRM
linux -- suse_linux_enterprise_12_sp1yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow attackers to have unspecified impact via unknown vectors.2016-04-26not yet calculatedCVE-2016-1601
CONFIRM
CONFIRM
SUSE
lockon -- ec_cubeCross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators.2016-04-30not yet calculatedCVE-2016-1201
CONFIRM
CONFIRM
JVNDB
JVN
lockon -- ec_cubeThe login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200.2016-04-30not yet calculatedCVE-2016-1199
CONFIRM
CONFIRM
JVNDB
JVN
lockon -- ec_cubeThe management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199.2016-04-30not yet calculatedCVE-2016-1200
CONFIRM
CONFIRM
JVNDB
JVN
mozilla -- androidMozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password.2016-04-30not yet calculatednot yet calculatedCVE-2016-2810
CONFIRM
CONFIRM
mozilla -- androidMozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780.2016-04-30not yet calculatedCVE-2016-2813
CONFIRM
CONFIRM
MISC
mozilla -- browser/components/extensions/ext_tabs.jsThe WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted extension that accesses a (1) javascript: or (2) data: URL.2016-04-30not yet calculatedCVE-2016-2817
CONFIRM
CONFIRM
mozilla -- browser_engineMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.2016-04-30not yet calculatedCVE-2016-2804
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- browser_engineMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.2016-04-30not yet calculatedCVE-2016-2806
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- browser_engineMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.2016-04-30not yet calculatedCVE-2016-2807
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- browser_engineUnspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.2016-04-30not yet calculatedCVE-2016-2805
CONFIRM
CONFIRM
mozilla -- content_security_policy_(csp)Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type.2016-04-30not yet calculatedCVE-2016-2816
CONFIRM
CONFIRM
mozilla -- firefox_healthreportsThe Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element.2016-04-30not yet calculatedCVE-2016-2820
CONFIRM
CONFIRM
mozilla -- heap_based_buffer_overflowHeap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table.2016-04-30not yet calculatedCVE-2016-2814
CONFIRM
CONFIRM
mozilla -- maintenance_service_updaterThe Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution.2016-04-30CVE-2016-2809
CONFIRM
CONFIRM
mozilla -- serviceworker_infoUse-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the BeginReading method.2016-04-30not yet calculatedCVE-2016-2811
CONFIRM
CONFIRM
mozilla -- serviceworker_managerRace condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site.2016-04-30not yet calculatedCVE-2016-2812
CONFIRM
CONFIRM
mozilla -- watch_implementationThe watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site.2016-04-30not yet calculatedCVE-2016-2808
CONFIRM
CONFIRM
openssh -- session.c_sshdThe do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.2016-04-30not yet calculatedCVE-2015-8325
CONFIRM
CONFIRM
CONFIRM
CONFIRM
syslink -- sl_1000_(m2m)_modular_gatewayflu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the 5066 (aka dnsmasq) parameter.2016-04-25not yet calculatedCVE-2016-2332
CERT-VN
syslink -- sl_1000_(m2m)_modular_gatewaySysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers' installations, which allows attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.2016-04-25not yet calculatedCVE-2016-2333
CERT-VN
syslink -- sl_1000_(m2m)_modular_gatewayThe web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors.2016-04-25not yet calculatedCVE-2016-2331
CERT-VN
varnish -- stacked_installationsVarnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.2016-04-25not yet calculatedCVE-2015-8852
MLIST
CONFIRM
CONFIRM
MLIST
MLIST
DEBIAN
wireshark -- asn.1_berepan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set.2016-04-30not yet calculatedCVE-2016-4418
CONFIRM
CONFIRM
wireshark -- asn.1_berepan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data.2016-04-30not yet calculatedCVE-2016-4421
CONFIRM
CONFIRM
wireshark -- epan/dissectors/packet-gsm_abis_oml.cOff-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a 0xff tag value.2016-04-30not yet calculatedCVE-2016-4417
CONFIRM
CONFIRM
wireshark -- ieee_802.11_dissectorepan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.2016-04-30not yet calculatedCVE-2016-4416
CONFIRM
CONFIRM
wireshark -- ixia_ixveriwavewiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted file.2016-04-30not yet calculatedCVE-2016-4415
CONFIRM
MISC
CONFIRM
wireshark -- nfs_dissectorThe NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.2016-04-30not yet calculatedCVE-2016-4420
CONFIRM
wireshark -- spiceepan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted packet.2016-04-30not yet calculatedCVE-2016-4419
CONFIRM
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.



04/29/2016 08:45 PM
FBI Releases Article on Ransomware
Original release date: April 29, 2016

The Federal Bureau of Investigation (FBI) has released an article addressing the proliferation of ransomware campaigns. Ransomware is a type of malicious software that infects a computer and restricts users' access to it until a ransom is paid to unlock it. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee access will be restored.

Users and administrators are encouraged to review the FBI article Ransomware on the Rise for details and refer to US-CERT Alert TA16-091A for more information on ransomware.


This product is provided subject to this Notification and this Privacy & Use policy.



04/28/2016 07:31 PM
Google Releases Security Update for Chrome
Original release date: April 28, 2016

Google has released Chrome version 50.0.2661.94 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.



04/26/2016 01:53 PM
Mozilla Releases Security Updates
Original release date: April 26, 2016

Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Available updates include:

  • Firefox 46
  • FireFox ESR 38.8
  • FireFox ESR 45.1

Users and administrators are encouraged to review the Mozilla Security Advisories for Firefox and Firefox ESR and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.



04/25/2016 06:31 AM
SB16-116: Vulnerability Summary for the Week of April 18, 2016
Original release date: April 25, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
cisco -- adaptive_security_appliance_softwareThe encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.2016-04-217.8CVE-2015-6360
CISCO
cisco -- unified_computing_system_platform_emulatorCisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted arguments on a ucspe-copy command line, aka Bug ID CSCux68832.2016-04-157.2CVE-2016-1339
CISCO
cisco -- unified_computing_system_platform_emulatorHeap-based buffer overflow in Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted libclimeta.so filename arguments, aka Bug ID CSCux68837.2016-04-157.2CVE-2016-1340
CISCO
dhcpcd_project -- dhcpcddhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634.2016-04-1710.0CVE-2016-1503
CONFIRM
CONFIRM
CONFIRM
emc -- unisphereAn HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname.2016-04-1510.0CVE-2016-0889
BUGTRAQ
gnu -- glibcMultiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.2016-04-197.5CVE-2014-9761
MLIST
CONFIRM
MLIST
MLIST
SUSE
SUSE
SUSE
SUSE
SUSE
gnu -- glibcInteger overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.2016-04-197.5CVE-2015-8778
MLIST
CONFIRM
MLIST
MLIST
DEBIAN
SUSE
SUSE
SUSE
SUSE
SUSE
gnu -- glibcStack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.2016-04-197.5CVE-2015-8779
MLIST
CONFIRM
MLIST
MLIST
DEBIAN
SUSE
SUSE
SUSE
SUSE
SUSE
google -- androidAn unspecified media codec in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26220548.2016-04-1710.0CVE-2016-0834
CONFIRM
google -- androiddecoder/impeg2d_dec_hdr.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a certain negative value, aka internal bug 26070014.2016-04-1710.0CVE-2016-0835
CONFIRM
CONFIRM
CONFIRM
google -- androidStack-based buffer overflow in decoder/impeg2d_vld.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25812590.2016-04-1710.0CVE-2016-0836
CONFIRM
CONFIRM
google -- androidMPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via a crafted media file, aka internal bug 27208621.2016-04-1710.0CVE-2016-0837
CONFIRM
CONFIRM
google -- androidSonivox in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a negative number of samples, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to arm-wt-22k/lib_src/eas_wtengine.c and arm-wt-22k/lib_src/eas_wtsynth.c, aka internal bug 26366256.2016-04-1710.0CVE-2016-0838
CONFIRM
CONFIRM
CONFIRM
google -- androidpost_proc/volume_listener.c in mediaserver in Android 6.x before 2016-04-01 mishandles deleted effect context, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25753245.2016-04-1710.0CVE-2016-0839
CONFIRM
CONFIRM
google -- androidMultiple stack-based buffer underflows in decoder/ih264d_parse_cavlc.c in mediaserver in Android 6.x before 2016-04-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26399350.2016-04-1710.0CVE-2016-0840
CONFIRM
CONFIRM
google -- androidmedia/libmedia/mediametadataretriever.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mishandles cleared service binders, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26040840.2016-04-1710.0CVE-2016-0841
CONFIRM
CONFIRM
google -- androidThe H.264 decoder in libstagefright in Android 6.x before 2016-04-01 mishandles Memory Management Control Operation (MMCO) data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25818142.2016-04-1710.0CVE-2016-0842
CONFIRM
CONFIRM
google -- androidThe Qualcomm ARM processor performance-event manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application, aka internal bug 25801197.2016-04-177.2CVE-2016-0843
CONFIRM
google -- androidThe Qualcomm RF driver in Android 6.x before 2016-04-01 does not properly restrict access to socket ioctl calls, which allows attackers to gain privileges via a crafted application, aka internal bug 26324307.2016-04-177.2CVE-2016-0844
CONFIRM
CONFIRM
google -- androidlibs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26877992.2016-04-177.2CVE-2016-0846
CONFIRM
CONFIRM
google -- androidThe Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to spoof the originating telephone number of a call via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26864502.2016-04-177.2CVE-2016-0847
CONFIRM
CONFIRM
CONFIRM
google -- androidRace condition in Download Manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to bypass private-storage file-access restrictions via a crafted application that changes a symlink target, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26211054.2016-04-177.2CVE-2016-0848
CONFIRM
CONFIRM
google -- androidMultiple integer overflows in minzip/SysUtil.c in the Recovery Procedure in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26960931.2016-04-177.2CVE-2016-0849
CONFIRM
CONFIRM
google -- chromeThe LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related to compiler/pipeline.cc and compiler/simplified-lowering.cc.2016-04-189.3CVE-2016-1653
CONFIRM
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension.2016-04-187.5CVE-2016-1655
CONFIRM
CONFIRM
CONFIRM
google -- chromeMultiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.2016-04-1810.0CVE-2016-1659
CONFIRM
CONFIRM
google -- androidA Texas Instruments (TI) haptic kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 25981545.2016-04-179.3CVE-2016-2409
CONFIRM
google -- androidA Qualcomm Power Management kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages root access, aka internal bug 26866053.2016-04-179.3CVE-2016-2411
CONFIRM
google -- androidinclude/core/SkPostConfig.h in Skia, as used in System_server in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, mishandles certain crashes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26593930.2016-04-179.3CVE-2016-2412
CONFIRM
CONFIRM
google -- androidmedia/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26403627.2016-04-179.3CVE-2016-2413
CONFIRM
CONFIRM
google -- androidexchange/eas/EasAutoDiscover.java in the Autodiscover implementation in Exchange ActiveSync in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to obtain sensitive information via a crafted application that triggers a spoofed response to a GET request, aka internal bug 26488455.2016-04-177.1CVE-2016-2415
CONFIRM
CONFIRM
google -- androidmedia/libmedia/IOMX.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize certain metadata buffer pointers, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324358.2016-04-1710.0CVE-2016-2418
CONFIRM
CONFIRM
google -- androidrootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the /data/tombstones directory exists for the Debuggerd component, which allows attackers to gain privileges via a crafted application, aka internal bug 26403620.2016-04-179.3CVE-2016-2420
CONFIRM
CONFIRM
CONFIRM
juniper -- screenosThe administrative web services interface in Juniper ScreenOS before 6.3.0r21 allows remote attackers to cause a denial of service (reboot) via a crafted SSL packet.2016-04-157.8CVE-2016-1268
CONFIRM
juniper -- junosJuniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R9, 13.2X51 before 13.2X51-D39, 13.3 before 13.3R8, 14.1 before 14.1R6, 14.1X53 before 14.1X53-D30, 14.2 before 14.2R4-S1, 15.1 before 15.1R2, 15.1X49 before 15.1X49-D30, and 16.1 before 16.1R1 allow remote attackers to cause a denial of service (socket consumption) via crafted TCP timestamps.2016-04-157.8CVE-2016-1269
CONFIRM
juniper -- junosJuniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D25, 13.2 before 13.2R8, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.2 before 14.2R4, 15.1 before 15.1R1 or 15.1F2, and 15.1X49 before 15.1X49-D15 allow local users to gain privileges via crafted combinations of CLI commands and arguments, a different vulnerability than CVE-2015-3003, CVE-2014-3816, and CVE-2014-0615.2016-04-157.2CVE-2016-1271
CONFIRM
juniper -- junosJuniper Junos OS 14.1X53 before 14.1X53-D30 on QFX Series switches allows remote attackers to cause a denial of service (PFE panic) via a high rate of unspecified VXLAN packets.2016-04-157.8CVE-2016-1274
CONFIRM
Fedora -- latex2rtfFormat string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file.2016-04-189.3CVE-2015-8106
CONFIRM
CONFIRM
MLIST
FEDORA
FEDORA
FEDORA
linuxfoundation -- foomatic-filtersHeap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title.2016-04-157.5CVE-2010-5325
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
REDHAT
novell -- opensuseHeap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file.2016-04-189.3CVE-2015-7552
CONFIRM
SUSE
optipng -- optipngUse-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file.2016-04-209.3CVE-2015-7801
CONFIRM
UBUNTU
MLIST
oracle -- weblogic_serverUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Messaging Service.2016-04-217.5CVE-2016-0638
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication.2016-04-2110.0CVE-2016-0639
CONFIRM
panda -- panda_security_url_filteringPanda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe.2016-04-187.2CVE-2015-7378
EXPLOIT-DB
FULLDISC
MISC
panda -- panda_endpoint_administration_agentPanda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module.2016-04-187.2CVE-2016-3943
EXPLOIT-DB
FULLDISC
MISC
xen -- xenInteger overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.2016-04-197.2CVE-2016-3960
CONFIRM
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- camelApache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using (1) camel-jetty or (2) camel-servlet as a consumer in Camel routes, allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.2016-04-156.8CVE-2015-5348
CONFIRM
BUGTRAQ
MISC
CONFIRM
dotcms -- dotcmsDirectory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter.2016-04-184.0CVE-2016-3972
FULLDISC
CONFIRM
dotcms -- dotcmsSQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter.2016-04-196.5CVE-2016-4040
CONFIRM
CONFIRM
CONFIRM
gnu -- glibcThe strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.2016-04-196.4CVE-2015-8776
MLIST
CONFIRM
MLIST
MLIST
DEBIAN
SUSE
SUSE
SUSE
SUSE
SUSE
google -- androidThe PORCHE_PAIRING_CONFLICT feature in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to bypass intended pairing restrictions via a crafted device, aka internal bug 26551752.2016-04-175.8CVE-2016-0850
CONFIRM
CONFIRM
google -- chromefxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted JPEG 2000 data in a PDF document.2016-04-185.8CVE-2016-1651
CONFIRM
CONFIRM
MISC
CONFIRM
google -- chromeCross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."2016-04-184.3CVE-2016-1652
CONFIRM
CONFIRM
CONFIRM
google -- chromeThe media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors.2016-04-184.3CVE-2016-1654
CONFIRM
CONFIRM
google -- chromeThe download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors.2016-04-185.0CVE-2016-1656
CONFIRM
CONFIRM
google -- chromeThe WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL.2016-04-184.3CVE-2016-1657
CONFIRM
CONFIRM
CONFIRM
google -- chromeThe Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.2016-04-185.0CVE-2016-1658
CONFIRM
CONFIRM
CONFIRM
google -- androidA Qualcomm video kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 26291677.2016-04-176.9CVE-2016-2410
CONFIRM
google -- androidThe Minikin library in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider negative size values in font data, which allows remote attackers to cause a denial of service (memory corruption and reboot loop) via a crafted font, aka internal bug 26413177.2016-04-174.9CVE-2016-2414
CONFIRM
CONFIRM
CONFIRM
huawei -- ar3200_firmwareHuawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets.2016-04-186.8CVE-2016-3950
CONFIRM
juniper -- junosRace condition in the Op command in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 12.3X50 before 12.3X50-D50, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.2X52 before 13.2X52-D30, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.1X53 before 14.1X53-D30, 14.2 before 14.2R4, 15.1 before 15.1F2 or 15.1R2, 15.1X49 before 15.1X49-D10 or 15.1X49-D20, and 16.1 before 16.1R1 allows remote authenticated users to gain privileges via the URL option.2016-04-156.5CVE-2016-1264
CONFIRM
juniper -- junosRace condition in the RPC functionality in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.1X53 before 14.1X53-D30, 14.2 before 14.2R3-S4, 15.1 before 15.1F2, or 15.1R2, 15.1X49 before 15.1X49-D20, and 16.1 before 16.1R1 allows local users to read, delete, or modify arbitrary files via unspecified vectors.2016-04-154.4CVE-2016-1267
CONFIRM
juniper -- junosThe rpd daemon in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D40, 13.3 before 13.3R6, 14.1 before 14.1R4, and 14.2 before 14.2R2, when configured with BGP-based L2VPN or VPLS, allows remote attackers to cause a denial of service (daemon restart) via a crafted L2VPN family BGP update.2016-04-155.0CVE-2016-1270
CONFIRM
juniper -- junosJuniper Junos OS before 13.2X51-D40, 14.x before 14.1X53-D30, and 15.x before 15.1X53-D20 on QFX5100 and QFX10002 switches do not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic encryption and authentication protection mechanisms via unspecified vectors.2016-04-154.3CVE-2016-1273
CONFIRM
libreswan -- libreswanLibreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform.2016-04-185.0CVE-2016-3071
CONFIRM
FEDORA
FEDORA
CONFIRM
magento -- magentoThe getOrderByStatusUrlKey function in the Mage_Rss_Helper_Order class in app/code/core/Mage/Rss/Helper/Order.php in Magento Enterprise Edition before 1.14.2.3 and Magento Community Edition before 1.9.2.3 allows remote attackers to obtain sensitive order information via the order_id in a JSON object in the data parameter in an RSS feed request to index.php/rss/order/status.2016-04-155.0CVE-2016-2212
CONFIRM
BUGTRAQ
FULLDISC
MISC
MISC
openstack -- tripleo_heat_templatesThe TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.2016-04-155.0CVE-2015-5271
CONFIRM
CONFIRM
CONFIRM
REDHAT
oracle -- peoplesoft_enterprise_human_capital_management_human_resourcesUnspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via vectors related to Fusion HR Talent Integration.2016-04-214.0CVE-2016-0407
CONFIRM
oracle -- peoplesoft_enterprise_peopletoolsUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 through 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to the Activity Guide sub-component.2016-04-214.3CVE-2016-0408
CONFIRM
oracle -- micros_c2Unspecified vulnerability in the Oracle Retail MICROS C2 component in Oracle Retail Applications 9.89.0.0 allows local users to affect confidentiality via vectors related to POS.2016-04-214.6CVE-2016-0469
CONFIRM
oracle -- business_intelligenceUnspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality and integrity via vectors related to Analytics Scorecard.2016-04-215.8CVE-2016-0479
CONFIRM
oracle -- solarisUnspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect integrity via vectors related to the Automated Installer sub-component.2016-04-214.3CVE-2016-0623
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect integrity and availability via vectors related to DML.2016-04-214.9CVE-2016-0640
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect confidentiality and availability via vectors related to MyISAM.2016-04-214.9CVE-2016-0641
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.2016-04-214.3CVE-2016-0642
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect confidentiality via vectors related to DML.2016-04-214.0CVE-2016-0643
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect availability via vectors related to DDL.2016-04-214.0CVE-2016-0644
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect availability via vectors related to DML.2016-04-214.0CVE-2016-0646
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect availability via vectors related to FTS.2016-04-214.0CVE-2016-0647
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect availability via vectors related to PS.2016-04-214.0CVE-2016-0648
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect availability via vectors related to PS.2016-04-214.0CVE-2016-0649
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect availability via vectors related to Replication.2016-04-214.0CVE-2016-0650
CONFIRM
oracle -- flexcube_direct_bankingUnspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.2 and 12.0.3 allows remote attackers to affect confidentiality and integrity via vectors related to Pre-Login.2016-04-215.0CVE-2016-0672
CONFIRM
oracle -- siebel_ui_frameworkUnspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to UIF Open UI.2016-04-214.9CVE-2016-0673
CONFIRM
sierra_wireless -- aleosACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vectors.2016-04-214.3CVE-2015-6479
MISC
squid -- squid_cacheThe FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.2016-04-194.3CVE-2016-2390
CONFIRM
SECTRACK
MLIST
MLIST
CONFIRM
tibco -- enterprise_message_serviceBuffer overflow in tibemsd in the server in TIBCO Enterprise Message Service (EMS) before 8.3.0 and EMS Appliance before 2.4.0 allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via crafted inbound data.2016-04-206.5CVE-2016-3628
CONFIRM
CONFIRM
videolan -- vlc_media_playerBuffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."2016-04-184.3CVE-2016-3941
MLIST
CONFIRM
SECTRACK
xdelta -- xdelta3Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file.2016-04-196.8CVE-2014-9765
CONFIRM
UBUNTU
MLIST
MLIST
DEBIAN
SUSE
SUSE
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- hadoopApache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the file.2016-04-192.1CVE-2015-1776
MLIST
dotcms -- dotcmsCross-site scripting (XSS) vulnerability in lucene_search.jsp in dotCMS before 3.5.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the query parameter to c/portal/layout.2016-04-183.5CVE-2016-3971
FULLDISC
CONFIRM
drupal -- block_classCross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitrary web script or HTML via a class name.2016-04-153.5CVE-2016-3144
MISC
CONFIRM
gnupg -- libgcryptLibgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.2016-04-191.9CVE-2015-7511
MLIST
UBUNTU
DEBIAN
DEBIAN
MISC
ipswitch -- moveit_dmzIpswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading HTML files.2016-04-153.5CVE-2015-7676
MISC
FULLDISC
MISC
novell -- leapopenSUSE and SUSE Linux Enterprise Server 11 SP 1 use weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading files in the directory.2016-04-182.1CVE-2016-4036
CONFIRM
SUSE
oracle -- business_intelligenceUnspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to Analytics Web General.2016-04-213.5CVE-2016-0468
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.2016-04-213.5CVE-2016-0651
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to FTS.2016-04-213.5CVE-2016-0653
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to InnoDB, a different vulnerability than CVE-2016-0656.2016-04-213.5CVE-2016-0654
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows local users to affect availability via vectors related to InnoDB.2016-04-213.5CVE-2016-0655
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to InnoDB, a different vulnerability than CVE-2016-0654.2016-04-213.5CVE-2016-0656
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect confidentiality via vectors related to JSON.2016-04-213.5CVE-2016-0657
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Optimizer.2016-04-213.5CVE-2016-0658
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Optimizer.2016-04-213.5CVE-2016-0659
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Options.2016-04-213.5CVE-2016-0661
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Partition.2016-04-213.5CVE-2016-0662
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Performance Schema.2016-04-213.5CVE-2016-0663
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Security: Encryption.2016-04-213.5CVE-2016-0665
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect availability via vectors related to Security: Privileges.2016-04-213.5CVE-2016-0666
CONFIRM
xen -- xenXen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area.2016-04-152.1CVE-2016-3961
CONFIRM
CONFIRM
SECTRACK
Back to top

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
389_directory_server -- slapd/ connection.cslapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.2016-04-19

Not yet calculated

CVE-2016-0741
CONFIRM
CONFIRM
BID
REDHAT
CONFIRM
accuenergy -- acuvim_ii_net_firmwareThe AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover a cleartext mail-server password via unspecified vectors.2016-04-21

Not yet calculated

CVE-2016-2294
MISC
accuenergy -- acuvim_ii_net_firmwareThe AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL.2016-04-21

Not yet calculated

CVE-2016-2293
MISC
adobe -- analytics_appmeasurementCross-site scripting (XSS) vulnerability in Adobe Analytics AppMeasurement for Flash Library before 4.0.1, when debugTracking is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2016-04-22

Not yet calculated

CVE-2016-1036
CONFIRM
adobe -- flash_playerUse-after-free vulnerability in the TextField object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted text property, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8653, CVE-2015-8655, CVE-2015-8821, and CVE-2015-8822.2016-04-22

Not yet calculated

CVE-2015-8823
CONFIRM
MISC
android -- aosp_mailmail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 supports file:///data attachments, which allows attackers to obtain sensitive information via a crafted application, aka internal bugs 7154234 and 26989185.2016-04-17

Not yet calculated

CVE-2016-2425
CONFIRM
CONFIRM
CONFIRM
android -- framework_componentserver/content/ContentService.java in the Framework component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a GET_ACCOUNTS permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 26094635.2016-04-17

Not yet calculated

CVE-2016-2426
CONFIRM
CONFIRM
android -- mediaserverlibs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for the android.permission.DUMP permission, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via a dump request, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27046057.2016-04-17

Not yet calculated

CVE-2016-2416
CONFIRM
CONFIRM
CONFIRM
android -- mediaservermedia/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize a certain key-request data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26323455.2016-04-17

Not yet calculated

CVE-2016-2419
CONFIRM
CONFIRM
android -- mediaservermedia/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26914474.2016-04-17

Not yet calculated

CVE-2016-2417
CONFIRM
CONFIRM
android -- setup_wizardSetup Wizard in Android 5.1.x before 5.1.1 and 6.x before 2016-04-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26154410.2016-04-17

Not yet calculated

CVE-2016-2421
CONFIRM
android -- syncstorageengineserver/content/SyncStorageEngine.java in SyncStorageEngine in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mismanages certain authority data, which allows attackers to cause a denial of service (reboot loop) via a crafted application, aka internal bug 26513719.2016-04-17

Not yet calculated

CVE-2016-2424
CONFIRM
CONFIRM
android -- telephonyserver/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26303187.2016-04-17

Not yet calculated

CVE-2016-2423
CONFIRM
CONFIRM
android -- wi-fiWi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not prevent use of a Wi-Fi CA certificate in an unrelated CA role, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324357.2016-04-17

Not yet calculated

CVE-2016-2422
CONFIRM
CONFIRM
blackberry_enterprise_server_(bes) -- management_consoleCross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1917.2016-04-22

Not yet calculated

CVE-2016-1918
CONFIRM
blackberry_enterprise_server_(bes) -- management_consoleCross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1918.2016-04-22

Not yet calculated

CVE-2016-1917
CONFIRM
blackberry_enterprise_server_(bes) -- management_consoleCross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.2016-04-22

Not yet calculated

CVE-2016-3126
CONFIRM
blackberry_enterprise_server_(bes) -- management_consoleCross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a certain Export IT screen.2016-04-22

Not yet calculated

CVE-2016-1916
CONFIRM
cairo -- cairo_image_compositor.cThe fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length.2016-04-21

Not yet calculated

CVE-2016-3190
MLIST
CONFIRM
CONFIRM
SUSE
cisco -- adaptive_security_appliance_(asa)The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 allows remote attackers to cause a denial of service (device reload) via crafted DHCPv6 packets, aka Bug ID CSCus23248.2016-04-21

Not yet calculated

CVE-2016-1367
CISCO
cisco -- aireosCisco AireOS 4.1 through 7.4.120.0, 7.5.x, and 7.6.100.0 on Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device reload) via a crafted HTTP request, aka Bug ID CSCun86747.2016-04-21

Not yet calculated

CVE-2016-1362
CISCO
cisco -- iosThe NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 through 3.17 allows remote attackers to modify the system time via crafted packets, aka Bug ID CSCux46898.2016-04-20

Not yet calculated

CVE-2016-1384
CISCO
cisco -- wireless_lan_controller_(wlc)Buffer overflow in the redirection functionality in Cisco Wireless LAN Controller (WLC) Software 7.2 through 7.4 before 7.4.140.0(MD) and 7.5 through 8.0 before 8.0.115.0(ED) allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCus25617.2016-04-21

Not yet calculated

CVE-2016-1363
CISCO
cisco -- wireless_lan_controller_(wlc)Cisco Wireless LAN Controller (WLC) Software 7.4 before 7.4.130.0(MD) and 7.5, 7.6, and 8.0 before 8.0.110.0(ED) allows remote attackers to cause a denial of service (device reload) via crafted Bonjour traffic, aka Bug ID CSCur66908.2016-04-21

Not yet calculated

CVE-2016-1364
CISCO
dotcms -- sql_injectionSQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr.2016-04-19

Not yet calculated

CVE-2016-3688
FULLDISC
FULLDISC
MISC
CONFIRM
ecava -- integraxorCRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.2016-04-21

Not yet calculated

CVE-2016-2303
MISC
ecava -- integraxorCross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.2016-04-21CVE-2016-2305
MISC
ecava -- integraxorEcava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages.2016-04-21

Not yet calculated

CVE-2016-2302
MISC
ecava -- integraxorEcava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.2016-04-21

Not yet calculated

CVE-2016-2304
MISC
ecava -- integraxorecava_ integraxor2016-04-21

Not yet calculated

CVE-2016-2300
MISC
ecava -- integraxorSQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2016-04-21

Not yet calculated

CVE-2016-2299
MISC
ecava -- integraxorSQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.2016-04-21

Not yet calculated

CVE-2016-2301
MISC
ecava -- integraxorThe HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network.2016-04-21

Not yet calculatedNot yet calculated

CVE-2016-2306
MISC
emc -- vipr_srmMultiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators.2016-04-20

Not yet calculated

CVE-2016-0891
BUGTRAQ
foxit -- reader_and_phantompdfFoxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of service (application crash) via a crafted content stream.2016-04-22

Not yet calculated

CVE-2016-4061
CONFIRM
foxit -- reader_and_phantompdfFoxit Reader and PhantomPDF before 7.3.4 on Windows improperly report format errors recursively, which allows remote attackers to cause a denial of service (application hang) via a crafted PDF.2016-04-22

Not yet calculated

CVE-2016-4062
CONFIRM
foxit -- reader_and_phantompdfThe ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted (1) JPEG, (2) GIF, or (3) BMP image.2016-04-22

Not yet calculated

CVE-2016-4065
CONFIRM
MISC
MISC
MISC
foxit -- reader_and_phantompdfUse-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to cause a denial of service (application crash) via unspecified vectors.2016-04-22

Not yet calculated

CVE-2016-4060
CONFIRM
foxit -- reader_and_phantompdfUse-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted FlateDecode stream in a PDF document.2016-04-22

Not yet calculated

CVE-2016-4059
CONFIRM
MISC
foxit -- reader_and_phantompdfUse-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via an object with a revision number of -1 in a PDF document.2016-04-22

Not yet calculated

CVE-2016-4063
CONFIRM
MISC
MISC
foxit -- reader_and_phantompdfUse-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge call.2016-04-22

Not yet calculated

CVE-2016-4064
CONFIRM
MISC
gif2png_optipnggifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file.2016-04-20

Not yet calculated

CVE-2015-7802
CONFIRM
UBUNTU
CONFIRM
giflib -- util/gif2rgb.c_in_gif2rgbHeap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file.2016-04-21

Not yet calculated

CVE-2016-3977
CONFIRM
CONFIRM
CONFIRM
SUSE
MISC
hexchat -- common/server.cThe ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.2016-04-21Not yet calculatedCVE-2013-7449
CONFIRM
CONFIRM
CONFIRM
UBUNTU
CONFIRM
honeywell -- uniformance_process_history_database_(phd)Buffer overflow in RDISERVER in Honeywell Uniformance Process History Database (PHD) R310, R320, and R321 allows remote attackers to cause a denial of service (service outage) via unspecified vectors.2016-04-21

Not yet calculated

CVE-2016-2280
MISC
hpe -- data_protectorHPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352.2016-04-21

Not yet calculated

CVE-2016-2005
HP
hpe -- data_protectorHPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353.2016-04-21

Not yet calculated

CVE-2016-2006
HP
hpe -- data_protectorHPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354.2016-04-21

Not yet calculated

CVE-2016-2007
HP
hpe -- data_protectorHPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors.2016-04-21

Not yet calculated

CVE-2016-2004
CERT-VN
HP
hpe -- data_protectorHPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors.2016-04-21

Not yet calculated

CVE-2016-2008
HP
hpe -- p9000HPE P9000 Command View Advanced Edition Software (CVAE) 7.x and 8.x before 8.4.0-00 and XP7 CVAE 7.x and 8.x before 8.4.0-00 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.2016-04-20

Not yet calculated

CVE-2016-2003
HP
hpe -- verticaThe validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417.2016-04-20

Not yet calculated

CVE-2016-2002
HP
MISC
java -- bouncy_castle_crypto_apisasn1/cms/GCMParameters.java in the Bouncy Castle Crypto APIs 1.54 for Java, as used in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, has an improper AES-GCM-ICVlen value, which makes it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application, aka internal bug 26234568.2016-04-17

Not yet calculated

CVE-2016-2427
CONFIRM
CONFIRM
CONFIRM
lemur -- vehicle_monitors_bluedriverThe Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by leveraging access to a device inside or adjacent to the vehicle, as demonstrated by a CAN command to disrupt braking or steering.2016-04-21

Not yet calculated

CVE-2016-2354
CERT-VN
lexmark -- atlLexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory.2016-04-21

Not yet calculated

CVE-2016-3145
CONFIRM
libav_libavcodec/ituh263dec.cThe ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.2016-04-19

Not yet calculated

CVE-2015-5479
CONFIRM
CONFIRM
MISC
UBUNTU
libtiff -- gif2tiff.cBuffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.2016-04-19

Not yet calculated

CVE-2016-3186
CONFIRM
SECTRACK
SUSE
micro_focus_novell -- service_deskDirectory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.2016-04-22

Not yet calculated

CVE-2016-1593
CONFIRM
MISC
MISC
micro_focus_novell -- service_deskLiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection attacks and obtain sensitive information via the entityName parameter.2016-04-22

Not yet calculated

CVE-2016-1595
CONFIRM
MISC
MISC
micro_focus_novell -- service_deskMicro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a (1) downloadLogFiles or (2) downloadFile action.2016-04-22

Not yet calculated

CVE-2016-1594
CONFIRM
MISC
MISC
micro_focus_novell -- service_deskMultiple cross-site scripting (XSS) vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain (1) user name, (2) tf_aClientFirstName, (3) tf_aClientLastName, (4) ta_selectedTopicContent, (5) tf_orgUnitName, (6) tf_aManufacturerFullName, (7) tf_aManufacturerName, (8) tf_aManufacturerAddress, or (9) tf_aManufacturerCity parameter.2016-04-22

Not yet calculated

CVE-2016-1596
CONFIRM
MISC
MISC
oracle -- berkeley_dbUnspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0682, CVE-2016-0689, CVE-2016-0692, and CVE-2016-0694.2016-04-21

Not yet calculated

CVE-2016-3418
CONFIRM
oracle -- berkeley_dbUnspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0682, CVE-2016-0689, CVE-2016-0692, and CVE-2016-3418.2016-04-21

Not yet calculated

CVE-2016-0694
CONFIRM
oracle -- berkeley_dbUnspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0682, CVE-2016-0689, CVE-2016-0694, and CVE-2016-3418.2016-04-21

Not yet calculated

CVE-2016-0692
CONFIRM
oracle -- berkeley_dbUnspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0682, CVE-2016-0692, CVE-2016-0694, and CVE-2016-3418.2016-04-21

Not yet calculated

CVE-2016-0689
CONFIRM
oracle -- berkeley_dbUnspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0689, CVE-2016-0692, CVE-2016-0694, and CVE-2016-3418.2016-04-21

Not yet calculated

CVE-2016-0682
CONFIRM
oracle -- database_serverUnspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2016-04-21

Not yet calculatedNot yet calculated

CVE-2016-3454
CONFIRM
oracle -- database_serverUnspecified vulnerability in the Oracle OLAP component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unspecified vectors.2016-04-21

Not yet calculated

CVE-2016-0681
CONFIRM
oracle -- database_serverUnspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerability than CVE-2016-0690.2016-04-21

Not yet calculated

CVE-2016-0691
CONFIRM
oracle -- database_serverUnspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerability than CVE-2016-0691.2016-04-21

Not yet calculated

CVE-2016-0690
CONFIRM
oracle -- database_serverUnspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors.2016-04-21

Not yet calculated

CVE-2016-0677
CONFIRM
oracle -- e-business_suiteUnspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows local users to affect confidentiality and integrity via unknown vectors.2016-04-21

Not yet calculated

CVE-2016-0697
CONFIRM
oracle -- e-business_suiteUnspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Logout.2016-04-21

Not yet calculated

CVE-2016-3434
CONFIRM
oracle -- e-business_suiteUnspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to OAF Core.2016-04-21CVE-2016-3447
CONFIRM
oracle -- e-business_suiteUnspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Tasks.2016-04-21

Not yet calculated

CVE-2016-3436
CONFIRM
oracle -- e-business_suiteUnspecified vulnerability in the Oracle CRM Wireless component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Call Phone Number Page.2016-04-21

Not yet calculated

CVE-2016-3439
CONFIRM
oracle -- e-business_suiteUnspecified vulnerability in the Oracle CRM Wireless component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Person Address Page.2016-04-21

Not yet calculated

CVE-2016-3437
CONFIRM
oracle -- e-business_suiteUnspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Wireless.2016-04-21

Not yet calculated

CVE-2016-3466
CONFIRM
oracle -- financial_servicesUnspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.2 and 12.0.3 allows remote attackers to affect confidentiality and integrity via vectors related to the Login sub-component.2016-04-21

Not yet calculated

CVE-2016-0699
CONFIRM
oracle -- financial_services_softwareUnspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.3 allows remote attackers to affect confidentiality and integrity via vectors related to Pre-Login.2016-04-21

Not yet calculated

CVE-2016-3463
CONFIRM
oracle -- financial_services_softwareUnspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.3 allows remote authenticated users to affect confidentiality via vectors related to Accounts.2016-04-21

Not yet calculated

CVE-2016-3464
CONFIRM
oracle -- fusion_middlewareUnspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 12.1.2.0 allows remote attackers to affect confidentiality via vectors related to OSSL Module.2016-04-21

Not yet calculated

CVE-2016-0671
CONFIRM
oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters.2016-04-21

Not yet calculated

CVE-2016-3455
CONFIRM
oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6 allows remote attackers to affect confidentiality and integrity via vectors related to Console.2016-04-21

Not yet calculated

CVE-2016-0696
CONFIRM
oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality and integrity via vectors related to Console.2016-04-21

Not yet calculated

CVE-2016-3416
CONFIRM
oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Console, a different vulnerability than CVE-2016-0675.2016-04-21

Not yet calculated

CVE-2016-0700
CONFIRM
oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Console, a different vulnerability than CVE-2016-0700.2016-04-21

Not yet calculated

CVE-2016-0675
CONFIRM
oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via vectors related to Core Components.2016-04-21

Not yet calculated

CVE-2016-0688
CONFIRM
oracle -- java_seUnspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D.2016-04-21

Not yet calculated

CVE-2016-3422
CONFIRM
oracle -- java_seUnspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.2016-04-21

Not yet calculatedNot yet calculated

CVE-2016-3443
CONFIRM
oracle -- java_seUnspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment.2016-04-21

Not yet calculated

CVE-2016-3449
CONFIRM
oracle -- java_seUnspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization.2016-04-21

Not yet calculated

CVE-2016-0686
CONFIRM
oracle -- java_seUnspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component.2016-04-21

Not yet calculated

CVE-2016-0687
CONFIRM
oracle -- java_seUnspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP.2016-04-21

Not yet calculated

CVE-2016-3425
CONFIRM
oracle -- java_seUnspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.2016-04-21

Not yet calculated

CVE-2016-0695
CONFIRM
oracle -- java_seUnspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.2016-04-21

Not yet calculated

CVE-2016-3427
CONFIRM
oracle -- java_seUnspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE.2016-04-21

Not yet calculated

CVE-2016-3426
CONFIRM
oracle -- mysql_3.0.25Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality, integrity, and availability via vectors related to Monitoring: Server.2016-04-21

Not yet calculated

CVE-2016-3461
CONFIRM
oracle -- mysql_5.6.28Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to InnoDB.2016-04-21

Not yet calculated

CVE-2016-0668
CONFIRM
oracle -- mysql_5.7.10Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to DML.2016-04-21

Not yet calculated

CVE-2016-0652
CONFIRM
oracle -- mysql_5.7.11Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Locking.2016-04-21

Not yet calculated

CVE-2016-0667
CONFIRM
oracle -- peoplesoft_enterprise_peopletoolsUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to PIA Search Functionality.2016-04-21

Not yet calculated

CVE-2016-3417
CONFIRM
oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to ePerformance.2016-04-21

Not yet calculated

CVE-2016-3460
CONFIRM
oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise HCM ePerformance component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to Security.2016-04-21

Not yet calculated

CVE-2016-3457
CONFIRM
oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect availability via vectors related to PIA Core Technology.2016-04-21

Not yet calculated

CVE-2016-3435
CONFIRM
oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to File Processing.2016-04-21

Not yet calculated

CVE-2016-0685
CONFIRM
oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to Portal.2016-04-21CVE-2016-3442
CONFIRM
oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to Rich Text Editor, a different vulnerability than CVE-2016-0698.2016-04-21

Not yet calculated

CVE-2016-3423
CONFIRM
oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to Rich Text Editor, a different vulnerability than CVE-2016-3423.2016-04-21

Not yet calculated

CVE-2016-0698
CONFIRM
oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to Search Framework.2016-04-21

Not yet calculated

CVE-2016-0683
CONFIRM
oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Activity Guide.2016-04-21

Not yet calculated

CVE-2016-3421
CONFIRM
oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect integrity and availability via vectors related to PIA Grids.2016-04-21

Not yet calculated

CVE-2016-0679
CONFIRM
oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to Services Procurement.2016-04-21

Not yet calculated

CVE-2016-0680
CONFIRM
oracle -- retail_applicationsUnspecified vulnerability in the Oracle Retail Xstore Point of Service component in Oracle Retail Applications 5.0, 5.5, 6.0, 6.5, 7.0, and 7.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Xstore Services.2016-04-21

Not yet calculated

CVE-2016-3429
CONFIRM
oracle -- retail_applicat_retail_applicationsUnspecified vulnerability in the Oracle Retail MICROS ARS POS component in Oracle Retail Applications 1.5 allows remote authenticated users to affect confidentiality via vectors related to POS.2016-04-21

Not yet calculated

CVE-2016-0684
CONFIRM
oracle -- siebel_coreUnspecified vulnerability in the Siebel Core - Common Components component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows local users to affect confidentiality and integrity via vectors related to Email.2016-04-21

Not yet calculated

CVE-2016-0674
CONFIRM
oracle -- sun_solarisUnspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to the kernel.2016-04-21

Not yet calculated

CVE-2016-0676
CONFIRM
oracle -- sun_solarisUnspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to Filesystem.2016-04-21

Not yet calculated

CVE-2016-3419
CONFIRM
oracle -- sun_solarisUnspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Filesystem.2016-04-21

Not yet calculated

CVE-2016-3441
CONFIRM
oracle -- sun_solarisUnspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the PAM LDAP module.2016-04-21

Not yet calculated

CVE-2016-0693
CONFIRM
oracle -- sun_solarisUnspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Network Configuration Service.2016-04-21

Not yet calculated

CVE-2016-3462
CONFIRM
oracle -- sun_solarisUnspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to ZFS.2016-04-21

Not yet calculated

CVE-2016-3465
CONFIRM
oracle -- sun_solarisUnspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Fwflash.2016-04-21

Not yet calculated

CVE-2016-0669
CONFIRM
oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect availability via vectors related to Engineering Communication Interface.2016-04-21

Not yet calculated

CVE-2016-3428
CONFIRM
oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.1, 9.3.1.2, 9.3.2, and 9.3.3 allows remote authenticated users to affect confidentiality and integrity via vectors related to Security, a different vulnerability than CVE-2016-3420.2016-04-21

Not yet calculated

CVE-2016-3431
CONFIRM
oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.1, 9.3.1.2, 9.3.2, and 9.3.3 allows remote authenticated users to affect confidentiality and integrity via vectors related to Security, a different vulnerability than CVE-2016-3431.2016-04-21

Not yet calculated

CVE-2016-3420
CONFIRM
oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul component in Oracle Supply Chain Products Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Dialog Box.2016-04-21

Not yet calculated

CVE-2016-3456
CONFIRM
oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to JRAD Heartbeat.2016-04-21

Not yet calculated

CVE-2016-3438
CONFIRM
oracle -- virtualization_virtualboxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vectors related to Core.2016-04-21

Not yet calculated

CVE-2016-0678
CONFIRM
samba -- dce-rpc_layerSamba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors.2016-04-24

Not yet calculated

CVE-2015-5370
CONFIRM
samba -- ldap_client_libraryThe bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.2016-04-24

Not yet calculated

CVE-2016-2112
CONFIRM
samba -- netlogonThe NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.2016-04-24

Not yet calculated

CVE-2016-2111
CONFIRM
samba -- ntlmsspThe NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security.2016-04-24

Not yet calculated

CVE-2016-2110
CONFIRM
samba -- sambaSamba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.2016-04-24

Not yet calculated

CVE-2016-2115
CONFIRM
samba -- smbl_protocol_implementationThe SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream.2016-04-24

Not yet calculated

Not yet calculated

CVE-2016-2114
CONFIRM
samba -- tls_serversSamba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate.2016-04-24

Not yet calculated

CVE-2016-2113
CONFIRM
symantec -- management_agentThe Inventory Solution component in the Management Agent in the client in Symantec Altiris IT Management Suite (ITMS) through 7.6 HF7 allows local users to bypass intended application-blacklist restrictions via unspecified vectors.2016-04-20

Not yet calculated

CVE-2016-2202
CONFIRM
BID
symantec -- messaging_gateway_(smg)_applianceThe management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges.2016-04-22

Not yet calculated

CVE-2016-2203
CONFIRM
BID
symantec -- messaging_gateway_(smg)_applianceThe management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input.2016-04-22

Not yet calculated

CVE-2016-2204
CONFIRM
BID
systemd_ tmpfiles.d/systemd.conftmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file.2016-04-20

Not yet calculated

CVE-2015-8842
CONFIRM
CONFIRM
MLIST
MLIST
SUSE
systemd_tmpfiles.d/systemd.conftmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files.2016-04-20

Not yet calculated

CVE-2014-9770
CONFIRM
MLIST
MLIST
SUSE
wireshark -- epan/dissectors/packet-gsm_cbch.c_in_the_gsm_cbch_dissectorepan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet.2016-04-25

Not yet calculated

CVE-2016-4082
CONFIRM
CONFIRM
CONFIRM
wireshark -- epan/dissectors/packet-iax2.c_in_the_iax2_dissectorepan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.2016-04-25

Not yet calculated

CVE-2016-4081
CONFIRM
CONFIRM
CONFIRM
wireshark -- epan/dissectors/packet-mswsp.c_in_the_ms-wspInteger signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and application crash) via a crafted packet that triggers an unexpected array size.2016-04-25

Not yet calculated

CVE-2016-4084
CONFIRM
CONFIRM
CONFIRM
wireshark -- epan/dissectors/packet-mswsp.c_in_the_ms-wsp_dissectorepan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.2016-04-25

Not yet calculated

CVE-2016-4083
CONFIRM
CONFIRM
CONFIRM
wireshark -- epan/dissectors/packet-ncp2222.incepan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.2016-04-25

Not yet calculated

CVE-2016-4076
CONFIRM
CONFIRM
CONFIRM
wireshark -- epan/dissectors/packet-ncp2222.inc_in_the_ncp_dissectorStack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet.2016-04-25

Not yet calculated

CVE-2016-4085
CONFIRM
CONFIRM
CONFIRM
wireshark -- epan/dissectors/packet-pktc.c_in_the_pktc_dissectorepan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet.2016-04-25

Not yet calculated

CVE-2016-4079
CONFIRM
CONFIRM
CONFIRM
wireshark -- epan/dissectors/packet-pktc.c_in_the_pktc_dissectorepan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.2016-04-25

Not yet calculated

CVE-2016-4080
CONFIRM
CONFIRM
CONFIRM
wireshark -- epan/proto.cepan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet.2016-04-25

Not yet calculated

CVE-2016-4006
CONFIRM
CONFIRM
CONFIRM
wireshark -- epan/reassemble.c_in_tsharkepan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.2016-04-25

Not yet calculated

CVE-2016-4077
CONFIRM
MISC
CONFIRM
CONFIRM
wireshark -- ieee_802.11_dissectorThe IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c.2016-04-25

Not yet calculated

CVE-2016-4078
CONFIRM
CONFIRM
CONFIRM
CONFIRM
Back to top


This product is provided subject to this Notification and this Privacy & Use policy.



04/20/2016 04:05 PM
FTC Releases Alert on Earthquake Disaster Email Scams
Original release date: April 20, 2016

The Federal Trade Commission (FTC) has released an alert on email scams that cite the recent earthquakes in Ecuador and Japan. The scam emails may contain links or attachments that direct users to phishing or malware-infected websites. Donation requests from fraudulent charitable organizations commonly appear after major natural disasters.

US-CERT encourages users to take the following measures to protect themselves:

  • Review the FTC alert and their information on Charity Scams.
  • Do not follow unsolicited web links or attachments in email messages.
  • Keep antivirus and other computer software up-to-date.
  • Check this Better Business Bureau (BBB) list for Ecuador Earthquake Relief before making any donations to this cause.
  • Verify the legitimacy of any email solicitation by contacting the organization directly through a trusted contact number. You can find trusted contact information for many charities on the BBBs National Charity Report Index.
  • Refer to Security Tip ST04-014 Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

This product is provided subject to this Notification and this Privacy & Use policy.





We Specialize In...

Wireless Networking - WiFi

Wireless Network Setup, Access Points, Routers, Antennas, and other devices.

Network Wiring

Coax (RG-6/59), Ethernet Wiring (CAT 3/5/5E/6), Phone Systems, and Structured Wiring

Data Recovery

PC Desktop Harddrives, External Storage, Network Attached Storage(NAS), RAID Array, and Server Hard drives.

Hardware Service

Data Storage Systems, Hard Drive Related, Hardware Repair, Laptop Repair, PC Repiar, Scanner Repair, Server Repair, System Diagnostics, Tape Drives, and other External Media.

Software Services

Accounting Systems, Adware/Spyware Removal, Antivirus Software and Virus Removal, Back Up Software, Communications Software, Contact Management, Database Software, Documentation Creating and Publishing, and Email Software.

Operating Systems

Linux, MS-DOS, Windows NT Workstation and Server, Windows 95, Windows 98, Windows ME, Windows 2000, Windows XP Home and Windows XP Professional.

Printer Repair and Service

All inkjet and laserjet printers, Dot matrix printers, Network Printers, HP, Lexmark, Canon, Brother, Oki-Data, OTC, and many other Printer Manufacturers.

Your One-Stop Solution For..

Virus Scanning and Virus Removal, PC Help, Computer Maintenance, Business Computer/Laptop Repair, Hardware Configuration, Software Configuration, AdWare and Spyware Removal and Immunization, Door-to-Door Pc Repair and Computer Services, Networking, Cabling, Wired and Wireless Network Assistance, Network Diagnostics Service, Components, Modems, Printers, Scanners, Digital Cameras, Data Storage, Data Recovery, Backup and Fail-Safe Disaster Recovery, Cable Modem Internet and DSL Internet Connections and Maintenance, Computer Troubleshooting, Hard Drive backups, Technical Support, End user training, Software Training, Any on-site Computer Need, Computer Tune Ups, Operating System (OS) Installations, On Site Computer Traingin, Laptop/Notebook Service and Repair, Free Upgrading Advice and Computer Upgrades at unbeatable rates.

Legal InformationTechAnywhereComputer Repair MemphisComputer Repair Industry

© 2004-2016 memphiscomputerrepair.com
All rights reserved.