U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

Bulletin (SB16-221)

Vulnerability Summary for the Week of August 1, 2016

Original release date: August 08, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
atlassian -- bambooAtlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization.2016-08-027.5CVE-2016-5229
MISC
BUGTRAQ
BID
CONFIRM
CONFIRM
citrix -- xenserverThe PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.2016-08-027.2CVE-2016-6258
CONFIRM
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
crestron -- airmedia_am-100_firmwareDirectory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the ATE_COMMAND parameter.2016-08-0210.0CVE-2016-5640
CERT-VN
MISC
crestron -- dm-txrx-100-str_firmwareCrestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to a page other than index.html.2016-08-027.5CVE-2016-5667
CERT-VN
crestron -- dm-txrx-100-str_firmwareCrestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call.2016-08-027.5CVE-2016-5668
CERT-VN
crestron -- dm-txrx-100-str_firmwareCrestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface.2016-08-0210.0CVE-2016-5670
CERT-VN
ec-cube -- coupon_pluginSQL injection vulnerability in the Seed Coupon plugin before 1.6 for EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2016-07-317.5CVE-2016-4837
JVN
JVNDB
CONFIRM
hp -- operations_managerThe AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.2016-07-317.5CVE-2016-4373
CONFIRM
huawei -- cloudengine_12800_firmwareHuawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with software before V800R007SPH019; NE5000E devices with software before V800R006SPH018; and CloudEngine devices 12800 with software before V100R003SPH010 and V100R005 before V100R005SPH006 allow remote attackers with control plane access to cause a denial of service or execute arbitrary code via a crafted packet.2016-08-027.5CVE-2016-6178
CONFIRM
BID
huawei -- p8_smartphone_firmwareBuffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6193.2016-08-029.3CVE-2016-6192
CONFIRM
BID
huawei -- p8_smartphone_firmwareBuffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6192.2016-08-029.3CVE-2016-6193
CONFIRM
BID
mozilla -- firefoxUse-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by leveraging keyboard access to use the Alt key during selection of top-level menu items.2016-08-047.5CVE-2016-5254
CONFIRM
CONFIRM
mozilla -- firefoxInteger overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering.2016-08-047.5CVE-2016-5261
CONFIRM
CONFIRM
novell -- filrvaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer parameter.2016-07-319.0CVE-2016-1608
BUGTRAQ
CONFIRM
CONFIRM
CONFIRM
novell -- filrNovell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's content with arbitrary shell commands.2016-07-317.2CVE-2016-1611
BUGTRAQ
CONFIRM
paloaltonetworks -- pan-osPalo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper sanitization of the root_reboot local invocation.2016-08-027.2CVE-2016-1712
CONFIRM
SECTRACK
perl -- perl(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.2016-08-027.2CVE-2016-1238
CONFIRM
DEBIAN
MLIST
BID
SECTRACK
CONFIRM
pulsesecure -- odyssey_access_clientAn unspecified client-side component in Pulse Secure Desktop Client before 5.0r15.1, 5.1rX before 5.1r9.1, and 5.2rX before 5.2r4.1; Installer Service (formerly Juniper Installer Service) and Collaboration (formerly Secure Meeting) before 8.0r15.1, 8.1rX before 8.1r9.1, and 8.2rX before 8.2r4.1; and Odyssey Access Client before 5.6r18 on Windows allows local users to gain administrative privileges via unknown vectors.2016-08-027.2CVE-2016-2408
CONFIRM
redhat -- jboss_operations_networkThe server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization.2016-08-029.0CVE-2016-3737
REDHAT
CONFIRM
sap -- trexDirectory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.2016-08-0510.0CVE-2016-6138
MISC
BID
MISC
MISC
MISC
sap -- trexSAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.2016-08-057.6CVE-2016-6139
BID
MISC
MISC
sap -- trexSAP TREX 7.10 Revision 63 allows remote attackers to write to arbitrary files via vectors related to RFC-Gateway, aka SAP Security Note 2203591.2016-08-057.6CVE-2016-6140
BID
MISC
MISC
sap -- trexAn unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226.2016-08-0510.0CVE-2016-6147
BID
MISC
MISC
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- openofficeThe Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP file.2016-08-056.8CVE-2016-1513
CONFIRM
BID
MISC
MISC
apache -- poiThe XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.2016-08-054.3CVE-2016-5000
BUGTRAQ
MLIST
cisca -- email_security_applianceCisco AsyncOS on Email Security Appliance (ESA) devices through 9.7.0-125 allows remote attackers to bypass malware detection via a crafted attachment in an e-mail message, aka Bug ID CSCuz14932.2016-07-315.0CVE-2016-1461
CISCO
citrix -- xenserverXen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.2016-08-024.9CVE-2016-6259
CONFIRM
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
crestron -- airmedia_am-100_firmwareDirectory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter.2016-08-025.0CVE-2016-5639
CERT-VN
MISC
crestron -- dm-txrx-100-str_firmwareCrestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of objresp.authenabled to 1.2016-08-025.0CVE-2016-5666
CERT-VN
crestron -- dm-txrx-100-str_firmwareCrestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attacks against HTTPS sessions by leveraging the certificate's trust relationship.2016-08-025.0CVE-2016-5669
CERT-VN
crestron -- dm-txrx-100-str_firmwareMultiple cross-site request forgery (CSRF) vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of arbitrary users.2016-08-026.8CVE-2016-5671
CERT-VN
djangoproject -- djangoCross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.2016-08-054.3CVE-2016-6186
MISC
FULLDISC
DEBIAN
BUGTRAQ
SECTRACK
UBUNTU
MISC
CONFIRM
CONFIRM
CONFIRM
google -- chromeInteger overflow in the kbasep_vinstr_attach_client function in midgard/mali_kbase_vinstr.c in Google Chrome before 52.0.2743.85 allows remote attackers to cause a denial of service (heap-based buffer overflow and use-after-free) by leveraging an unrestricted multiplication.2016-07-316.8CVE-2016-5138
CONFIRM
CONFIRM
MISC
intel -- crosswalkIntel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for man-in-the-middle attackers to spoof SSL servers and obtain sensitive information via a crafted certificate.2016-07-315.8CVE-2016-5672
CERT-VN
CONFIRM
MISC
MLIST
MISC
kde -- karchivesDirectory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.2016-08-025.0CVE-2016-6232
MLIST
MLIST
UBUNTU
CONFIRM
CONFIRM
mit -- kerberosThe validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.2016-07-314.0CVE-2016-3120
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefoxMozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses.2016-08-044.3CVE-2016-2830
CONFIRM
CONFIRM
mozilla -- firefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.2016-08-046.8CVE-2016-2835
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors.2016-08-046.8CVE-2016-2836
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefoxHeap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass.2016-08-046.8CVE-2016-2837
CONFIRM
CONFIRM
mozilla -- firefoxHeap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document.2016-08-046.8CVE-2016-2838
CONFIRM
CONFIRM
mozilla -- firefoxMozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video.2016-08-044.3CVE-2016-2839
CONFIRM
CONFIRM
mozilla -- firefoxMozilla Firefox before 48.0 allows remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.2016-08-045.0CVE-2016-5250
CONFIRM
CONFIRM
mozilla -- firefoxMozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL.2016-08-044.3CVE-2016-5251
CONFIRM
CONFIRM
mozilla -- firefoxStack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations.2016-08-046.8CVE-2016-5252
CONFIRM
CONFIRM
mozilla -- firefoxThe Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link.2016-08-044.7CVE-2016-5253
CONFIRM
CONFIRM
mozilla -- firefoxUse-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.2016-08-046.8CVE-2016-5255
CONFIRM
CONFIRM
mozilla -- firefoxUse-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session.2016-08-046.8CVE-2016-5258
CONFIRM
CONFIRM
mozilla -- firefoxUse-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop.2016-08-046.8CVE-2016-5259
CONFIRM
CONFIRM
mozilla -- firefoxMozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which might allow attackers to discover cleartext passwords by reading a session restoration file.2016-08-044.3CVE-2016-5260
CONFIRM
CONFIRM
mozilla -- firefoxMozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.2016-08-044.3CVE-2016-5262
CONFIRM
CONFIRM
mozilla -- firefoxThe nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion."2016-08-046.8CVE-2016-5263
CONFIRM
CONFIRM
mozilla -- firefoxUse-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application.2016-08-046.8CVE-2016-5264
CONFIRM
CONFIRM
mozilla -- firefoxMozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same local directory.2016-08-044.0CVE-2016-5265
CONFIRM
CONFIRM
mozilla -- firefoxMozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site.2016-08-045.8CVE-2016-5266
CONFIRM
CONFIRM
mozilla -- firefoxMozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set.2016-08-044.3CVE-2016-5267
CONFIRM
CONFIRM
mozilla -- firefoxMozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to conduct spoofing attacks via a crafted URL, as demonstrated by misleading text after an about:neterror?d= substring.2016-08-044.3CVE-2016-5268
CONFIRM
CONFIRM
netiq -- sentinelDirectory traversal vulnerability in the ReportViewServlet servlet in the server in NetIQ Sentinel 7.4.x before 7.4.2 allows remote attackers to read arbitrary files via a PREVIEW value for the fileType field.2016-07-316.8CVE-2016-1605
MISC
CONFIRM
nofollow_links_project -- nofollow_linksCross-site scripting (XSS) vulnerability in the Nofollow Links plugin before 1.0.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2016-08-024.3CVE-2016-4833
JVN
JVNDB
CONFIRM
novell -- filrMultiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request.2016-07-316.5CVE-2016-1607
BUGTRAQ
CONFIRM
CONFIRM
novell -- filrDirectory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access restrictions and write to arbitrary files via a .. (dot dot) in a blob name.2016-07-315.0CVE-2016-1610
BUGTRAQ
CONFIRM
CONFIRM
CONFIRM
openssl -- opensslThe TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.2016-07-315.0CVE-2016-2180
CONFIRM
CONFIRM
perl -- perlThe XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.2016-08-024.6CVE-2016-6185
CONFIRM
DEBIAN
MLIST
MLIST
SECTRACK
FEDORA
FEDORA
FEDORA
CONFIRM
qemu -- qemuThe virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.2016-08-024.9CVE-2016-5403
CONFIRM
CONFIRM
redhat -- network_satelliteCross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via the (1) RHNMD User or (2) Filesystem parameters, related to display of monitoring probes.2016-08-054.3CVE-2016-3080
REDHAT
CONFIRM
redhat -- network_satelliteCross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data.2016-08-054.3CVE-2016-3097
REDHAT
CONFIRM
redhat -- openshiftThe API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list.2016-08-056.8CVE-2016-5392
BID
REDHAT
CONFIRM
sap -- hanaThe SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the password_lock_for_system_user is not supported or is configured as "False," which makes it easier for remote attackers to bypass authentication via a brute force attack, aka SAP Security Note 2216869.2016-08-054.3CVE-2016-6144
BID
MISC
MISC
sap -- hanaSAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 2233136.2016-08-055.0CVE-2016-6148
BID
MISC
MISC
vtiger -- crmmodules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors.2016-07-315.5CVE-2016-4834
CONFIRM
JVN
JVNDB
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
dell -- km714_firmwareThe firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack."2016-08-023.3CVE-2016-6257
MISC
CONFIRM
MISC
fortinet -- fortianalyzer_firmwareCross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.2.6 and FortiManager 5.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section.2016-08-053.5CVE-2016-3196
CONFIRM
novell -- filrMultiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input, as demonstrated by a crafted attribute of an IMG element in the phone field of a user profile.2016-07-313.5CVE-2016-1609
BUGTRAQ
CONFIRM
CONFIRM
CONFIRM
openshift -- originopenshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal.2016-08-051.9CVE-2015-8945
MLIST
MLIST
BID
CONFIRM
Back to top

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- activemqThe administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue.2016-08-05

Not yet calculated

CVE-2016-0782
CONFIRM
MISC
BUGTRAQ
CONFIRM
dashbuilder -- sql_injectionSQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI.2016-08-05

Not yet calculated

CVE-2016-4999
BID
REDHAT
REDHAT
CONFIRM
CONFIRM
CONFIRM
google -- androidInteger overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and Qualcomm internal bug CR792367.2016-08-06

Not yet calculated

CVE-2015-8940
CONFIRM
CONFIRM
google -- androiddrivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal bug 28767589 and Qualcomm internal bug CR483310.2016-08-06Not yet calculatedCVE-2014-9875
CONFIRM
CONFIRM
google -- androidInteger overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28769912 and Qualcomm internal bug CR565160.2016-08-06

Not yet calculated

CVE-2014-9883
CONFIRM
CONFIRM
google -- androiddrivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749629 and Qualcomm internal bug CR514702.2016-08-06Not yet calculatedCVE-2014-9867
CONFIRM
CONFIRM
google -- androiddrivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28748271 and Qualcomm internal bug CR550013.2016-08-06Not yet calculatedCVE-2014-9865
CONFIRM
CONFIRM
google -- androiddrivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749728 and Qualcomm internal bug CR514711.2016-08-06Not yet calculatedCVE-2014-9869
CONFIRM
CONFIRM
CONFIRM
google -- androiddrivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747998 and Qualcomm internal bug CR561841.2016-08-06Not yet calculatedCVE-2014-9864
CONFIRM
CONFIRM
google -- androiddrivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769920 and Qualcomm internal bug CR580740.2016-08-06

Not yet calculated

CVE-2014-9884
CONFIRM
CONFIRM
google -- androiddrivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747684 and Qualcomm internal bug CR511358.2016-08-06Not yet calculatedCVE-2014-9866
CONFIRM
CONFIRM
google -- androidFormat string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug 28769959 and Qualcomm internal bug CR562261.2016-08-06

Not yet calculated

CVE-2014-9885
CONFIRM
CONFIRM
google -- androidThe mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221 and Qualcomm internal bug CR524490.2016-08-06Not yet calculatedCVE-2014-9879
CONFIRM
CONFIRM
google -- androiddrivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769352 and Qualcomm internal bug CR556356.2016-08-06Not yet calculatedCVE-2014-9880
CONFIRM
CONFIRM
google -- androidomx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the buffer port, which allows attackers to gain privileges via a crafted application, aka internal bug 28816827.2016-08-05

Not yet calculated

CVE-2016-3824
CONFIRM
CONFIRM
google -- androiddrivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769208 and Qualcomm internal bug CR547479.2016-08-06Not yet calculatedCVE-2014-9878
CONFIRM
CONFIRM
google -- androiddrivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28768281 and Qualcomm internal bug CR547231.2016-08-06Not yet calculatedCVE-2014-9877
CONFIRM
CONFIRM
google -- androidarch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815575 and Qualcomm internal bug CR555030.2016-08-06

Not yet calculated

CVE-2014-9886
CONFIRM
CONFIRM
google -- androidBuffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546 and Qualcomm internal bug CR552329.2016-08-06

Not yet calculated

CVE-2014-9882
CONFIRM
CONFIRM
CONFIRM
google -- androiddrivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application, aka Android internal bug 28769368 and Qualcomm internal bug CR539008.2016-08-06Not yet calculatedCVE-2014-9881
CONFIRM
CONFIRM
google -- androidBuffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mach-msm/qdsp6v2/audio_utils.c and sound/soc/msm/qdsp6v2/q6asm.c, aka Android internal bug 28751152 and Qualcomm internal bug CR563086.2016-08-06Not yet calculatedCVE-2014-9874
CONFIRM
CONFIRM
google -- androidInteger underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm internal bug CR556860.2016-08-06Not yet calculatedCVE-2014-9873
CONFIRM
CONFIRM
google -- androiddrivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28398884 and Qualcomm internal bug CR779021.2016-08-06

Not yet calculated

CVE-2015-8939
CONFIRM
CONFIRM
google -- androiddrivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28767593 and Qualcomm internal bug CR551795.2016-08-06

Not yet calculated

CVE-2014-9896
CONFIRM
CONFIRM
google -- androiddrivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803962 and Qualcomm internal bug CR770548.2016-08-06

Not yet calculated

CVE-2015-8937
CONFIRM
CONFIRM
google -- androiddrivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28747914 and Qualcomm internal bug CR542223.2016-08-06

Not yet calculated

CVE-2014-9893
CONFIRM
CONFIRM
google -- androiddrivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803645 and Qualcomm internal bug CR674712.2016-08-06

Not yet calculated

CVE-2014-9889
CONFIRM
CONFIRM
google -- androiddrivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\0' character, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28749708 and Qualcomm internal bug CR545736.2016-08-06

Not yet calculated

CVE-2014-9894
CONFIRM
CONFIRM
google -- androiddrivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted application that makes an ioctl call, aka Android internal bug 28749283 and Qualcomm internal bug CR550061.2016-08-06

Not yet calculated

CVE-2014-9891
CONFIRM
CONFIRM
google -- androidOff-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that sends an I2C command, aka Android internal bug 28770207 and Qualcomm internal bug CR529177.2016-08-06

Not yet calculated

CVE-2014-9890
CONFIRM
CONFIRM
google -- androidThe MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804030 and Qualcomm internal bug CR766022.2016-08-06

Not yet calculated

CVE-2015-8938
CONFIRM
CONFIRM
google -- androidBuffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management frame, aka Android internal bug 28668638 and Qualcomm internal bugs CR553937 and CR553941.2016-08-05

Not yet calculated

CVE-2014-9902
CONFIRM
CONFIRM
google -- androiddrivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804057 and Qualcomm internal bug CR636633.2016-08-06

Not yet calculated

CVE-2014-9887
CONFIRM
CONFIRM
google -- androidMultiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28749803 and Qualcomm internal bug CR514717.2016-08-06Not yet calculatedCVE-2014-9871
CONFIRM
CONFIRM
google -- androidThe diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28750155 and Qualcomm internal bug CR590721.2016-08-06Not yet calculatedCVE-2014-9872
CONFIRM
CONFIRM
google -- androiddrivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28767796 and Qualcomm internal bug CR483408.2016-08-06Not yet calculatedCVE-2014-9876
CONFIRM
CONFIRM
google -- androiddrivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28803909 and Qualcomm internal bug CR547910.2016-08-06

Not yet calculated

CVE-2014-9899
CONFIRM
CONFIRM
google -- androidThe Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android internal bug 28670333 and Qualcomm internal bug CR548711.2016-08-05

Not yet calculated

CVE-2014-9901
CONFIRM
CONFIRM
google -- androidsound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28769856 and Qualcomm internal bug CR563752.2016-08-06

Not yet calculated

CVE-2014-9897
CONFIRM
CONFIRM
google -- androidarch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28814690 and Qualcomm internal bug CR554575.2016-08-06

Not yet calculated

CVE-2014-9898
CONFIRM
CONFIRM
google -- androiddrivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814502 and Qualcomm internal bug CR792473.2016-08-06

Not yet calculated

CVE-2015-8941
CONFIRM
CONFIRM
google -- androiddrivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted mask value, aka Android internal bug 28749721 and Qualcomm internal bug CR511976.2016-08-06Not yet calculatedCVE-2014-9868
CONFIRM
CONFIRM
google -- androiddrivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814652 and Qualcomm internal bug CR803246.2016-08-06

Not yet calculated

CVE-2015-8942
CONFIRM
CONFIRM
google -- androiddrivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815158 and Qualcomm internal bugs CR794217 and CR836226.2016-08-06

Not yet calculated

CVE-2015-8943
CONFIRM
CONFIRM
google -- androidservices/core/java/com/android/server/pm/PackageManagerService.java in the framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to increase intent-filter priority via a crafted application, aka internal bug 27450489.2016-08-05

Not yet calculated

CVE-2016-2497
CONFIRM
CONFIRM
google -- androidexif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315.2016-08-05

Not yet calculated

CVE-2016-3822
CONFIRM
CONFIRM
google -- androidThe Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Qualcomm internal bug CR1002974.2016-08-05

Not yet calculated

CVE-2016-2504
CONFIRM
google -- androidInteger overflow in codecs/on2/h264dec/source/h264bsd_dpb.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28533562.2016-08-05

Not yet calculated

CVE-2016-3819
CONFIRM
CONFIRM
google -- androidThe ih264d decoder in mediaserver in Android 6.x before 2016-08-01 mishandles slice numbers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28673410.2016-08-05

Not yet calculated

CVE-2016-3820
CONFIRM
CONFIRM
google -- androidlibmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference or memory corruption) via a crafted media file, aka internal bug 28166152.2016-08-05

Not yet calculated

CVE-2016-3821
CONFIRM
CONFIRM
google -- androidThe secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 28920116.2016-08-05

Not yet calculated

CVE-2016-3835
CONFIRM
CONFIRM
google -- androidThe telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device crash) via a NITZ time value of 2038-01-19 or later that is mishandled by the system clock, aka internal bug 29083635, related to a "Year 2038 problem."2016-08-05

Not yet calculated

CVE-2016-3831
CONFIRM
CONFIRM
google -- androidInteger underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug CR549470.2016-08-06Not yet calculatedCVE-2014-9863
CONFIRM
CONFIRM
google -- androidcodecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28816956.2016-08-05

Not yet calculated

CVE-2016-3827
CONFIRM
CONFIRM
google -- androidThe ih264d decoder in mediaserver in Android 6.x before 2016-08-01 does not initialize certain structure members, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29023649.2016-08-05

Not yet calculated

CVE-2016-3829
CONFIRM
CONFIRM
google -- androidmediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28299517.2016-08-05

Not yet calculated

CVE-2016-3844
CONFIRM
google -- androidservices/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the reply size for an AudioFlinger effect command, which allows attackers to gain privileges via a crafted application, aka internal bug 29251553.2016-08-05

Not yet calculated

CVE-2016-3826
CONFIRM
CONFIRM
google -- androidcodecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device hang or reboot) via crafted ADTS data, aka internal bug 29153599.2016-08-05

Not yet calculated

CVE-2016-3830
CONFIRM
CONFIRM
google -- androidThe Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka internal bug 29189712.2016-08-05

Not yet calculated

CVE-2016-3833
CONFIRM
CONFIRM
CONFIRM
google -- androidThe camera APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allow attackers to bypass intended access restrictions and obtain sensitive information about ANW buffer addresses via a crafted application, aka internal bug 28466701.2016-08-05

Not yet calculated

CVE-2016-3834
CONFIRM
CONFIRM
google -- androidThe framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows attackers to bypass an unspecified protection mechanism via a crafted application, aka internal bug 28795098.2016-08-05

Not yet calculated

CVE-2016-3832
CONFIRM
CONFIRM
google -- androidThe secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to gain privileges via a crafted application, aka internal bug 28815329.2016-08-05

Not yet calculated

CVE-2016-3823
CONFIRM
CONFIRM
google -- androiddecoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS NAL units, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28835995.2016-08-05

Not yet calculated

CVE-2016-3828
CONFIRM
CONFIRM
google -- androidAndroid 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of locked-screen 911 functionality) via a crafted application that uses the app-pinning feature, aka internal bug 28761672.2016-08-05

Not yet calculated

CVE-2016-3838
CONFIRM
CONFIRM
google -- androidBluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of Bluetooth 911 functionality) via a crafted application that sends a signal to a Bluetooth process, aka internal bug 28885210.2016-08-05

Not yet calculated

CVE-2016-3839
CONFIRM
CONFIRM
google -- androidThe NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28871433.2016-08-05

Not yet calculated

CVE-2016-3847
CONFIRM
google -- androidservice/jni/com_android_server_wifi_WifiNative.cpp in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application that provides a MAC address with too few characters, aka internal bug 28164077.2016-08-05

Not yet calculated

CVE-2016-3837
CONFIRM
CONFIRM
google -- androidConscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153.2016-08-05

Not yet calculated

CVE-2016-3840
CONFIRM
CONFIRM
google -- androidThe SurfaceFlinger service in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application, related to lack of a default constructor in include/ui/FrameStats.h, aka internal bug 28592402.2016-08-05

Not yet calculated

CVE-2016-3836
CONFIRM
CONFIRM
google -- androidThe video driver in the kernel in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application, aka internal bug 28399876.2016-08-05

Not yet calculated

CVE-2016-3845
CONFIRM
google -- androidThe Serial Peripheral Interface driver in Android before 2016-08-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28817378.2016-08-05

Not yet calculated

CVE-2016-3846
CONFIRM
google -- androidThe NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28919417.2016-08-05

Not yet calculated

CVE-2016-3848
CONFIRM
google -- androidThe Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28377352 and Qualcomm internal bug CR1002974.2016-08-05

Not yet calculated

CVE-2016-3842
CONFIRM
google -- androidThe MediaTek Wi-Fi driver in Android before 2016-08-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29141147 and MediaTek internal bug ALPS02751738.2016-08-05

Not yet calculated

CVE-2016-3852
CONFIRM
google -- androidInteger overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted header field in a boot image, aka Android internal bug 27917291 and Qualcomm internal bug CR945164.2016-08-05

Not yet calculated

CVE-2016-3850
CONFIRM
CONFIRM
google -- androidThe LG Electronics bootloader Android before 2016-08-05 on Nexus 5X devices allows attackers to gain privileges by leveraging access to a privileged process, aka internal bug 29189941.2016-08-05

Not yet calculated

CVE-2016-3851
CONFIRM
google -- androiddrivers/thermal/supply_lm_core.c in the Qualcomm components in Android before 2016-08-05 does not validate a certain count parameter, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR990824.2016-08-06

Not yet calculated

CVE-2016-3855
CONFIRM
CONFIRM
google -- androidThe ION driver in Android before 2016-08-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28939740.2016-08-05

Not yet calculated

CVE-2016-3849
CONFIRM
google -- androidnetd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR959631.2016-08-06

Not yet calculated

CVE-2016-3856
CONFIRM
CONFIRM
CONFIRM
google -- androidGoogle Play services in Android before 2016-08-05 on Nexus devices allow local users to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26803208.2016-08-05

Not yet calculated

CVE-2016-3853
CONFIRM
google -- androidThe kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518.2016-08-05

Not yet calculated

CVE-2016-3857
CONFIRM
google -- androiddrivers/media/video/msm/msm_mctl_buf.c in the Qualcomm components in Android before 2016-08-05 does not validate the image mode, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR897326.2016-08-06

Not yet calculated

CVE-2016-3854
CONFIRM
CONFIRM
google -- androidmm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allocates an incorrect amount of memory, which allows attackers to gain privileges via a crafted application, aka internal bug 28816964.2016-08-05

Not yet calculated

CVE-2016-3825
CONFIRM
CONFIRM
google -- androidAndroid before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071.2016-08-05

Not yet calculated

CVE-2016-3843
CONFIRM

huawei -- ips_module

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.2016-08-04

Not yet calculated

CVE-2016-6300
juniper -- junos_osJuniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to "safe mode" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the "request system software" command with the "partition" option.2016-08-05

Not yet calculated

CVE-2016-1278
CONFIRM
BID
SECTRACK
juniper -- junos_osJuniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D23, 12.3X48 before 12.3X48-D25, and 15.1X49 before 15.1X49-D40 on a High-End SRX-Series chassis system with one or more Application Layer Gateways (ALGs) enabled allow remote attackers to cause a denial of service (CPU consumption, fab link failure, or flip-flop failovers) via vectors related to in-transit traffic matching ALG rules.2016-08-05

Not yet calculated

CVE-2016-1276
CONFIRM
SECTRACK
linux -- kernelarch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite loop) by making a H_CEDE hypercall during the existence of a suspended transaction.2016-08-06

Not yet calculated

CVE-2016-5412
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
CONFIRM
linux -- kernelThe Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal bug 28749743 and Qualcomm internal bug CR561044.2016-08-06Not yet calculatedCVE-2014-9870
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux -- kerneldrivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28750150 and Qualcomm internal bug CR570757, a different vulnerability than CVE-2014-1739.2016-08-06

Not yet calculated

CVE-2014-9895
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux -- kernelThe trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move.2016-08-06

Not yet calculated

CVE-2016-3070
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux -- kernelThe ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information by reading this file, aka Android internal bug 28814213 and Qualcomm internal bug CR786116. NOTE: the permissions may be intentional in most non-Android contexts.2016-08-06

Not yet calculated

CVE-2015-8944
CONFIRM
MLIST
CONFIRM
linux -- kernelMemory leak in the airspy_probe function in drivers/media/usb/airspy/airspy.c in the airspy USB driver in the Linux kernel before 4.7 allows local users to cause a denial of service (memory consumption) via a crafted USB device that emulates many VFL_TYPE_SDR or VFL_TYPE_SUBDEV devices and performs many connect and disconnect operations.2016-08-06

Not yet calculated

CVE-2016-5400
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- kernelarch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted application, aka Android internal bug 28803642 and Qualcomm internal bug CR642735.2016-08-06

Not yet calculated

CVE-2014-9888
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux -- kernelThe ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754.2016-08-06

Not yet calculated

CVE-2014-9900
CONFIRM
CONFIRM
linux -- kernelThe snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.2016-08-06

Not yet calculated

CVE-2014-9892
CONFIRM
CONFIRM
linux -- kernelRace condition in the ioctl_file_dedupe_range function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (heap-based buffer overflow) or possibly gain privileges by changing a certain count value, aka a "double fetch" vulnerability.2016-08-06

Not yet calculated

CVE-2016-6516
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- kernelnet/core/skbuff.c in the Linux kernel 4.7-rc6 allows local users to cause a denial of service (panic) or possibly have unspecified other impact via certain IPv6 socket operations.2016-08-06

Not yet calculated

CVE-2016-6162
MLIST
CONFIRM
linux -- kernelThe IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.2016-08-06

Not yet calculated

CVE-2016-3841
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux -- kernelRace condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a "double fetch" vulnerability.2016-08-06

Not yet calculated

CVE-2016-6156
CONFIRM
BUGTRAQ
MISC
CONFIRM
CONFIRM
linux -- kernelRace condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability.2016-08-06

Not yet calculated

CVE-2016-6136
CONFIRM
BUGTRAQ
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux -- kernelfs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink.2016-08-06

Not yet calculated

CVE-2016-6197
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- kernelThe apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 4.6.5 does not validate the buffer size, which allows local users to gain privileges by triggering an AppArmor setprocattr hook.2016-08-06

Not yet calculated

CVE-2016-6187
CONFIRM
MLIST
CONFIRM
MLIST
CONFIRM
CONFIRM
linux -- kernelRace condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability.2016-08-06

Not yet calculated

CVE-2016-6480
BUGTRAQ
CONFIRM
linux -- kernelnet/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack.2016-08-06

Not yet calculated

CVE-2016-5696
CONFIRM
MLIST
MISC
CONFIRM
CONFIRM
linux -- kernelThe filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c.2016-08-06

Not yet calculated

CVE-2016-6198
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
CONFIRM
sap -- extended_application_servicesThe Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905.2016-08-05

Not yet calculated

CVE-2016-3640
BID
MISC
MISC
MISC
sap -- hanaSAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging the EXPORT statement to export files, aka SAP Security Note 2252941.2016-08-05

Not yet calculated

CVE-2016-6149
BID
MISC
MISC
sap -- hanaThe SQL interface in SAP HANA provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailed_error_on_connect option is not supported or is configured as "False," which allows remote attackers to enumerate database users via a series of login attempts, aka SAP Security Note 2216869.2016-08-05

Not yet calculated

CVE-2016-6145
MISC
MISC
sap -- hanaThe multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550.2016-08-05

Not yet calculated

CVE-2016-6150
BID
MISC
MISC
wireshark -- corba_idl_dissectorsThe CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.2016-08-06

Not yet calculated

CVE-2016-6503
MLIST
CONFIRM
CONFIRM
CONFIRM
wireshark -- epan_proto.cepan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large loop) via a crafted packet.2016-08-06

Not yet calculated

CVE-2016-6511
MLIST
CONFIRM
CONFIRM
CONFIRM
wireshark -- ldss_dissectorsepan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 mishandles conversations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.2016-08-06

Not yet calculated

CVE-2016-6509
MLIST
CONFIRM
CONFIRM
CONFIRM
wireshark -- mmse_dissectorsepan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.2016-08-06

Not yet calculated

CVE-2016-6507
MLIST
CONFIRM
CONFIRM
CONFIRM
wireshark -- nds_dissectorsepan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.2016-08-06

Not yet calculated

CVE-2016-6504
MLIST
CONFIRM
CONFIRM
CONFIRM
wireshark -- packetbb_dissectorsepan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.2016-08-06

Not yet calculated

CVE-2016-6505
MLIST
CONFIRM
CONFIRM
CONFIRM
wireshark -- rlc_dissectorsOff-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.2016-08-06

Not yet calculated

CVE-2016-6510
MLIST
CONFIRM
CONFIRM
CONFIRM
wireshark -- rlc_dissectorsepan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet.2016-08-06

Not yet calculated

CVE-2016-6508
MLIST
CONFIRM
CONFIRM
CONFIRM
wireshark -- tvb_get_guintvarepan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors.2016-08-06

Not yet calculated

CVE-2016-6512
MLIST
CONFIRM
CONFIRM
CONFIRM
wireshark -- wbxml_dissectorepan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.2016-08-06

Not yet calculated

CVE-2016-6513
MLIST
CONFIRM
CONFIRM
CONFIRM
wireshark -- wsp_dissectorsepan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.2016-08-06

Not yet calculated

CVE-2016-6506
MLIST
CONFIRM
CONFIRM
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top