SB16-109: Vulnerability Summary for the Week of April 11, 2016

By Newsroom America Feeds at 18 Apr 2016

Original release date: April 18, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- flash_playerUse-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1013, CVE-2016-1016, CVE-2016-1017, and CVE-2016-1031.2016-04-0810.0CVE-2016-1011
CONFIRMadobe -- flash_playerAdobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.2016-04-0810.0CVE-2016-1012
CONFIRMadobe -- flash_playerUse-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1016, CVE-2016-1017, and CVE-2016-1031.2016-04-0810.0CVE-2016-1013
CONFIRMadobe -- flash_playerUntrusted search path vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows local users to gain privileges via a Trojan horse resource in an unspecified directory.2016-04-087.2CVE-2016-1014
CONFIRMadobe -- flash_playerUse-after-free vulnerability in the Transform object implementation in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via a flash.geom.Matrix callback, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1017, and CVE-2016-1031.2016-04-089.3CVE-2016-1016
CONFIRM
MISCadobe -- flash_playerUse-after-free vulnerability in the LoadVars.decode function in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1031.2016-04-089.3CVE-2016-1017
CONFIRM
MISCadobe -- flash_playerStack-based buffer overflow in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via crafted JPEG-XR data.2016-04-089.3CVE-2016-1018
CONFIRM
MISCadobe -- flash_playerAdobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.2016-04-0810.0CVE-2016-1020
CONFIRMadobe -- flash_playerAdobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.2016-04-0810.0CVE-2016-1021
CONFIRMadobe -- flash_playerAdobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.2016-04-0810.0CVE-2016-1022
CONFIRMadobe -- flash_playerAdobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.2016-04-0810.0CVE-2016-1023
CONFIRMadobe -- flash_playerAdobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.2016-04-0810.0CVE-2016-1024
CONFIRMadobe -- flash_playerAdobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.2016-04-0810.0CVE-2016-1025
CONFIRMadobe -- flash_playerAdobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.2016-04-0810.0CVE-2016-1026
CONFIRMadobe -- flash_playerAdobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.2016-04-0810.0CVE-2016-1027
CONFIRMadobe -- flash_playerAdobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.2016-04-0810.0CVE-2016-1028
CONFIRMadobe -- flash_playerAdobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1032, and CVE-2016-1033.2016-04-0810.0CVE-2016-1029
CONFIRMadobe -- flash_playerAdobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to bypass intended access restrictions via unspecified vectors.2016-04-0810.0CVE-2016-1030
CONFIRMadobe -- flash_playerUse-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1017.2016-04-0810.0CVE-2016-1031
CONFIRMadobe -- flash_playerAdobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, and CVE-2016-1033.2016-04-0810.0CVE-2016-1032
CONFIRMadobe -- flash_playerAdobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, and CVE-2016-1032.2016-04-0810.0CVE-2016-1033
CONFIRMapache -- apache_directory_studioThe CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet.2016-04-119.3CVE-2015-5349
CONFIRM
BUGTRAQapache -- strutsApache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.2016-04-1210.0CVE-2016-0785
SECTRACK
CONFIRMapache -- ofbizApache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.2016-04-127.5CVE-2016-2170
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
BUGTRAQ
MISCavast -- avast_free_antivirusHeap-based buffer overflow in the Avast virtualization driver (aswSnx.sys) in Avast Internet Security, Pro Antivirus, Premier, and Free Antivirus before 11.1.2253 allows local users to gain privileges via a Unicode file path in an IOCTL request.2016-04-1310.0CVE-2015-8620
MISC
SECTRACK
FULLDISC
MISCclaws-mail -- claws-mailStack-based buffer overflow in the conv_euctojis function in codeconv.c in Claws Mail 3.13.1 allows remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8614.2016-04-117.5CVE-2015-8708
MLISTdrupal -- drupalThe System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a "reflected file download vulnerability."2016-04-128.5CVE-2016-3168
CONFIRM
MLIST
MLIST
DEBIANgit-scm -- gitrevision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.2016-04-0810.0CVE-2016-2315
CONFIRM
CONFIRM
CONFIRM
SECTRACK
MLIST
SUSE
SUSE
SUSE
SUSEgit-scm -- gitInteger overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.2016-04-0810.0CVE-2016-2324
CONFIRM
CONFIRM
MLIST
SUSE
SUSE
SUSE
SUSEhuawei -- p7_firmwareInteger overflow in Huawei P7 phones with software before P7-L07 V100R001C01B606 allows remote attackers to gain privileges via a crafted application with the system or camera permission.2016-04-139.3CVE-2015-8304
CONFIRMhuawei -- mate_s_firmwareInteger overflow in the graphics drivers in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, which triggers a heap-based buffer overflow.2016-04-139.3CVE-2016-1495
CONFIRMhuawei -- p8_firmwareThe graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 allows attackers to cause a denial of service (system crash) via a crafted application, aka a "semaphore deadlock issue."2016-04-137.1CVE-2016-1496
CONFIRMhuawei -- policy_center_firmwareHuawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to gain privileges and cause a denial of service (system crash) via a crafted URL.2016-04-129.0CVE-2016-2405
CONFIRMhuawei -- s5300_firmwareHuawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 allow remote attackers to cause a denial of service (switch restart) via crafted traffic.2016-04-117.8CVE-2016-3678
CONFIRMkamailio -- kamailioHeap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memory corruption and process crash) or possibly execute arbitrary code via a large SIP packet.2016-04-1110.0CVE-2016-2385
EXPLOIT-DB
CONFIRM
MISC
BUGTRAQ
CONFIRM
DEBIAN
DEBIAN
MISClenovo -- fingerprint_managerLenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating local checks.2016-04-117.2CVE-2016-2393
CONFIRMmicrosoft -- windows_10Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Execution Vulnerability."2016-04-127.2CVE-2016-0088
MSmicrosoft -- excelMicrosoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."2016-04-129.3CVE-2016-0122
MSmicrosoft -- officeMicrosoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."2016-04-129.3CVE-2016-0127
MSmicrosoft -- windows_10The Secondary Logon Service in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."2016-04-127.2CVE-2016-0135
MSmicrosoft -- excelMicrosoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."2016-04-129.3CVE-2016-0136
MSmicrosoft -- excelMicrosoft Excel 2010 SP2, Word for Mac 2011, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."2016-04-129.3CVE-2016-0139
MSmicrosoft -- windows_10The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0165 and CVE-2016-0167.2016-04-127.2CVE-2016-0143
MSmicrosoft -- .net_frameworkThe font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold and 1511; Office 2007 SP3 and 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, and 3.5.1; Skype for Business 2016; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability."2016-04-129.3CVE-2016-0145
MSmicrosoft -- xml_core_servicesMicrosoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka "MSXML 3.0 Remote Code Execution Vulnerability."2016-04-129.3CVE-2016-0147
MSmicrosoft -- .net_frameworkMicrosoft .NET Framework 4.6 and 4.6.1 mishandles library loading, which allows local users to gain privileges via a crafted application, aka ".NET Framework Remote Code Execution Vulnerability."2016-04-127.2CVE-2016-0148
MSmicrosoft -- windows_10HTTP.sys in Microsoft Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability."2016-04-127.8CVE-2016-0150
MSmicrosoft -- windows_10The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka "Windows CSRSS Security Feature Bypass Vulnerability."2016-04-127.2CVE-2016-0151
MSmicrosoft -- windows_7OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Remote Code Execution Vulnerability."2016-04-129.3CVE-2016-0153
MSmicrosoft -- edgeMicrosoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."2016-04-127.6CVE-2016-0154
MS
MSmicrosoft -- edgeMicrosoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0156 and CVE-2016-0157.2016-04-127.6CVE-2016-0155
MSmicrosoft -- edgeMicrosoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0155 and CVE-2016-0157.2016-04-127.6CVE-2016-0156
MSmicrosoft -- edgeMicrosoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0155 and CVE-2016-0156.2016-04-127.6CVE-2016-0157
MSmicrosoft -- internet_explorerMicrosoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."2016-04-127.6CVE-2016-0159
MSmicrosoft -- internet_explorerMicrosoft Internet Explorer 11 mishandles DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability."2016-04-127.2CVE-2016-0160
MSmicrosoft -- internet_explorerMicrosoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."2016-04-127.6CVE-2016-0164
MSmicrosoft -- windows_10The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0167.2016-04-127.2CVE-2016-0165
MSmicrosoft -- internet_explorerMicrosoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."2016-04-127.6CVE-2016-0166
MSmicrosoft -- windows_10The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0165.2016-04-127.2CVE-2016-0167
MSoar_project -- oarThe oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options.2016-04-119.0CVE-2016-1235
CONFIRM
CONFIRM
DEBIANotr -- pidgin-otrUse-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the "Authenticate buddy" menu item.2016-04-1110.0CVE-2015-8833
MLIST
CONFIRM
CONFIRM
CONFIRM
MISC
MLIST
MLISTpaloaltonetworks -- pan-osThe management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call.2016-04-1210.0CVE-2016-3655
CONFIRMpaloaltonetworks -- pan-osBuffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to cause a denial of service (device crash) or possibly execute arbitrary code via an SSL VPN request.2016-04-1210.0CVE-2016-3657
CONFIRMpostgresql -- postgresqlThe (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service (server crash) via a crafted bytea value in a BRIN index page.2016-04-118.5CVE-2016-3065
CONFIRM
SECTRACK
CONFIRM
CONFIRMprepopulate_project -- prepopulateThe Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the REQUEST superglobal array, and consequently have unspecified impact, via a base64-encoded pp parameter.2016-04-087.5CVE-2016-3187
MISC
CONFIRM
CONFIRMprepopulate_project -- prepopulateThe _prepopulate_request_walk function in the Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the (1) actions, (2) container, (3) token, (4) password, (5) password_confirm, (6) text_format, or (7) markup field type, and consequently have unspecified impact, via unspecified vectors.2016-04-087.5CVE-2016-3188
MISC
CONFIRM
CONFIRMredhat -- openstackThe TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the default credentials.2016-04-117.5CVE-2015-5329
REDHATspip -- spipSPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.2016-04-087.5CVE-2016-3153
CONFIRM
CONFIRM
DEBIANspip -- spipThe encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.2016-04-087.5CVE-2016-3154
CONFIRM
CONFIRM
DEBIANBack to top

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- robohelpAdobe RoboHelp Server 9 before 9.0.1 mishandles SQL queries, which allows attackers to obtain sensitive information via unspecified vectors.2016-04-125.0CVE-2016-1035
CONFIRMapache -- rangerCross-site scripting (XSS) vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header.2016-04-114.3CVE-2015-0265
MLIST
CONFIRM
MISC
BIDapache -- rangerThe Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs.2016-04-116.5CVE-2015-0266
MLIST
CONFIRM
MISC
BIDapache -- ofbizCross-site scripting (XSS) vulnerability in the DisplayEntityField.getDescription method in ModelFormField.java in Apache OFBiz before 12.04.06 and 13.07.x before 13.07.03 allows remote attackers to inject arbitrary web script or HTML via the description attribute of a display-entity element.2016-04-124.3CVE-2015-3268
CONFIRM
CONFIRM
CONFIRM
CONFIRM
BUGTRAQ
MISCapache -- rangerThe Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API.2016-04-124.0CVE-2015-5167
MLIST
CONFIRM
BIDapache -- wicketCross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 might allow remote attackers to inject arbitrary web script or HTML via a ModalWindow title.2016-04-124.3CVE-2015-5347
CONFIRM
SECTRACK
CONFIRMapache -- wicketMultiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a <input> element.2016-04-124.3CVE-2015-7520
SECTRACK
CONFIRMapache -- openmeetingsThe sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time.2016-04-115.0CVE-2016-0783
CONFIRM
CONFIRM
BUGTRAQ
MISC
MISCapache -- openmeetingsDirectory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry.2016-04-114.0CVE-2016-0784
CONFIRM
EXPLOIT-DB
CONFIRM
BUGTRAQ
MLIST
MISC
MISCapache -- strutsApache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.2016-04-124.3CVE-2016-2162
SECTRACK
CONFIRMapache -- openmeetingsCross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event.2016-04-114.3CVE-2016-2163
CONFIRM
CONFIRM
BUGTRAQ
MISCapache -- openmeetingsThe (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.2016-04-115.0CVE-2016-2164
CONFIRM
CONFIRM
BUGTRAQ
MISCapache -- qpid_protonThe (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.2016-04-125.8CVE-2016-2166
CONFIRM
CONFIRM
CONFIRM
BUGTRAQ
MISCapache -- jetspeedThe User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the REST API.2016-04-116.4CVE-2016-2171
CONFIRM
MLIST
MISCapache -- strutsCross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter.2016-04-124.3CVE-2016-4003
CONFIRM
SECTRACK
CONFIRMatlassian -- confluenceCross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check.2016-04-114.3CVE-2015-8398
BUGTRAQatlassian -- confluenceAtlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.2016-04-114.0CVE-2015-8399
BUGTRAQcacti -- cactiSQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action.2016-04-126.5CVE-2016-3172
MLIST
MLIST
MISCcacti -- cactiSQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter.2016-04-116.5CVE-2016-3659
FULLDISC
MISC
MISCcisco -- ip_interoperability_and_collaboration_systemCross-site scripting (XSS) vulnerability in Cisco IP Interoperability and Collaboration System 4.10(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy12339.2016-04-084.3CVE-2016-1375
CISCOcisco -- unity_connectionCross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776.2016-04-124.3CVE-2016-1377
CISCOdhcpcd_project -- dhcpcdThe decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response.2016-04-115.0CVE-2012-6698
CONFIRM
CONFIRM
MLIST
MLIST
DEBIANdhcpcd_project -- dhcpcdThe decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response.2016-04-115.0CVE-2012-6699
CONFIRM
CONFIRM
MLIST
MLIST
DEBIANdhcpcd_project -- dhcpcdThe decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response.2016-04-115.0CVE-2012-6700
CONFIRM
CONFIRM
MLIST
MLIST
DEBIANdjango -- djangoThe utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com.2016-04-084.3CVE-2016-2512
CONFIRM
CONFIRM
REDHATdrupal -- drupalDrupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, related to path manipulation.2016-04-125.8CVE-2016-3164
CONFIRM
MLIST
MLIST
DEBIANdrupal -- drupalThe Form API in Drupal 6.x before 6.38 ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has "#access" set to FALSE in the server-side form definition.2016-04-125.0CVE-2016-3165
CONFIRM
MLIST
MLIST
DEBIANdrupal -- drupalCRLF injection vulnerability in the drupal_set_header function in Drupal 6.x before 6.38, when used with PHP before 5.1.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers.2016-04-124.3CVE-2016-3166
CONFIRM
MLIST
MLIST
DEBIANdrupal -- drupalOpen redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" parameter.2016-04-125.8CVE-2016-3167
CONFIRM
MLIST
MLIST
DEBIANdrupal -- drupalThe User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.2016-04-126.8CVE-2016-3169
CONFIRM
MLIST
MLIST
DEBIANdrupal -- drupalThe "have you forgotten your password" links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in.2016-04-125.0CVE-2016-3170
CONFIRM
MLIST
MLIST
DEBIANdrupal -- drupalDrupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.2016-04-126.8CVE-2016-3171
CONFIRM
MLIST
MLIST
DEBIANfortinet -- fortiosThe Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the "redirect" parameter to "login."2016-04-084.3CVE-2016-3978
SECTRACK
CONFIRM
FULLDISCgoogle -- kubernetesKubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name.2016-04-115.0CVE-2015-7528
CONFIRM
CONFIRM
CONFIRM
REDHAT
REDHAThuawei -- policy_center_firmwareSQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to system databases.2016-04-116.5CVE-2016-3675
CONFIRMhuawei -- e3276s_firmwareHuawei E3276s USB modems with software before E3276s-150TCPU-V200R002B436D09SP00C00 allow man-in-the-middle attackers to intercept, spoof, or modify network traffic via unspecified vectors related to a fake network.2016-04-115.8CVE-2016-3676
CONFIRMjasper_project -- jasperDouble free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137.2016-04-136.8CVE-2016-1577
CONFIRM
UBUNTU
MLISTjasper_project -- jasperMemory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file.2016-04-134.3CVE-2016-2116
CONFIRM
UBUNTU
MLISTlenovo -- emc_firmwareThe management interface in LenovoEMC EZ Media & Backup (hm3), ix2/ix2-dl, ix4-300d, px12-400r/450r, px6-300d, px2-300d, px4-300r, px4-400d, px4-400r, and px4-300d NAS devices with firmware before 4.1.204.33661 allows remote attackers to obtain sensitive device information via unspecified vectors.2016-04-115.0CVE-2015-8108
CONFIRMmantisbt -- mantisbtIncomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request.2016-04-115.0CVE-2014-9759
CONFIRM
CONFIRM
MLIST
MLISTmcafee -- advanced_threat_defenseMcAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process.2016-04-085.0CVE-2016-3983
CONFIRMmicrosoft -- windows_10The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "Windows SAM and LSAD Downgrade Vulnerability" or "BADLOCK."2016-04-124.3CVE-2016-0128
MS
MISCmicrosoft -- edgeMicrosoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0161.2016-04-124.3CVE-2016-0158
MSmicrosoft -- edgeMicrosoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0158.2016-04-124.3CVE-2016-0161
MSmicrosoft -- internet_explorerMicrosoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka "Internet Explorer Information Disclosure Vulnerability."2016-04-124.3CVE-2016-0162
MSpaloaltonetworks -- pan-osThe GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote attackers to cause a denial of service (service crash) via a crafted request.2016-04-125.0CVE-2016-3656
CONFIRMpostgresql -- postgresqlPostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role.2016-04-115.0CVE-2016-2193
CONFIRM
CONFIRM
CONFIRMpuppetlabs -- puppet_enterprisePuppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protection mechanism by leveraging the Puppet communications protocol.2016-04-116.5CVE-2015-7330
CONFIRM
SECTRACKqemu -- qemuStack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance crash) via an invalid opcode in a SCSI command descriptor block.2016-04-114.3CVE-2015-5158
GENTOO
MLIST
SECTRACK
BIDredhat -- enterprise_linuxThe calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.2016-04-085.0CVE-2015-5229
CONFIRM
CONFIRM
CONFIRM
REDHATsamba -- sambaThe MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."2016-04-124.3CVE-2016-2118
CONFIRMsap -- java_asThe Java Startup Framework (aka jstart) in SAP JAVA AS 7.4 allows remote attackers to cause a denial of service via a crafted HTTP request, aka SAP Security Note 2259547.2016-04-085.0CVE-2016-3980
MISCsiemens -- scalance_s613Siemens SCALANCE S613 allows remote attackers to cause a denial of service (web-server outage) via traffic to TCP port 443.2016-04-085.0CVE-2016-3963
CONFIRMsilverstripe -- silverstripeMultiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm.2016-04-134.3CVE-2015-8606
CONFIRM
MLIST
MLIST
MLIST
FULLDISCzimbra -- zimbra_collaboration_serverMultiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest.2016-04-086.8CVE-2015-6541
EXPLOIT-DB
CONFIRM
FULLDISCBack to top

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infodjango -- djangoThe password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.2016-04-082.6CVE-2016-2513
CONFIRM
CONFIRM
REDHATmicrosoft -- windows_10Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability."2016-04-122.1CVE-2016-0089
MSmicrosoft -- windows_10Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability."2016-04-122.1CVE-2016-0090
MSnovell -- leapThe mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.2016-04-082.1CVE-2015-5969
SUSE
CONFIRM
SUSE
SUSE
SUSEqemu -- qemuThe net_checksum_calculate function in net/checksum.c in QEMU allows guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.2016-04-112.1CVE-2016-2857
MLIST
MLIST
CONFIRMBack to top

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- creative_cloud_desktopThe Sync Process in the JavaScript API for Creative Cloud Libraries in Adobe Creative Cloud Desktop Application before 3.6.0.244 allows remote attackers to read or write to arbitrary files via unspecified vectors.2016-04-12not yet calculatedCVE-2016-1034
CONFIRMandroid -- aosp_mailmail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 supports file:///data attachments, which allows attackers to obtain sensitive information via a crafted application, aka internal bugs 7154234 and 26989185.2016-04-17not yet calculatedCVE-2016-2425
CONFIRM
CONFIRM
CONFIRMandroid -- autodiscoverexchange/eas/EasAutoDiscover.java in the Autodiscover implementation in Exchange ActiveSync in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to obtain sensitive information via a crafted application that triggers a spoofed response to a GET request, aka internal bug 26488455.2016-04-17not yet calculatedCVE-2016-2415
CONFIRM
CONFIRMandroid -- bluetoothThe PORCHE_PAIRING_CONFLICT feature in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to bypass intended pairing restrictions via a crafted device, aka internal bug 26551752.2016-04-17not yet calculatedCVE-2016-0850
CONFIRM
CONFIRMandroid -- dhcpcddhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634.2016-04-17not yet calculatedCVE-2016-1503
CONFIRM
CONFIRM
CONFIRMandroid -- download_managerRace condition in Download Manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to bypass private-storage file-access restrictions via a crafted application that changes a symlink target, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26211054.2016-04-17not yet calculatedCVE-2016-0848
CONFIRM
CONFIRMandroid -- frameworkserver/content/ContentService.java in the Framework component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a GET_ACCOUNTS permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 26094635.2016-04-17not yet calculatedCVE-2016-2426
CONFIRM
CONFIRMandroid -- imemorylibs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26877992.2016-04-17not yet calculatedCVE-2016-0846
CONFIRM
CONFIRMandroid -- javaasn1/cms/GCMParameters.java in the Bouncy Castle Crypto APIs 1.54 for Java, as used in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, has an improper AES-GCM-ICVlen value, which makes it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application, aka internal bug 26234568.2016-04-17not yet calculatedCVE-2016-2427
CONFIRM
CONFIRM
CONFIRMandroid -- libstagefrightThe H.264 decoder in libstagefright in Android 6.x before 2016-04-01 mishandles Memory Management Control Operation (MMCO) data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25818142.2016-04-17not yet calculatedCVE-2016-0842
CONFIRM
CONFIRMandroid -- mediaserverAn unspecified media codec in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26220548.2016-04-17not yet calculatedCVE-2016-0834
CONFIRMandroid -- mediaserverdecoder/impeg2d_dec_hdr.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a certain negative value, aka internal bug 26070014.2016-04-17not yet calculatedCVE-2016-0835
CONFIRM
CONFIRM
CONFIRMandroid -- mediaserverlibs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for the android.permission.DUMP permission, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via a dump request, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27046057.2016-04-17not yet calculatedCVE-2016-2416
CONFIRM
CONFIRM
CONFIRMandroid -- mediaservermedia/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize a certain key-request data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26323455.2016-04-17not yet calculatedCVE-2016-2419
CONFIRM
CONFIRMandroid -- mediaservermedia/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26914474.2016-04-17not yet calculatedCVE-2016-2417
CONFIRM
CONFIRMandroid -- mediaservermedia/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26403627.2016-04-17not yet calculatedCVE-2016-2413
CONFIRM
CONFIRMandroid -- mediaservermedia/libmedia/IOMX.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize certain metadata buffer pointers, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324358.2016-04-17not yet calculatedCVE-2016-2418
CONFIRM
CONFIRMandroid -- mediaservermedia/libmedia/mediametadataretriever.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mishandles cleared service binders, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26040840.2016-04-17not yet calculatedCVE-2016-0841
CONFIRM
CONFIRMandroid -- mediaserverMPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via a crafted media file, aka internal bug 27208621.2016-04-17not yet calculatedCVE-2016-0837
CONFIRM
CONFIRMandroid -- mediaserverMultiple stack-based buffer underflows in decoder/ih264d_parse_cavlc.c in mediaserver in Android 6.x before 2016-04-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26399350.2016-04-17not yet calculatedCVE-2016-0840
CONFIRM
CONFIRMandroid -- mediaserverpost_proc/volume_listener.c in mediaserver in Android 6.x before 2016-04-01 mishandles deleted effect context, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25753245.2016-04-17not yet calculatedCVE-2016-0839
CONFIRM
CONFIRMandroid -- mediaserverSonivox in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a negative number of samples, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to arm-wt-22k/lib_src/eas_wtengine.c and arm-wt-22k/lib_src/eas_wtsynth.c, aka internal bug 26366256.2016-04-17not yet calculatedCVE-2016-0838
CONFIRM
CONFIRM
CONFIRMandroid -- mediaserverStack-based buffer overflow in decoder/impeg2d_vld.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25812590.2016-04-17not yet calculatedCVE-2016-0836
CONFIRM
CONFIRMandroid -- qualcommA Qualcomm Power Management kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages root access, aka internal bug 26866053.2016-04-17not yet calculatedCVE-2016-2411
CONFIRMandroid -- qualcommA Qualcomm video kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 26291677.2016-04-17not yet calculatedCVE-2016-2410
CONFIRMandroid -- qualcomm_arm_processorThe Qualcomm ARM processor performance-event manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application, aka internal bug 25801197.2016-04-17not yet calculatedCVE-2016-0843
CONFIRMandroid -- qualcomm_rf_driverThe Qualcomm RF driver in Android 6.x before 2016-04-01 does not properly restrict access to socket ioctl calls, which allows attackers to gain privileges via a crafted application, aka internal bug 26324307.2016-04-17not yet calculatedCVE-2016-0844
CONFIRM
CONFIRMandroid -- recovery_procedureMultiple integer overflows in minzip/SysUtil.c in the Recovery Procedure in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26960931.2016-04-17not yet calculatedCVE-2016-0849
CONFIRM
CONFIRMandroid -- rootdir/init.rcrootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the /data/tombstones directory exists for the Debuggerd component, which allows attackers to gain privileges via a crafted application, aka internal bug 26403620.2016-04-17not yet calculatedCVE-2016-2420
CONFIRM
CONFIRM
CONFIRMandroid -- setup_wizardSetup Wizard in Android 5.1.x before 5.1.1 and 6.x before 2016-04-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26154410.2016-04-17not yet calculatedCVE-2016-2421
CONFIRMandroid -- skiainclude/core/SkPostConfig.h in Skia, as used in System_server in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, mishandles certain crashes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26593930.2016-04-17not yet calculatedCVE-2016-2412
CONFIRM
CONFIRMandroid -- syncstorageengineserver/content/SyncStorageEngine.java in SyncStorageEngine in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mismanages certain authority data, which allows attackers to cause a denial of service (reboot loop) via a crafted application, aka internal bug 26513719.2016-04-17not yet calculatedCVE-2016-2424
CONFIRM
CONFIRMandroid -- telecom_componentThe Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to spoof the originating telephone number of a call via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26864502.2016-04-17not yet calculatedCVE-2016-0847
CONFIRM
CONFIRM
CONFIRMandroid -- telephonyserver/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26303187.2016-04-17not yet calculatedCVE-2016-2423
CONFIRM
CONFIRMandroid -- the_minikin_libraryThe Minikin library in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider negative size values in font data, which allows remote attackers to cause a denial of service (memory corruption and reboot loop) via a crafted font, aka internal bug 26413177.2016-04-17not yet calculatedCVE-2016-2414
CONFIRM
CONFIRM
CONFIRM
CONFIRMandroid -- ti_haptic_kernal_driverA Texas Instruments (TI) haptic kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 25981545.2016-04-17not yet calculatedCVE-2016-2409
CONFIRMandroid -- wi-fiWi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not prevent use of a Wi-Fi CA certificate in an unrelated CA role, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324357.2016-04-17not yet calculatedCVE-2016-2422
CONFIRM
CONFIRMapache -- camel-jettyApache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using (1) camel-jetty or (2) camel-servlet as a consumer in Camel routes, allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.2016-04-15not yet calculatedCVE-2015-5348
CONFIRM
BUGTRAQ
MISC
CONFIRMapache -- jetspeedCross-site scripting (XSS) vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to portal.2016-04-11 CVE-2016-0712
CONFIRM
MLISTapache -- jetspeedDirectory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by "../../webapps/x.jsp."2016-04-11not yet calculatedCVE-2016-0709
EXPLOIT-DB
CONFIRM
MLIST
MISC
MISC
MISCapache -- jetspeedMultiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a (1) link, (2) page, or (3) folder resource.2016-04-11not yet calculatedCVE-2016-0711
CONFIRM
MLISTapache -- jetspeedMultiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.2016-04-11not yet calculatedCVE-2016-0710
EXPLOIT-DB
CONFIRM
MLIST
MISC
MISC
MISCapache -- rangerApache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy.2016-04-11not yet calculatedCVE-2016-0735
MLISTapache -- rangerThe Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid username.2016-04-12not yet calculatedCVE-2016-0733
MLIST
CONFIRM
CONFIRM
BIDapache -- subversion_mod_dav_svnInteger overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.2016-04-14not yet calculatedCVE-2015-5343
SECTRACK
DEBIAN
CONFIRMavast -- avastAvast allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted PE file, related to authenticode parsing.2016-04-11not yet calculatedCVE-2016-3986
EXPLOIT-DB
MISC
MISCbig-ip -- big-ipF5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP DNS 12.0.0 before build 1.14.628; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, and 11.6.0 before build 6.204.442; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 build 685-HF10; BIG-IQ Cloud, Device, and Security 4.2.0 through 4.5.0; and BIG-IQ ADC 4.5.0 do not properly regenerate certificates and keys when deploying cloud images in Amazon Web Services (AWS), Azure or Verizon cloud services environments, which allows attackers to obtain sensitive information or cause a denial of service (disruption) by leveraging a target instance configuration.2016-04-13not yet calculatedCVE-2016-2084
CONFIRM
SECTRACKbig-ip -- big-ipThe Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 HF6 and BIG-IP Edge Gateway 11.0.0 through 11.3.0 might allow remote attackers to obtain sensitive SessionId information by leveraging access to the Location HTTP header in a redirect.2016-04-13not yet calculatedCVE-2016-3686
CONFIRM
SECTRACKbig-ip -- traffic_management_microkernel_(tmm)The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and BIG-IP PEM before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.0 HF6 and BIG-IP PSM before 11.4.1 HF10 does not properly handle TCP options, which allows remote attackers to cause a denial of service via unspecified vectors, related to the tm.minpathmtu database variable.2016-04-11not yet calculatedCVE-2015-8240
CONFIRM
SECTRACKbig-ip_ltm -- configuration_utilityIncomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x before 11.2.1 HF11, 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; BIG-IP AAM 11.4.0 before HF8 and 11.4.1 before HF6; BIG-IP AFM and PEM 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; and BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF11 and 11.3.0 allows remote authenticated users to upload files via uploadImage.php.2016-04-12not yet calculatedCVE-2015-8021
CONFIRM
SECTRACKcacti -- auth_login.phpauth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database.2016-04-13not yet calculatedCVE-2016-2313
CONFIRM
SUSE
SUSE
SUSE
CONFIRMcacti -- graphs_new.phpSQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action.2016-04-11not yet calculatedCVE-2015-8604
SECTRACK
MLIST
MLIST
FULLDISC
MISC
MISCcisco -- iosCisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP) port, aka Bug ID CSCum62591.2016-04-13not yet calculatedCVE-2016-1378
CISCOcisco -- iosCisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (CRC and symbol errors, and interface flap) via crafted bit patterns in packets, aka Bug ID CSCuv78548.2016-04-12not yet calculatedCVE-2016-1376
CISCOcisco -- ucsCisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856.2016-04-13not yet calculatedCVE-2016-1352
CISCOcisco -- ucsCisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted arguments on a ucspe-copy command line, aka Bug ID CSCux68832.2016-04-15not yet calculatedCVE-2016-1339
CISCOcisco -- ucsHeap-based buffer overflow in Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted libclimeta.so filename arguments, aka Bug ID CSCux68837.2016-04-15not yet calculatedCVE-2016-1340
CISCOcitrix -- administration_web_ui_servletsMultiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.2016-04-14not yet calculatedCVE-2015-7999
CONFIRMclaws_mail -- codeconv.cMultiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion.2016-04-11not yet calculatedCVE-2015-8614
CONFIRM
MLIST
MLIST
CONFIRM
SUSE
CONFIRMdell -- openmanage_server_administrator_(omsa)Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile.2016-04-12not yet calculatedCVE-2016-4004
EXPLOIT-DBdrupal -- drupalThe File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files.2016-04-12not yet calculatedCVE-2016-3162
CONFIRM
MLIST
MLIST
DEBIANdrupal -- drupalThe XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same method.2016-04-12not yet calculatedCVE-2016-3163
CONFIRM
MLIST
MLIST
DEBIANdrupal -- block_class_moduleCross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitrary web script or HTML via a class name.2016-04-15not yet calculatedCVE-2016-3144
MISC
CONFIRMec-cube -- cyber-will_social-buttonCross-site scripting (XSS) vulnerability in the Cyber-Will Social-button Premium plugin before 1.1 for EC-CUBE 2.13.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2016-04-08 CVE-2016-1180
CONFIRM
CONFIRM
JVNDB
JVNemc -- emcAn HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname.2016-04-15not yet calculatedCVE-2016-0889
BUGTRAQemc -- emcEMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.2016-04-12not yet calculatedCVE-2016-0887
BUGTRAQeset -- nod32Heap-based buffer overflow in the Archive support module in ESET NOD32 before update 11861 allows remote attackers to execute arbitrary code via a large number of languages in an EPOC installation file of type SIS_FILE_MULTILANG.2016-04-11not yet calculatedCVE-2015-8841
MISC
CONFIRM
MISCfoomatic -- foomatic-rip/filtersIncomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.2016-04-14not yet calculatedCVE-2015-8560
UBUNTU
UBUNTU
MLIST
MLIST
DEBIAN
CONFIRM
CONFIRMfoomatic -- rip/filtersHeap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title.2016-04-15 not yet calculatedCVE-2010-5325
CONFIRM
CONFIRM
MLIST
MLIST
REDHAT
CONFIRMforman -- formanForeman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual report show/delete pages or (b) APIs.2016-04-11not yet calculatedCVE-2015-5233
REDHAT
CONFIRM
CONFIRMfoxit_reader -- foxit_cloud_update_serviceThe Foxit Cloud Update Service (FoxitCloudUpdateService) in Foxit Reader 6.1 through 6.2.x and 7.x before 7.2.2, when an update to the Cloud plugin is available, allows local users to gain privileges by writing crafted data to a shared memory region, which triggers memory corruption.2016-04-13not yet calculatedCVE-2015-8843
CONFIRM
MISCfreebsd -- freebsdInteger signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service (kernel panic) via an i386_set_ldt system call, which triggers a heap-based buffer overflow.2016-04-11not yet calculatedCVE-2016-1885
EXPLOIT-DB
FREEBSD
SECTRACK
BUGTRAQ
BUGTRAQ
MISC
FULLDISC
FULLDISC
MISCgiflib -- giffix.cHeap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service (program crash) via crafted image and logical screen width fields in a GIF file.2016-04-13not yet calculatedCVE-2015-7555
BUGTRAQ
FULLDISC
MISC
FEDORAgit -- git-remote-extThe (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.2016-04-13not yet calculatedCVE-2015-7545
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
UBUNTU
MLIST
MLIST
MLIST
REDHAT
SUSEgoogle -- chromeCross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."2016-04-18not yet calculatedCVE-2016-1652
CONFIRM
CONFIRM
CONFIRMgoogle -- chromefxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted JPEG 2000 data in a PDF document.2016-04-18not yet calculatedCVE-2016-1651
CONFIRM
CONFIRM
MISC
CONFIRMgoogle -- chromeGoogle Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension.2016-04-18not yet calculatedCVE-2016-1655
CONFIRM
CONFIRM
CONFIRMgoogle -- chromeMultiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.2016-04-18not yet calculatedCVE-2016-1659
CONFIRM
CONFIRMgoogle -- chromeThe download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors.2016-04-18not yet calculatedCVE-2016-1656
CONFIRM
CONFIRMgoogle -- chromeThe Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.2016-04-18not yet calculatedCVE-2016-1658
CONFIRM
CONFIRM
CONFIRMgoogle -- chromeThe LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related to compiler/pipeline.cc and compiler/simplified-lowering.cc.2016-04-18not yet calculatedCVE-2016-1653
CONFIRM
CONFIRM
CONFIRMgoogle -- chromeThe media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors.2016-04-18not yet calculatedCVE-2016-1654
CONFIRM
CONFIRMgoogle -- chromeThe WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL.2016-04-18not yet calculatedCVE-2016-1657
CONFIRM
CONFIRM
CONFIRMhawk -- hawkHawk before 3.1.3 and 4.x before 4.1.1 allow remote attackers to cause a denial of service (CPU consumption or partial outage) via a long (1) header or (2) URI that is matched against an improper regular expression.2016-04-13not yet calculatedCVE-2016-2515
MISC
CONFIRM
CONFIRM
CONFIRM
MLIST
MLISThorde_groupware -- horde_groupwareCross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to xplorer/gollem/manager.php.2016-04-13not yet calculatedCVE-2016-2228
CONFIRM
CONFIRM
MLIST
MLIST
DEBIAN
MLIST
MLIST
FEDORA
FEDORA
CONFIRMhorde_groupware -- renderVarInpuCross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields.2016-04-13not yet calculatedCVE-2015-8807
CONFIRM
CONFIRM
MLIST
MLIST
DEBIAN
MLIST
MLIST
FEDORA
FEDORAhpe_universal_cmdb_foundation -- hpe_universal_cmdb_foundationHPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain sensitive information or conduct URL redirection attacks via unspecified vectors.2016-04-12not yet calculatedCVE-2016-2001
HPhuawei -- campus_series_switchesMemory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH008, and V200R006C00 before V200R006SPH002; S9300, S7700, and S9700 Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH009, and V200R006C00 before V200R006SPH003; S5720HI and S5720EI Campus series switches with software V200R006C00 before V200R006SPH002; and S2300 and S3300 Campus series switches with software V100R006C05 before V100R006SPH022 allows remote authenticated users to cause a denial of service (memory consumption and device restart) by logging in and out of the (1) HTTPS or (2) SFTP server, related to SSL session information.2016-04-14not yet calculatedCVE-2015-8677
CONFIRMhuawei -- campus_series_switchesMemory leak in Huawei S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI, and S5300LI Campus series switches with software V200R001C00 before V200R001SPH018, V200R002C00 before V200R003SPH011, and V200R003C00 before V200R003SPH011; S9300, S7700, and S9700 Campus series switches with software V200R001C00 before V200R001SPH023, V200R002C00 before V200R003SPH011, and V200R003C00 before V200R003SPH011; and S2300 and S3300 Campus series switches with software V100R006C05 before V100R006SPH022 allows remote attackers to cause a denial of service (memory consumption and reboot) via a large number of ICMPv6 packets.2016-04-14not yet calculatedCVE-2015-8676
CONFIRMhuawei -- fusioncomputeHuawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors.2016-04-14not yet calculatedCVE-2015-8336
CONFIRMhuawei -- huawei_utpsUntrusted search path vulnerability in Huawei UTPS before UTPS-V200R003B015D15SP00C983 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in an unspecified directory.2016-04-13not yet calculatedCVE-2016-2780
CONFIRMhuawei -- p8_smartphonesThe Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and GRA-CL10 before GRA-CL10C92B350 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to obtain sensitive information from stack memory or cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access.2016-04-13not yet calculatedCVE-2015-8682
CONFIRMinspircd -- dns.cppThe DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\032" (whitespace) character in a hostname.2016-04-12not yet calculatedCVE-2015-8702
CONFIRM
CONFIRM
CONFIRM
DEBIANipswitch -- moveit_file_transferIpswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading HTML files.2016-04-15not yet calculatedCVE-2015-7676
MISC
FULLDISC
MISCjuniper -- junos_osJuniper Junos OS 14.1X53 before 14.1X53-D30 on QFX Series switches allows remote attackers to cause a denial of service (PFE panic) via a high rate of unspecified VXLAN packets.2016-04-15not yet calculatedCVE-2016-1274
CONFIRMjuniper -- junos_osJuniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R9, 13.2X51 before 13.2X51-D39, 13.3 before 13.3R8, 14.1 before 14.1R6, 14.1X53 before 14.1X53-D30, 14.2 before 14.2R4-S1, 15.1 before 15.1R2, 15.1X49 before 15.1X49-D30, and 16.1 before 16.1R1 allow remote attackers to cause a denial of service (socket consumption) via crafted TCP timestamps.2016-04-15not yet calculatedCVE-2016-1269
CONFIRMjuniper -- junos_osJuniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D25, 13.2 before 13.2R8, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.2 before 14.2R4, 15.1 before 15.1R1 or 15.1F2, and 15.1X49 before 15.1X49-D15 allow local users to gain privileges via crafted combinations of CLI commands and arguments, a different vulnerability than CVE-2015-3003, CVE-2014-3816, and CVE-2014-0615.2016-04-15not yet calculatedCVE-2016-1271
CONFIRMjuniper -- junos_osJuniper Junos OS before 13.2X51-D40, 14.x before 14.1X53-D30, and 15.x before 15.1X53-D20 on QFX5100 and QFX10002 switches do not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic encryption and authentication protection mechanisms via unspecified vectors.2016-04-15not yet calculatedCVE-2016-1273
CONFIRMjuniper -- junos_osRace condition in the Op command in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 12.3X50 before 12.3X50-D50, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.2X52 before 13.2X52-D30, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.1X53 before 14.1X53-D30, 14.2 before 14.2R4, 15.1 before 15.1F2 or 15.1R2, 15.1X49 before 15.1X49-D10 or 15.1X49-D20, and 16.1 before 16.1R1 allows remote authenticated users to gain privileges via the URL option.2016-04-15not yet calculatednot yet calculatedCVE-2016-1264
CONFIRMjuniper -- junos_osRace condition in the RPC functionality in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.1X53 before 14.1X53-D30, 14.2 before 14.2R3-S4, 15.1 before 15.1F2, or 15.1R2, 15.1X49 before 15.1X49-D20, and 16.1 before 16.1R1 allows local users to read, delete, or modify arbitrary files via unspecified vectors.2016-04-15not yet calculatedCVE-2016-1267
CONFIRMjuniper -- junos_osThe rpd daemon in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D40, 13.3 before 13.3R6, 14.1 before 14.1R4, and 14.2 before 14.2R2, when configured with BGP-based L2VPN or VPLS, allows remote attackers to cause a denial of service (daemon restart) via a crafted L2VPN family BGP update.2016-04-15not yet calculatedCVE-2016-1270
CONFIRMjuniper -- screenosThe administrative web services interface in Juniper ScreenOS before 6.3.0r21 allows remote attackers to cause a denial of service (reboot) via a crafted SSL packet.2016-04-15not yet calculatedCVE-2016-1268
CONFIRMlibpng -- pngwutil.cInteger underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.2016-04-14not yet calculatedCVE-2015-8540
BID
MLIST
MLIST
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
FEDORAlibssh -- libsshlibssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."2016-04-13not yet calculatedCVE-2016-0739
CONFIRM
CONFIRM
UBUNTU
DEBIAN
REDHAT
FEDORA
FEDORAlibssh -- package_cb.cThe (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.2016-04-13not yet calculatedCVE-2015-3146
CONFIRM
CONFIRM
CONFIRM
UBUNTU
DEBIAN
FEDORA
FEDORAlibssh2 -- kex.cThe diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."2016-04-13not yet calculatedCVE-2016-0787
CONFIRM
CONFIRM
DEBIAN
SUSE
FEDORA
FEDORAlibtiff -- nextdecodeThe (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.2016-04-13not yet calculatedCVE-2014-9655
DEBIAN
MLISTlibtiff -- pillowBuffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.2016-04-13not yet calculatedCVE-2016-0775
CONFIRM
CONFIRM
DEBIANlibtiff -- pillowBuffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.2016-04-13not yet calculatedCVE-2016-0740
CONFIRM
CONFIRM
DEBIANlibtiff -- pillowOpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image.2016-04-13not yet calculatedCVE-2016-0757
CONFIRM
REDHATlibtiff -- tif_getimage.cThe putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image.2016-04-13not yet calculatedCVE-2015-8683
MLIST
MLIST
DEBIANlibtiff -- tif_getimage.ctif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.2016-04-13not yet calculatedCVE-2015-8665
MLIST
MLIST
DEBIANlibtiff -- tif_next.cThe NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif.2016-04-13not yet calculatedCVE-2015-8784
CONFIRM
MLIST
MLIST
DEBIAN
CONFIRMlibtiff -- tif_next.cThe NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.2016-04-13not yet calculatedCVE-2015-1547
DEBIAN
MLIST
MLISTlibvirt -- storage/storage_backend_fs.cDirectory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.2016-04-11not yet calculatedCVE-2015-5313
MLIST
CONFIRM
FEDORA
CONFIRMlibvirt -- virstoragevolcreatexmlThe virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.2016-04-14not yet calculatedCVE-2015-5247
UBUNTU
CONFIRMlibvirt-- networkreloadiptablesrulesThe networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query.2016-04-14not yet calculatedCVE-2011-4600
CONFIRM
UBUNTU
CONFIRM
CONFIRMlibxml2 -- dict.cdict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.2016-04-13not yet calculatedCVE-2015-8806
MISC
BID
MLISTlibxml2 -- htmlparser.cThe htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.2016-04-11not yet calculatedCVE-2015-8710
MISC
CONFIRM
CONFIRM
BID
MLIST
MLIST
MLIST
DEBIANmagento_enterprise_edition -- getorderbystatusurlkeyThe getOrderByStatusUrlKey function in the Mage_Rss_Helper_Order class in app/code/core/Mage/Rss/Helper/Order.php in Magento Enterprise Edition before 1.14.2.3 and Magento Community Edition before 1.9.2.3 allows remote attackers to obtain sensitive order information via the order_id in a JSON object in the data parameter in an RSS feed request to index.php/rss/order/status.2016-04-15not yet calculatedCVE-2016-2212
CONFIRM
BUGTRAQ
FULLDISC
MISC
MISCmcafee -- mcafeeThe McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys.2016-04-08not yet calculatedCVE-2016-3984
EXPLOIT-DB
CONFIRM
SECTRACK
FULLDISC
MISCmercurial -- mercurialMercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.2016-04-13not yet calculatedCVE-2016-3068
CONFIRM
CONFIRM
DEBIAN
SUSE
SUSE
SUSE
FEDORA
FEDORAmercurial -- mercurialMercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.2016-04-13not yet calculatedCVE-2016-3069
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
DEBIAN
SUSE
SUSE
SUSE
FEDORA
FEDORAmercurial -- mercurialThe binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.2016-04-13not yet calculatedCVE-2016-3630
CONFIRM
CONFIRM
CONFIRM
DEBIAN
SUSE
SUSE
SUSE
FEDORA
FEDORAmod_auth_mellon -- am_read_postThe am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data.2016-04-15not yet calculatedCVE-2016-2145
MLIST
CONFIRM
FEDORAmod_auth_mellon -- am_read_postThe am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data.2016-04-15not yet calculatedCVE-2016-2146
MLIST
CONFIRM
FEDORAnvidia -- the_escape_interfaceThe Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information from kernel memory, cause a denial of service (crash), or possibly gain privileges via unspecified vectors, which trigger uninitialized or out-of-bounds memory access.2016-04-12not yet calculatedCVE-2016-2557
CONFIRM
CONFIRMnvidia -- the_escape_interfaceThe Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information, cause a denial of service (crash), or gain privileges via unspecified vectors related to an untrusted pointer, which trigger uninitialized or out-of-bounds memory access.2016-04-12not yet calculatedCVE-2016-2558
CONFIRM
CONFIRMnvidia -- the_escape_interfaceThe Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows improperly allows access to restricted functionality, which allows local users to gain privileges via unspecified vectors.2016-04-12not yet calculatedCVE-2016-2556
CONFIRM
CONFIRMopenstack_compute -- libvirt_driverThe libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.2016-04-12not yet calculatedCVE-2016-2140
CONFIRM
CONFIRM
MLISTopensuse -- opensuseMultiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."2016-04-13not yet calculatedCVE-2016-4007
CONFIRM
SUSEoptipng -- bmp_read_rowsThe bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.2016-04-13not yet calculatedCVE-2016-2191
CONFIRM
BUGTRAQ
MLIST
DEBIAN
FULLDISC
MISCoptipng -- optipngHeap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file.2016-04-13not yet calculatedCVE-2016-3981
CONFIRM
DEBIAN
MISCoptipng -- optipngOff-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.2016-04-13not yet calculatedCVE-2016-3982
CONFIRM
DEBIAN
MISCpalo_alto_networks -- pan-osThe device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command parameter.2016-04-12not yet calculatedCVE-2016-3654
CONFIRMpillow -- pillowBuffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.2016-04-13not yet calculatedCVE-2016-2533
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
DEBIANpillow -- pillowInteger overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.2016-04-13not yet calculatedCVE-2016-4009
CONFIRM
CONFIRM
CONFIRMpixman -- pixman-bits-image.cInteger overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values.2016-04-13not yet calculatedCVE-2014-9766
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
UBUNTU
MLIST
MLISTpulse -- connect_secureThe Terminal Services Remote Desktop Protocol (RDP) client session restrictions feature in Pulse Connect Secure (aka PCS) 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access restrictions via unspecified vectors.2016-04-11not yet calculatedCVE-2016-3985
CONFIRM
SECTRACKqemu -- qemuUse-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.2016-04-11not yet calculatedCVE-2016-1568
SECTRACK
MLIST
MLIST
CONFIRMredis -- getnum_functionInteger overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.2016-04-13not yet calculatedCVE-2015-8080
CONFIRM
CONFIRM
MISC
MLIST
MLIST
DEBIAN
REDHAT
REDHATredmine -- app/controllers/application_controller.rbOpen redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted back_url parameter, as demonstrated by "@attacker.com," a different vulnerability than CVE-2014-1985.2016-04-12not yet calculatedCVE-2015-8474
CONFIRM
CONFIRM
BID
CONFIRM
DEBIANredmine -- app/views/journals/index.builderapp/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed.2016-04-12not yet calculatedCVE-2015-8537
CONFIRM
CONFIRM
DEBIANredmine -- app/views/timelog/_form.html.erbapp/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.2016-04-12not yet calculatedCVE-2015-8346
CONFIRM
CONFIRM
CONFIRM
DEBIANredmine -- issues_apiThe Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.2016-04-12not yet calculatedCVE-2015-8473
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
BID
DEBIANred_hat -- satelliteMultiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the list_1680466951_oldfilterval parameter to systems/PhysicalList.do or (2) unspecified vectors involving systems/VirtualSystemsList.do.2016-04-14not yet calculatedCVE-2016-2103
CONFIRM
REDHATred_hat -- spacewalk/red_hat_satelliteMultiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a (3) snapshot tag or (4) system group in System Set Manager (SSM).2016-04-14not yet calculatedCVE-2016-3079
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
REDHATred_hat_cloudforms -- postgresql_databaseRed Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files.2016-04-11not yet calculatedCVE-2015-7502
CONFIRM
REDHAT
REDHATroundup -- schema.pyschema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.2016-04-13not yet calculatedCVE-2014-6276
CONFIRM
DEBIAN
CONFIRMsaltstack -- salt_2015Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream.2016-04-12not yet calculatedCVE-2016-1866
CONFIRM
SUSEsap -- netweaver_java_asThe Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784.2016-04-14not yet calculatedCVE-2016-4015
MISC
MISCsap -- netweaver_java_asXML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service via a crafted XML request, aka SAP Security Note 2254389.2016-04-14not yet calculatedCVE-2016-4014
MISC
MISCsap -- sap_hanaThe Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710.2016-04-14not yet calculatedCVE-2016-4017
MISCsap -- sap_hanaThe Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and conduct unspecified other attacks via unspecified vectors, aka SAP Security Note 2262742.2016-04-14not yet calculatedCVE-2016-4018
MISCsap -- sap_manufacturing_integration_and_intelligence_(mii)Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) allows remote attackers to inject arbitrary web script or HTML via vectors related to UR Control, aka SAP Security Note 2201295.2016-04-14not yet calculatedCVE-2016-4016
MISC
MISCspacewalk_and_red_hat_satellite -- spacewalk-javaCross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7811.2016-04-14not yet calculatedCVE-2015-0284
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
REDHATtrend_micro -- password_managerThe HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.2016-04-11not yet calculatedCVE-2016-3987
EXPLOIT-DB
MISC
SECTRACK
MISC
CONFIRMtripleo_heat -- tripleo-heat-templatesThe TripleO Heat templates (tripleo-heat-templates) does not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.2016-04-15not yet calculatedCVE-2015-5271
CONFIRM
CONFIRM
CONFIRM
REDHATtripleo_heat -- tripleo-heat-templatesThe TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.2016-04-11not yet calculatedCVE-2015-5303
CONFIRM
REDHATtrytond -- model/modelstorage.pymodel/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records.2016-04-13not yet calculatedCVE-2015-0861
CONFIRM
CONFIRM
DEBIANvmware -- vcenter_serverClient Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site.2016-04-15not yet calculatedCVE-2016-2076
CONFIRMxen -- xenBuffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries, related to a "write path."2016-04-14not yet calculatedCVE-2015-8554
CONFIRM
SECTRACK
BID
CONFIRMxen -- xenThe fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.2016-04-13not yet calculatedCVE-2016-3159
CONFIRM
CONFIRM
SECTRACK
FEDORA
FEDORAxen -- xenThe PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks."2016-04-13not yet calculatedCVE-2015-8552
CONFIRM
SECTRACK
BIDxen -- xenThe PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks."2016-04-13not yet calculatedCVE-2015-8551
CONFIRM
SECTRACK
BIDxen -- xenThe xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.2016-04-13not yet calculatedCVE-2016-3158
CONFIRM
CONFIRM
CONFIRM
SECTRACK
FEDORA
FEDORAxen -- xenThe __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows guest local OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access.2016-04-12not yet calculatedCVE-2016-3157
CONFIRMxen -- xenXen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.2016-04-13not yet calculatedCVE-2015-8553
CONFIRMxen -- xenXen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.2016-04-14not yet calculatedCVE-2015-8550
CONFIRM
SECTRACK
BIDxen -- xsave/xrstorXen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors.2016-04-13not yet calculatedCVE-2015-8555
CONFIRM
SECTRACK
BID
CONFIRMxen_linux_kernel -- xen_linux_kernelXen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area.2016-04-15not yet calculatedCVE-2016-3961
CONFIRM
CONFIRM
SECTRACKxymon -- xymonlib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue.2016-04-13not yet calculatedCVE-2016-2057
CONFIRM
BUGTRAQ
DEBIAN
MISCxymon -- xymonMultiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long filename, involving handling a "config" command.2016-04-13 CVE-2016-2054
CONFIRM
CONFIRM
BUGTRAQ
DEBIAN
MISC
MLISTxymon -- xymonMultiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the "detailed status" page, or (2) remote authenticated users to inject arbitrary web script or HTML via an acknowledgement message, which is not properly handled in the "status" page.2016-04-13not yet calculatedCVE-2016-2058
CONFIRM
BUGTRAQ
DEBIAN
MISCxymon -- xymonxymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c.2016-04-13not yet calculatedCVE-2016-2056
CONFIRM
BUGTRAQ
DEBIAN
MISCxymon -- xymonxymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command.2016-04-13not yet calculatedCVE-2016-2055
CONFIRM
BUGTRAQ
DEBIAN
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


http://www.us-cert.gov/ncas/bulletins/SB16-109

Categories:
Tags:

[D] [Digg] [FB] [R] [SU] [Tweet] [G]

NEWSMAIL