2016 VULNERABILITY DATABASE
CVE-2016-2850
Summary: Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors.
Published: 5/13/2016 10:59:11 AM
CVSS Severity: v3 - 7.5 HIGH v2 - 5.0 MEDIUM
CVE-2016-2849
Summary: Botan before 1.10.13 and 1.11.x before 1.11.29 does not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack.
Published: 5/13/2016 10:59:10 AM
CVSS Severity: v3 - 7.5 HIGH v2 - 5.0 MEDIUM
CVE-2016-2196
Summary: Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (memory overwrite and crash) or execute arbitrary code via unspecified vectors.
Published: 5/13/2016 10:59:09 AM
CVSS Severity: v3 - 9.8 CRITICAL v2 - 10.0 HIGH
CVE-2016-2195
Summary: Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow.
Published: 5/13/2016 10:59:08 AM
CVSS Severity: v3 - 9.8 CRITICAL v2 - 10.0 HIGH
CVE-2016-2194
Summary: The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus.
Published: 5/13/2016 10:59:07 AM
CVSS Severity: v3 - 7.5 HIGH v2 - 5.0 MEDIUM
CVE-2016-2099
Summary: Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier does not properly handle exceptions raised in the XMLReader class, which allows context-dependent attackers to have unspecified impact via an invalid character in an XML document.
Published: 5/13/2016 10:59:06 AM
CVE-2016-1580
Summary: The setup_snappy_os_mounts function in the ubuntu-core-launcher package before 1.0.27.1 improperly determines the mount point of bind mounts when using snaps, which might allow remote attackers to obtain sensitive information or gain privileges via a snap with a name starting with "ubuntu-core."
Published: 5/13/2016 10:59:05 AM
CVE-2016-1578
Summary: Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to responding synchronously to permission requests.
Published: 5/13/2016 10:59:04 AM
CVE-2015-7827
Summary: Botan before 1.10.13 and 1.11.x before 1.11.22 makes it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.
Published: 5/13/2016 10:59:03 AM
CVSS Severity: v3 - 7.5 HIGH v2 - 5.0 MEDIUM
CVE-2015-5727
Summary: The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field.
Published: 5/13/2016 10:59:02 AM
CVSS Severity: v3 - 7.5 HIGH v2 - 7.8 HIGH
CVE-2015-5726
Summary: The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data.
Published: 5/13/2016 10:59:01 AM
CVSS Severity: v3 - 7.5 HIGH v2 - 5.0 MEDIUM
CVE-2014-9742
Summary: The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group.
Published: 5/13/2016 10:59:00 AM
CVSS Severity: v3 - 7.5 HIGH v2 - 5.0 MEDIUM
CVE-2010-5326
Summary: The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack.
Published: 5/13/2016 6:59:00 AM
CVE-2016-4499
Summary: Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors.
Published: 5/11/2016 9:59:14 PM
CVSS Severity: v3 - 4.2 MEDIUM v2 - 4.4 MEDIUM
CVE-2016-4498
Summary: Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an uninitialized pointer, which allows local users to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Published: 5/11/2016 9:59:13 PM
CVSS Severity: v3 - 5.5 MEDIUM v2 - 6.8 MEDIUM
CVE-2016-4497
Summary: Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
Published: 5/11/2016 9:59:12 PM
CVSS Severity: v3 - 4.2 MEDIUM v2 - 6.8 MEDIUM
CVE-2016-4496
Summary: Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by triggering a crafted index value, as demonstrated by an integer overflow.
Published: 5/11/2016 9:59:11 PM
CVSS Severity: v3 - 4.2 MEDIUM v2 - 4.4 MEDIUM
CVE-2016-1393
Summary: SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175.
Published: 5/11/2016 9:59:10 PM
CVSS Severity: v3 - 7.1 HIGH v2 - 6.5 MEDIUM
CVE-2016-3712
Summary: Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
Published: 5/11/2016 5:59:02 PM
CVSS Severity: v3 - 5.5 MEDIUM v2 - 2.1 LOW
CVE-2016-3710
Summary: The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS users to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
Published: 5/11/2016 5:59:01 PM
CVSS Severity: v3 - 8.8 HIGH v2 - 7.2 HIGH