CVE-2016-2208 (anti-virus_engine)
The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file.
CVE-2016-4480 (xen)
The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.
Source: CVE-2016-4480 (xen)
CVE-2016-4480
The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.
Source: CVE-2016-4480
CVE-2016-2077 (player, workstation)
VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors.
CVE-2016-2077
VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors.
Source: CVE-2016-2077
CVE-2016-0731 (ambari)
The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration.
Source: CVE-2016-0731 (ambari)
CVE-2016-0707 (ambari)
The agent in Apache Ambari before 2.1.2 uses weak permissions for the (1) /var/lib/ambari-agent/data and (2) /var/lib/ambari-agent/keys directories, which allows local users to obtain sensitive information by reading files in the directories.
Source: CVE-2016-0707 (ambari)
CVE-2016-4425 (jansson)
Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data.
Source: CVE-2016-4425 (jansson)
CVE-2016-4425
Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data.
Source: CVE-2016-4425
CVE-2016-3727 (jenkins)
The API URL computer/(master)/api/xml in CloudBees Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.
Source: CVE-2016-3727 (jenkins)