CVE-2016-1429
Directory traversal vulnerability in the web interface on Cisco RV180 and RV180W devices allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuz43023.
Source: CVE-2016-1429
[월:] 2016년 08월
CVE-2015-6397 (rv110w_wireless-n_vpn_firewall_firmware, rv130w_wireless-n_multifunction_vpn_router_firmware, rv215w_wireless-n_vpn_router_firmware)
CVE-2015-6397 (rv110w_wireless-n_vpn_firewall_firmware, rv130w_wireless-n_multifunction_vpn_router_firmware, rv215w_wireless-n_vpn_router_firmware)
Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that account, aka Bug IDs CSCuv90139, CSCux58175, and CSCux73557.
CVE-2015-6397
CVE-2015-6397
Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that account, aka Bug IDs CSCuv90139, CSCux58175, and CSCux73557.
Source: CVE-2015-6397
CVE-2015-6396 (rv110w_wireless-n_vpn_firewall_firmware, rv130w_wireless-n_multifunction_vpn_router_firmware, rv215w_wireless-n_vpn_router_firmware)
CVE-2015-6396 (rv110w_wireless-n_vpn_firewall_firmware, rv130w_wireless-n_multifunction_vpn_router_firmware, rv215w_wireless-n_vpn_router_firmware)
The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.
CVE-2015-6396
CVE-2015-6396
The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.
Source: CVE-2015-6396
CVE-2016-6515 (openssh)
CVE-2016-6515 (openssh)
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
Source: CVE-2016-6515 (openssh)
CVE-2016-6515
CVE-2016-6515
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
Source: CVE-2016-6515
CVE-2016-5340 (linux_kernel)
CVE-2016-5340 (linux_kernel)
The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name.
Source: CVE-2016-5340 (linux_kernel)
CVE-2016-5340
CVE-2016-5340
The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name.
Source: CVE-2016-5340
CVE-2016-2065 (linux_kernel)
CVE-2016-2065 (linux_kernel)
sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (out-of-bounds write and memory corruption) or possibly have unspecified other impact via a crafted application that makes an ioctl call triggering incorrect use of a parameters pointer.
Source: CVE-2016-2065 (linux_kernel)