CVE-2016-7090 (scalance_m-800_firmware, scalance_s615_firmware)

CVE-2016-7090 (scalance_m-800_firmware, scalance_s615_firmware)

The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Source: CVE-2016-7090 (scalance_m-800_firmware, scalance_s615_firmware)

CVE-2016-7568

CVE-2016-7568

Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.

Source: CVE-2016-7568