| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2016-8279 |
284 |
|
DoS |
2016-09-26 |
2016-12-02 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The video driver in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B362, CRR-UL20 before CRR-UL20C00B362, CRR-CL00 before CRR-CL00C92B362, and CRR-CL20 before CRR-CL20C92B362; P8 smartphones with software GRA-TL00 before GRA-TL00C01B366, GRA-UL00 before GRA-UL00C00B366, GRA-UL10 before GRA-UL10C00B366, and GRA-CL00 before GRA-CL00C92B366; and Honor 6 and Honor 6 Plus smartphones with software before 6.9.16 allows attackers to cause a denial of service (device reboot) via a crafted application. |
|
2 |
CVE-2016-7568 |
190 |
|
DoS Overflow |
2016-09-28 |
2019-03-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls. |
|
3 |
CVE-2016-7549 |
|
|
DoS |
2016-09-25 |
2018-01-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message. |
|
4 |
CVE-2016-7498 |
399 |
|
DoS |
2016-09-27 |
2023-02-12 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. NOTE: this vulnerability exists because of a CVE-2015-3280 regression. |
|
5 |
CVE-2016-7444 |
264 |
|
Bypass |
2016-09-27 |
2018-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc. |
|
6 |
CVE-2016-7420 |
200 |
|
+Info |
2016-09-16 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory after an assertion failure, as demonstrated by reading a core dump. |
|
7 |
CVE-2016-7419 |
79 |
|
XSS |
2016-09-17 |
2017-04-07 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name. |
|
8 |
CVE-2016-7418 |
119 |
|
DoS Overflow |
2016-09-17 |
2018-05-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call. |
|
9 |
CVE-2016-7417 |
20 |
|
DoS |
2016-09-17 |
2018-05-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data. |
|
10 |
CVE-2016-7416 |
119 |
|
DoS Overflow |
2016-09-17 |
2018-05-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument. |
|
11 |
CVE-2016-7415 |
119 |
|
DoS Overflow |
2016-09-17 |
2019-04-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long locale string. |
|
12 |
CVE-2016-7414 |
119 |
|
DoS Overflow |
2016-09-17 |
2018-05-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c. |
|
13 |
CVE-2016-7413 |
416 |
|
DoS |
2016-09-17 |
2018-05-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call. |
|
14 |
CVE-2016-7412 |
119 |
|
DoS Overflow |
2016-09-17 |
2018-05-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata. |
|
15 |
CVE-2016-7411 |
119 |
|
DoS Overflow Mem. Corr. |
2016-09-17 |
2017-07-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object. |
|
16 |
CVE-2016-7395 |
19 |
|
DoS |
2016-09-11 |
2017-01-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SkPath.cpp in Skia, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, does not properly validate the return values of ChopMonoAtY calls, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via crafted graphics data. |
|
17 |
CVE-2016-7191 |
287 |
|
Bypass |
2016-09-28 |
2017-07-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD) library 1.x before 1.4.6 and 2.x before 2.0.1 for Node.js does not recognize the validateIssuer setting, which allows remote attackers to bypass authentication via a crafted token. |
|
18 |
CVE-2016-7180 |
416 |
|
DoS |
2016-09-09 |
2016-09-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. |
|
19 |
CVE-2016-7179 |
119 |
|
DoS Overflow |
2016-09-09 |
2016-09-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet. |
|
20 |
CVE-2016-7178 |
787 |
|
DoS |
2016-09-09 |
2016-09-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet. |
|
21 |
CVE-2016-7177 |
119 |
|
DoS Overflow |
2016-09-09 |
2016-09-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. |
|
22 |
CVE-2016-7176 |
119 |
|
DoS Overflow |
2016-09-09 |
2016-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet. |
|
23 |
CVE-2016-7175 |
125 |
|
DoS |
2016-09-09 |
2016-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark 2.x before 2.0.6 mishandles MAC address data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. |
|
24 |
CVE-2016-7166 |
399 |
|
DoS |
2016-09-21 |
2019-12-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file. |
|
25 |
CVE-2016-7163 |
190 |
|
Exec Code Overflow |
2016-09-21 |
2022-04-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write. |
|
26 |
CVE-2016-7162 |
20 |
|
|
2016-09-26 |
2021-04-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive. |
|
27 |
CVE-2016-7154 |
416 |
|
DoS Exec Code +Info |
2016-09-21 |
2017-04-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number. |
|
28 |
CVE-2016-7153 |
200 |
|
+Info |
2016-09-06 |
2017-02-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack. |
|
29 |
CVE-2016-7152 |
200 |
|
+Info |
2016-09-06 |
2017-02-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack. |
|
30 |
CVE-2016-7143 |
285 |
|
|
2016-09-21 |
2016-11-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter. |
|
31 |
CVE-2016-7142 |
264 |
|
|
2016-09-26 |
2020-09-14 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message. |
|
32 |
CVE-2016-7134 |
119 |
|
DoS Overflow |
2016-09-12 |
2017-08-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service (allocation error and heap-based buffer overflow) or possibly have unspecified other impact via a long string that is mishandled in a curl_escape call. |
|
33 |
CVE-2016-7133 |
190 |
|
DoS Overflow |
2016-09-12 |
2017-07-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long pathname. |
|
34 |
CVE-2016-7132 |
476 |
|
DoS |
2016-09-12 |
2020-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing. |
|
35 |
CVE-2016-7131 |
476 |
|
DoS |
2016-09-12 |
2020-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character. |
|
36 |
CVE-2016-7130 |
476 |
|
DoS |
2016-09-12 |
2018-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document. |
|
37 |
CVE-2016-7129 |
20 |
|
DoS |
2016-09-12 |
2018-01-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document. |
|
38 |
CVE-2016-7128 |
200 |
|
+Info |
2016-09-12 |
2018-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image. |
|
39 |
CVE-2016-7127 |
787 |
|
DoS |
2016-09-12 |
2018-01-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments. |
|
40 |
CVE-2016-7126 |
787 |
|
DoS |
2016-09-12 |
2020-11-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument. |
|
41 |
CVE-2016-7125 |
74 |
|
|
2016-09-12 |
2018-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection. |
|
42 |
CVE-2016-7124 |
502 |
|
DoS |
2016-09-12 |
2018-01-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call. |
|
43 |
CVE-2016-7123 |
352 |
|
CSRF |
2016-09-02 |
2017-07-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators. |
|
44 |
CVE-2016-7114 |
287 |
|
|
2016-09-06 |
2018-03-23 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.87; SIPROTEC 7UT686 : All versions < V 4.02; SIPROTEC 7SD686 : All versions < V 4.05; SIPROTEC 7SJ66 : All versions < V 4.30. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations. A legitimate user must be logged into the web interface for the attack to be successful. |
|
45 |
CVE-2016-7113 |
399 |
|
|
2016-09-06 |
2018-03-23 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Specially crafted packets sent to port 80/tcp could cause the affected device to go into defect mode. |
|
46 |
CVE-2016-7112 |
287 |
|
|
2016-09-06 |
2018-03-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations. |
|
47 |
CVE-2016-7110 |
94 |
|
Exec Code |
2016-09-07 |
2016-09-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7109. |
|
48 |
CVE-2016-7109 |
94 |
|
Exec Code |
2016-09-07 |
2016-09-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7110. |
|
49 |
CVE-2016-7108 |
200 |
|
+Info |
2016-09-07 |
2016-09-08 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors. |
|
50 |
CVE-2016-7107 |
284 |
|
|
2016-09-07 |
2016-09-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote attackers to reset arbitrary user passwords and consequently affect system data integrity via unspecified vectors. |
