Vulnerability Summary for the Week of January 9, 2017
Released
Jan 16, 2017
Document ID
SB17-016
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing a malformed cross-reference table. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2939 BID CONFIRM |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing JPEG 2000 files. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2940 BID CONFIRM |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing Compact Font Format data. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2941 BID CONFIRM |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when processing TIFF image data. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2942 BID CONFIRM |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing tags in TIFF images. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2943 BID CONFIRM |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when parsing crafted TIFF image files. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2944 BID CONFIRM |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when parsing TIFF image files. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2945 BID CONFIRM |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when parsing the segment for storing non-graphic information. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2946 BID CONFIRM |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability in the XFA engine. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2948 BID CONFIRM |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2949 BID CONFIRM |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2950 BID CONFIRM |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to sub-form functionality. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2951 BID CONFIRM |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability in the image conversion module related to parsing tags in TIFF files. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2952 BID CONFIRM |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module when processing a TIFF image. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2953 BID CONFIRM |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module when handling malformed TIFF images. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2954 BID CONFIRM |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2955 BID CONFIRM |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine, related to manipulation of the navigation pane. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2956 BID CONFIRM |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine, related to collaboration functionality. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2957 BID CONFIRM |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2958 BID CONFIRM |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to parsing of color profile metadata. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2959 BID CONFIRM |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of EXIF metadata. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2960 BID CONFIRM |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to validation functionality. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2961 BID CONFIRM |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable type confusion vulnerability in the XSLT engine related to localization functionality. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2962 BID CONFIRM |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to handling of the color profile in a TIFF file. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2963 BID CONFIRM |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to the parsing of JPEG EXIF metadata. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2964 BID CONFIRM |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to TIFF file parsing. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2965 BID CONFIRM |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the image conversion engine related to parsing malformed TIFF segments. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2966 BID CONFIRM |
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the XFA engine related to a form's structure and organization. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2967 BID CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability in the JPEG XR codec. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 10.0 | CVE-2017-2925 BID CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to processing of atoms in MP4 files. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 10.0 | CVE-2017-2926 BID CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 10.0 | CVE-2017-2927 BID CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to setting visual mode effects. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 10.0 | CVE-2017-2928 BID CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 10.0 | CVE-2017-2930 BID CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to the parsing of SWF metadata. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 10.0 | CVE-2017-2931 BID CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 10.0 | CVE-2017-2932 BID CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability related to texture compression. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 10.0 | CVE-2017-2933 BID CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when parsing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 10.0 | CVE-2017-2934 BID CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing the Flash Video container file format. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 10.0 | CVE-2017-2935 BID CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 10.0 | CVE-2017-2936 BID CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class, when using class inheritance. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 10.0 | CVE-2017-2937 BID CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 24.0.0.186 and earlier have a security bypass vulnerability related to handling TCP connections. | 2017-01-10 | 7.5 | CVE-2017-2938 BID CONFIRM |
| bluestacks -- bluestacks | A local privilege escalation vulnerability exists in BlueStacks App Player. The BlueStacks App Player installer creates a registry key with weak permissions that allows users to execute arbitrary programs with SYSTEM privileges. | 2017-01-06 | 7.2 | CVE-2016-4288 Miscellaneous MISC |
| call-cc -- chicken | The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released). | 2017-01-10 | 7.5 | CVE-2016-6830 MLIST BID |
| codeigniter -- codeigniter | system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments. | 2017-01-12 | 7.5 | CVE-2016-10131 MISC MISC MISC |
| eclinicalworks -- population_health | eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input. | 2017-01-10 | 7.5 | CVE-2015-4592 MISC BUGTRAQ EXPLOIT-DB |
| eclinicalworks -- population_health | eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID. | 2017-01-10 | 7.5 | CVE-2015-4594 MISC BUGTRAQ EXPLOIT-DB |
| exponentcms -- exponent_cms | Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload 'php' file to the website through uploader_paste.php, then overwrite /framework/conf/config.php, which leads to arbitrary code execution. | 2017-01-12 | 7.5 | CVE-2016-7790 MLIST BID |
| exponentcms -- exponent_cms | Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload an evil 'exploit.tar.gz' file to the website, then extract it by visiting '/install/index.php?install_sample=../../files/exploit', which leads to arbitrary code execution. | 2017-01-12 | 7.5 | CVE-2016-7791 MLIST BID |
| google -- android | An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31350755. References: MT-ALPS02961424. | 2017-01-12 | 9.3 | CVE-2016-6784 CONFIRM |
| lexmark -- perceptive_document_filters | An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted Bzip2 document can lead to a stack-based buffer overflow causing an out-of-bounds write which under the right circumstance could potentially be leveraged by an attacker to gain arbitrary code execution. | 2017-01-06 | 7.5 | CVE-2016-4336 MISC |
| libtiff -- libtiff | LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value. | 2017-01-12 | 7.5 | CVE-2017-5225 CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30740545. References: QC-CR#1065916. | 2017-01-12 | 7.6 | CVE-2016-6755 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31252384. References: QC-CR#1071809. | 2017-01-12 | 7.6 | CVE-2016-6791 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31253255. References: QC-CR#1072166. | 2017-01-12 | 7.6 | CVE-2016-8391 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31385862. References: QC-CR#1073136. | 2017-01-12 | 7.6 | CVE-2016-8392 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31911920. | 2017-01-12 | 7.6 | CVE-2016-8393 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31913197. | 2017-01-12 | 7.6 | CVE-2016-8394 CONFIRM |
| linux -- linux_kernel | A denial of service vulnerability in the NVIDIA camera driver could enable an attacker to cause a local permanent denial of service, which may require reflashing the operating system to repair the device. This issue is rated as High due to the possibility of local permanent denial of service. Product: Android. Versions: Kernel-3.10. Android ID: A-31403040. References: N-CVE-2016-8395. | 2017-01-12 | 7.1 | CVE-2016-8395 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935. | 2017-01-12 | 7.6 | CVE-2016-8399 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31225246. References: QC-CR#1071891. | 2017-01-12 | 7.6 | CVE-2016-8412 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31750554. References: QC-CR#1079596. | 2017-01-12 | 7.6 | CVE-2016-8415 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31606947. References: N-CVE-2016-8424. | 2017-01-12 | 9.3 | CVE-2016-8424 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31797770. References: N-CVE-2016-8425. | 2017-01-12 | 9.3 | CVE-2016-8425 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31799206. References: N-CVE-2016-8426. | 2017-01-12 | 9.3 | CVE-2016-8426 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31799885. References: N-CVE-2016-8427. | 2017-01-12 | 9.3 | CVE-2016-8427 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31993456. References: N-CVE-2016-8428. | 2017-01-12 | 9.3 | CVE-2016-8428 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32160775. References: N-CVE-2016-8429. | 2017-01-12 | 9.3 | CVE-2016-8429 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32225180. References: N-CVE-2016-8430. | 2017-01-12 | 9.3 | CVE-2016-8430 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32402179. References: N-CVE-2016-8431. | 2017-01-12 | 9.3 | CVE-2016-8431 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32447738. References: N-CVE-2016-8432. | 2017-01-12 | 9.3 | CVE-2016-8432 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32125137. References: QC-CR#1081855. | 2017-01-12 | 9.3 | CVE-2016-8434 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32700935. References: N-CVE-2016-8435. | 2017-01-12 | 9.3 | CVE-2016-8435 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32450261. References: QC-CR#1007860. | 2017-01-12 | 9.3 | CVE-2016-8436 CONFIRM |
| linux -- linux_kernel | Possible buffer overflow in the hypervisor. Inappropriate usage of a static array could lead to a buffer overrun. Product: Android. Versions: Kernel 3.18. Android ID: A-31625904. References: QC-CR#1027769. | 2017-01-12 | 7.2 | CVE-2016-8441 CONFIRM |
| linux -- linux_kernel | Possible unauthorized memory access in the hypervisor. Lack of input validation could allow hypervisor memory to be accessed by the HLOS. Product: Android. Versions: Kernel 3.18. Android ID: A-31625910. QC-CR#1038173. | 2017-01-12 | 7.2 | CVE-2016-8442 CONFIRM |
| linux -- linux_kernel | Possible unauthorized memory access in the hypervisor. Incorrect configuration provides access to subsystem page tables. Product: Android. Versions: Kernel 3.18. Android ID: A-32576499. References: QC-CR#964185. | 2017-01-12 | 7.2 | CVE-2016-8443 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31243641. References: QC-CR#1074310. | 2017-01-12 | 7.6 | CVE-2016-8444 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31798848. References: N-CVE-2016-8449. | 2017-01-12 | 7.6 | CVE-2016-8449 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32450563. References: QC-CR#880388. | 2017-01-12 | 7.6 | CVE-2016-8450 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32506396. References: QC-CR#1050323. | 2017-01-12 | 7.6 | CVE-2016-8452 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-24739315. References: B-RB#73392. | 2017-01-12 | 7.6 | CVE-2016-8453 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32174590. References: B-RB#107142. | 2017-01-12 | 7.6 | CVE-2016-8454 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32219121. References: B-RB#106311. | 2017-01-12 | 9.3 | CVE-2016-8455 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32219255. References: B-RB#105580. | 2017-01-12 | 7.6 | CVE-2016-8456 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32219453. References: B-RB#106116. | 2017-01-12 | 7.6 | CVE-2016-8457 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31968442. | 2017-01-12 | 7.6 | CVE-2016-8458 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29000183. References: B-RB#106314. | 2017-01-12 | 7.6 | CVE-2016-8464 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32474971. References: B-RB#106053. | 2017-01-12 | 7.6 | CVE-2016-8465 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31822524. References: B-RB#105268. | 2017-01-12 | 7.6 | CVE-2016-8466 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in Binder could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.18. Android ID: A-32394425. | 2017-01-12 | 7.6 | CVE-2016-8468 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the kernel performance subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402548. | 2017-01-12 | 7.6 | CVE-2017-0403 CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the kernel sound subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32510733. | 2017-01-12 | 7.6 | CVE-2017-0404 CONFIRM |
| memcached -- memcached | An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution. | 2017-01-06 | 7.5 | CVE-2016-8704 BID MISC |
| memcached -- memcached | Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution. | 2017-01-06 | 7.5 | CVE-2016-8705 BID MISC |
| microsoft -- windows_vista | The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to cause a denial of service (reboot) via a crafted authentication request, aka "Local Security Authority Subsystem Service Denial of Service Vulnerability." | 2017-01-10 | 7.8 | CVE-2017-0004 MS BID |
| microsoft -- word | Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | 2017-01-10 | 9.3 | CVE-2017-0003 MS BID |
| php -- php | In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution. | 2017-01-11 | 7.5 | CVE-2016-7479 MISC MISC BID MISC MISC |
| php -- php | The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. | 2017-01-11 | 7.5 | CVE-2016-7480 MISC MISC MISC BID MISC MISC MISC |
| php -- php | Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. | 2017-01-11 | 7.5 | CVE-2017-5340 BID CONFIRM CONFIRM |
| pidgin -- pidgin | Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure. | 2017-01-06 | 7.5 | CVE-2016-2368 DEBIAN CONFIRM BID MISC UBUNTU |
| pivotal_software -- gemfire_for_pivotal_cloud_foundry | An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because HTTPS communications are terminated at the gorouter, communications from the gorouter to GemFire clusters are unencrypted. An attacker could run any command available on gfsh and could cause denial of service, lost confidentiality of data, escalate privileges, or eavesdrop on other communications between the gorouter and the cluster. | 2017-01-06 | 7.5 | CVE-2016-9885 BID CONFIRM |
| python_software_foundation -- hpack | A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK dynamic header table into the dynamic header table. The attacker can then send a header block that is simply repeated requests to expand that field in the dynamic table. This can lead to a gigantic compression ratio of 4,096 or better, meaning that 16kB of data can decompress to 64MB of data on the target machine. | 2017-01-10 | 7.8 | CVE-2016-6581 BID CONFIRM |
| ruby-lang -- ruby | Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution. | 2017-01-06 | 7.5 | CVE-2016-2336 MISC |
| ruby-lang -- ruby | Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution. | 2017-01-06 | 7.5 | CVE-2016-2337 MISC |
| ruby-lang -- ruby | An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow. | 2017-01-06 | 7.5 | CVE-2016-2339 MISC |
| samsung -- samsung_mobile | Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app that it has embedded within it. The active install session of the embedded app is performed using the android.content.pm.PackageInstaller class and its nested classes in the Android API. The active install session will write the embedded APK file to the /data/app directory, but the app will not be installed since third-party applications cannot programmatically install apps. Samsung has modified AOSP in order to accelerate the parsing of APKs by introducing the com.android.server.pm.PackagePrefetcher class and its nested classes. These classes will parse the APKs present in the /data/app directory and other directories, even if the app is not actually installed. The embedded APK that was written to the /data/app directory via the active install session has a very large but valid AndroidManifest.xml file. Specifically, the AndroidManifest.xml file contains a very large string value for the name of a permission-tree that it declares. When system_server tries to parse the APK file of the embedded app from the active install session, it will crash due to an uncaught error (i.e., java.lang.OutOfMemoryError) or an uncaught exception (i.e., std::bad_alloc) because of memory constraints. The Samsung Android device will encounter a soft reboot due to a system_server crash, and this action will keep repeating since parsing the APKs in the /data/app directory as performed by the system_server process is part of the normal boot process. The Samsung ID is SVE-2016-6917. | 2017-01-09 | 7.1 | CVE-2017-5217 CONFIRM BID |
| samsung -- samsung_mobile | Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. The Samsung ID is SVE-2016-7650. | 2017-01-12 | 7.8 | CVE-2017-5351 CONFIRM |
| splunk -- splunk | Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via unspecified vectors, aka SPL-128840. | 2017-01-10 | 10.0 | CVE-2016-10126 CONFIRM |
| trane -- comfortlink_ii_firmware | A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system. | 2017-01-06 | 10.0 | CVE-2015-2867 BID MISC |
| trane -- comfortlink_ii_firmware | An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution. | 2017-01-06 | 10.0 | CVE-2015-2868 BID MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have a security bypass vulnerability when manipulating Form Data Format (FDF). | 2017-01-10 | 4.3 | CVE-2017-2947 BID CONFIRM |
| call-cc -- chicken | The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released). | 2017-01-10 | 5.0 | CVE-2016-6831 MLIST BID |
| call-cc -- http-client | The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" header to the HTTP_PROXY environment variable, which would allow attackers to direct CGI programs which use this environment variable to use an attacker-specified HTTP proxy server (also known as a "httpoxy" attack). This affects all versions of spiffy-cgi-handlers before 0.5. | 2017-01-10 | 5.0 | CVE-2016-6286 MLIST BID |
| call-cc -- http-client | The "http-client" egg always used a HTTP_PROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Under several web servers this would mean a user-supplied "Proxy" header could allow an attacker to direct all HTTP requests through a proxy (also known as a "httpoxy" attack). This affects all versions of http-client before 0.10. | 2017-01-10 | 5.0 | CVE-2016-6287 MLIST BID |
| d-link -- dgs-1100_firmware | D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session. | 2017-01-09 | 6.8 | CVE-2016-10125 BID MISC |
| eclinicalworks -- population_health | eClinicalWorks Population Health (CCMR) suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter. | 2017-01-10 | 4.3 | CVE-2015-4591 MISC BUGTRAQ EXPLOIT-DB |
| eclinicalworks -- population_health | eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the creation, modification and deletion of users, appointments and employees. | 2017-01-10 | 6.8 | CVE-2015-4593 MISC BUGTRAQ EXPLOIT-DB |
| emc -- scaleio | An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate privileges to root on ScaleIO Data Client (SDC) servers. | 2017-01-06 | 4.6 | CVE-2016-9867 CONFIRM BID |
| f5 -- big-ip_access_policy_manager | Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of packets may cause the Traffic Management Microkernel (TMM) to restart. | 2017-01-10 | 4.3 | CVE-2016-9247 CONFIRM |
| foxitsoftware -- reader | A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR. | 2017-01-06 | 4.3 | CVE-2016-8334 BID MISC |
| freeimage_project -- freeimage | An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this vulnerability. | 2017-01-06 | 6.8 | CVE-2016-5684 BID MISC |
| google -- android | An elevation of privilege vulnerability in Telephony could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android. Versions: 6.0, 6.0.1, 7.0. Android ID: A-31566390. | 2017-01-12 | 6.8 | CVE-2016-6771 CONFIRM |
| google -- android | An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32588756. | 2017-01-12 | 4.3 | CVE-2017-0399 CONFIRM CONFIRM |
| google -- android | An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32584034. | 2017-01-12 | 4.3 | CVE-2017-0400 CONFIRM CONFIRM |
| google -- android | An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32588016. | 2017-01-12 | 4.3 | CVE-2017-0401 CONFIRM CONFIRM |
| google -- android | An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32436341. | 2017-01-12 | 4.3 | CVE-2017-0402 CONFIRM CONFIRM CONFIRM |
| hancom -- hancom_office_2014 | When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a block of data within the file. When calculating this length, the application will use a value from the file and add a constant to it without checking whether the addition of the constant will cause the integer to overflow which will cause the buffer to be undersized when the application tries to copy file data into it. This allows one to overwrite contiguous data in the heap which can lead to code-execution under the context of the application. | 2017-01-06 | 6.8 | CVE-2016-4290 BID MISC |
| hancom -- hancom_office_2014 | When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a field from the structure in an operation that can cause the integer to overflow. This result is then used to allocate memory to copy file data in. Due to the lack of bounds checking on the integer, the allocated memory buffer can be made to be undersized at which point the reading of file data will write outside the bounds of the buffer. This can lead to code execution under the context of the application. | 2017-01-06 | 6.8 | CVE-2016-4291 BID MISC |
| hancom -- hancom_office_2014 | When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a static size to allocate a heap buffer yet explicitly trust a size from the file when modifying data inside of it. Due to this, an aggressor can corrupt memory outside the bounds of this buffer which can lead to code execution under the context of the application. | 2017-01-06 | 6.8 | CVE-2016-4292 BID MISC |
| hancom -- hancom_office_2014 | When opening a Hangul Hcell Document (.cell) and processing a property record within the Workbook stream, Hancom Office 2014 will attempt to allocate space for an element using a length from the file. When copying user-supplied data to this buffer, however, the application will use a different size which leads to a heap-based buffer overflow. This vulnerability can lead to code-execution under the context of the application. | 2017-01-06 | 6.8 | CVE-2016-4294 BID MISC |
| hancom -- hancom_office_2014 | When opening a Hangul Hcell Document (.cell) and processing a particular record within the Workbook stream, an index miscalculation leading to a heap overlow can be made to occur in Hancom Office 2014. The vulnerability occurs when processing data for a formula used to render a chart via the HncChartPlugin.hplg library. Due to a lack of bounds-checking when incrementing an index that is used for writing into a buffer for formulae, the application can be made to write pointer data outside its bounds which can lead to code execution under the context of the application. | 2017-01-06 | 6.8 | CVE-2016-4295 BID MISC |
| hancom -- hancom_office_2014 | When opening a Hangul Hcell Document (.cell) and processing a record that uses the CSSValFormat object, Hancom Office 2014 will search for an underscore ("_") character at the end of the string and write a null terminator after it. If the character is at the very end of the string, the application will mistakenly write the null-byte outside the bounds of its destination. This can result in heap corruption that can lead code execution under the context of the application | 2017-01-06 | 6.8 | CVE-2016-4296 BID MISC |
| hancom -- hancom_office_2014 | When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a list of elements using a length from the file. When calculating this length, an integer overflow can be made to occur which will cause the buffer to be undersized when the application tries to copy file data into the object containing this structure. This allows one to overwrite contiguous data in the heap which can lead to code-execution under the context of the application. | 2017-01-06 | 6.8 | CVE-2016-4298 BID MISC |
| ibm -- websphere_application_server | An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. The unexpected presence of path parameters can cause a constraint to be bypassed. Users of Apache Tomcat (all current versions) are not affected by this vulnerability since Tomcat follows the guidance previously provided by the Servlet Expert group and strips path parameters from the value returned by getContextPath(), getServletPath(), and getPathInfo(). Users of other Servlet containers based on Apache Tomcat may or may not be affected depending on whether or not the handling of path parameters has been modified. Users of IBM WebSphere Application Server 8.5.x are known to be affected. Users of other containers that implement the Servlet specification may be affected. | 2017-01-06 | 5.0 | CVE-2016-9879 BID CONFIRM |
| intel -- ethernet_controler_xl710_firmware | A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions. | 2017-01-09 | 4.3 | CVE-2016-8106 BID CONFIRM |
| isc -- bind | named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. | 2017-01-12 | 5.0 | CVE-2016-9131 BID CONFIRM |
| isc -- bind | named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets. | 2017-01-12 | 5.0 | CVE-2016-9147 CONFIRM |
| isc -- bind | named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer. | 2017-01-12 | 5.0 | CVE-2016-9444 CONFIRM |
| lexmark -- perceptive_document_filters | An exploitable buffer overflow exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a stack based buffer overflow resulting in remote code execution. | 2017-01-06 | 6.8 | CVE-2016-4335 BID MISC |
| lexmark -- perceptive_document_filters | An exploitable heap overflow vulnerability exists in the Compound Binary File Format (CBFF) parser functionality of Lexmark Perceptive Document Filters library. A specially crafted CBFF file can cause a code execution. An attacker can send a malformed file to trigger this vulnerability. | 2017-01-06 | 6.8 | CVE-2016-5646 MISC |
| libimobiledevice -- libplist | The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data. | 2017-01-11 | 6.4 | CVE-2017-5209 BID CONFIRM |
| libtiff -- libtiff | An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means. | 2017-01-06 | 6.8 | CVE-2016-5652 BID MISC |
| linux -- linux_kernel | An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31651010. | 2017-01-12 | 4.3 | CVE-2016-8405 CONFIRM |
| linuxcontainers -- lxc | An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container. | 2017-01-09 | 5.0 | CVE-2016-10124 CONFIRM |
| mantisbt -- mantisbt | Cross-site scripting (XSS) vulnerability in MantisBT Filter API in MantisBT versions before 1.2.19, and versions 2.0.0-beta1, 1.3.0-beta1 allows remote attackers to inject arbitrary web script or HTML via the 'view_type' parameter. | 2017-01-10 | 4.3 | CVE-2016-6837 BID SECTRACK CONFIRM CONFIRM |
| matroska -- libebml | A specially crafted unicode string in libebml master branch can cause an off-by-few read on the heap in unicode string parsing code in libebml. This issue can potentially be used for information leaks. | 2017-01-06 | 5.0 | CVE-2016-1514 BID MISC |
| matroska -- libebml | A use-after-free / double-free vulnerability can occur in libebml master branch while parsing Track elements of the MKV container. | 2017-01-06 | 5.0 | CVE-2016-1515 BID MISC |
| memcached -- memcached | An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution. | 2017-01-06 | 6.8 | CVE-2016-8706 BID MISC |
| metalgenix -- genixcms | SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated editors to execute arbitrary SQL commands via the term parameter to the default URI. | 2017-01-12 | 6.5 | CVE-2017-5345 MISC MISC |
| metalgenix -- genixcms | SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php. | 2017-01-12 | 6.5 | CVE-2017-5346 MISC |
| metalgenix -- genixcms | SQL injection vulnerability in inc/mod/newsletter/options.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the recipient parameter to gxadmin/index.php. | 2017-01-12 | 6.5 | CVE-2017-5347 MISC |
| microsoft -- edge | Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka "Microsoft Edge Elevation of Privilege Vulnerability." | 2017-01-10 | 6.8 | CVE-2017-0002 MS BID |
| netapp -- clustered_data_ontap | Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default privileged account which under certain conditions can be used for unauthorized information disclosure. | 2017-01-11 | 4.3 | CVE-2015-8020 BID CONFIRM |
| netapp -- metrocluster_tiebreaker | MetroCluster Tiebreaker for clustered Data ONTAP in versions before 1.2 discloses sensitive information in cleartext which may be viewed by an unauthenticated user. | 2017-01-11 | 5.0 | CVE-2016-6820 BID CONFIRM |
| netop -- remote_control | Stack-based buffer overflow vulnerability in Netop Remote Control versions 11.53, 12.21 and prior. The affected module in the Guest client is the "Import to Phonebook" option. When a specially designed malicious file containing special characters is loaded, the overflow occurs. 12.51 is the fixed version. The Support case ref is 00109744. | 2017-01-09 | 4.3 | CVE-2017-5216 CONFIRM BID |
| ntp -- ntp | An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled. | 2017-01-06 | 5.0 | CVE-2016-1547 CONFIRM CONFIRM BID MISC |
| ntp -- ntp | An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched. | 2017-01-06 | 6.4 | CVE-2016-1548 CONFIRM CONFIRM BID MISC |
| ntp -- ntp | A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock. | 2017-01-06 | 4.0 | CVE-2016-1549 CONFIRM BID MISC |
| ntp -- ntp | An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key. | 2017-01-06 | 5.0 | CVE-2016-1550 CONFIRM CONFIRM BID MISC |
| ntp -- ntp-dev | An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash. | 2017-01-06 | 5.0 | CVE-2015-7848 MISC |
| php -- php | Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. | 2017-01-11 | 5.0 | CVE-2016-7478 MISC MISC BID MISC MISC |
| pidgin -- pidgin | A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash. | 2017-01-06 | 4.3 | CVE-2016-2365 DEBIAN CONFIRM BID MISC UBUNTU |
| pidgin -- pidgin | A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash. | 2017-01-06 | 4.3 | CVE-2016-2366 DEBIAN CONFIRM BID MISC UBUNTU |
| pidgin -- pidgin | A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnerability. A malicious server can send a packet starting with a NULL byte triggering the vulnerability. | 2017-01-06 | 4.3 | CVE-2016-2369 DEBIAN CONFIRM BID MISC UBUNTU |
| pidgin -- pidgin | A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability. | 2017-01-06 | 4.3 | CVE-2016-2370 DEBIAN CONFIRM BID MISC UBUNTU |
| pidgin -- pidgin | An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution. | 2017-01-06 | 6.8 | CVE-2016-2371 DEBIAN CONFIRM BID MISC UBUNTU |
| pidgin -- pidgin | An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the file is sent to another user. | 2017-01-06 | 4.9 | CVE-2016-2372 DEBIAN CONFIRM BID MISC UBUNTU |
| pidgin -- pidgin | A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability. | 2017-01-06 | 4.3 | CVE-2016-2373 DEBIAN CONFIRM BID MISC UBUNTU |
| pidgin -- pidgin | An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution. | 2017-01-06 | 6.8 | CVE-2016-2374 DEBIAN CONFIRM BID MISC UBUNTU |
| pidgin -- pidgin | An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure. | 2017-01-06 | 5.0 | CVE-2016-2375 DEBIAN CONFIRM BID MISC UBUNTU |
| pidgin -- pidgin | A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size for a packet which will trigger a buffer overflow. | 2017-01-06 | 6.8 | CVE-2016-2376 DEBIAN CONFIRM BID MISC UBUNTU |
| pidgin -- pidgin | A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentially result in an out-of-bounds write of one byte. A malicious server can send a negative content-length in response to a HTTP request triggering the vulnerability. | 2017-01-06 | 6.8 | CVE-2016-2377 DEBIAN CONFIRM BID MISC UBUNTU |
| pidgin -- pidgin | A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in memory corruption. A malicious server or an unfiltered malicious user can send negative length values to trigger this vulnerability. | 2017-01-06 | 6.8 | CVE-2016-2378 DEBIAN CONFIRM BID MISC UBUNTU |
| pidgin -- pidgin | An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and could lead to a potential out-of-bounds read. | 2017-01-06 | 4.3 | CVE-2016-2380 DEBIAN CONFIRM BID MISC UBUNTU |
| pidgin -- pidgin | A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability. | 2017-01-06 | 5.8 | CVE-2016-4323 DEBIAN CONFIRM BID MISC UBUNTU |
| python_software_foundation -- python_priority_library | A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority information for each stream, and would therefore allocate unbounded amounts of memory. Attempting to actually use a tree like this would also cause extremely high CPU usage to maintain the tree. | 2017-01-10 | 5.0 | CVE-2016-6580 BID CONFIRM |
| samsung -- samsung_mobile | Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allow attackers to crash systemUI by leveraging incomplete exception handling. The Samsung ID is SVE-2016-7122. | 2017-01-12 | 5.0 | CVE-2017-5350 CONFIRM |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| emc -- scaleio | An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may cause a denial-of-service by generating a kernel panic in the SCINI driver using IOCTL calls which may render the ScaleIO Data Client (SDC) server unavailable until the next reboot. | 2017-01-06 | 2.1 | CVE-2016-9868 CONFIRM BID |
| emc -- scaleio | An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Incorrect permissions on the SCINI driver may allow a low-privileged local attacker to modify the configuration and render the ScaleIO Data Client (SDC) server unavailable. | 2017-01-06 | 2.1 | CVE-2016-9869 CONFIRM BID |
| google -- android | An information disclosure vulnerability in Package Manager could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 7.0. Android ID: A-31251489. | 2017-01-12 | 2.6 | CVE-2016-6774 CONFIRM |
| kaspersky -- anti-virus | A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause application termination and in the same way bypass KAV self-protection mechanism. | 2017-01-06 | 2.1 | CVE-2016-4329 BID Miscellaneous MISC Miscellaneous |
| kaspersky -- internet_security | A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to trigger this vulnerability. | 2017-01-06 | 2.1 | CVE-2016-4304 Miscellaneous MISC |
| kaspersky -- internet_security | A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to trigger this vulnerability. | 2017-01-06 | 2.1 | CVE-2016-4305 Miscellaneous MISC |
| kaspersky -- internet_security | A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel driver resulting in local system denial of service. An attacker can run a program from user-mode to trigger this vulnerability. | 2017-01-06 | 2.1 | CVE-2016-4307 Miscellaneous MISC |
| kaspersky -- total_security | Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory addresses that may be useful in bypassing kernel mitigations. An unprivileged user can run a program from user-mode to trigger this vulnerability. | 2017-01-06 | 2.1 | CVE-2016-4306 Miscellaneous MISC |
| linux -- linux_kernel | An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29464815. References: QC-CR#1042068. | 2017-01-12 | 2.6 | CVE-2016-6756 CONFIRM |
| linux -- linux_kernel | An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148242. References: QC-CR#1052821. | 2017-01-12 | 2.6 | CVE-2016-6757 CONFIRM |
| linux -- linux_kernel | An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31795790. | 2017-01-12 | 2.6 | CVE-2016-8473 CONFIRM |
| linux -- linux_kernel | An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31799972. | 2017-01-12 | 2.6 | CVE-2016-8474 CONFIRM |
| linux -- linux_kernel | An information disclosure vulnerability in the HTC input driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32591129. | 2017-01-12 | 2.6 | CVE-2016-8475 CONFIRM |
| pidgin -- pidgin | An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user. | 2017-01-06 | 3.5 | CVE-2016-2367 DEBIAN CONFIRM BID MISC UBUNTU |
| python -- urllib3 | Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. This vulnerability affects users using versions 1.17 and 1.18 of the urllib3 library, who are using the optional PyOpenSSL support for TLS instead of the regular standard library TLS backend, and who are using OpenSSL 1.1.0 via PyOpenSSL. This is an extremely uncommon configuration, so the security impact of this vulnerability is low. | 2017-01-11 | 2.6 | CVE-2016-9015 MLIST BID |
| web2py -- web2py | Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin). | 2017-01-11 | 3.5 | CVE-2016-4807 MISC EXPLOIT-DB |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- apache_storm | The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors. | 2017-01-13 | not yet calculated | CVE-2015-3188 MISC BUGTRAQ SECTRACK |
| apache -- apache | Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30.0, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server. | 2017-01-13 | not yet calculated | CVE-2016-10140 CONFIRM |
| artifex -- artifex | An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS before fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045. The attack requires a regular expression with nested repetition. A successful exploitation of this issue can lead to code execution or a denial of service (buffer overflow) condition. | 2017-01-13 | not yet calculated | CVE-2016-10141 CONFIRM CONFIRM |
| barco -- clickshare | Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to read /etc/shadow via unspecified vectors. | 2017-01-12 | not yet calculated | CVE-2016-3151 MISC BUGTRAQ BID |
| barco -- clickshare | Barco ClickShare CSC-1 devices with firmware before 01.09.03 and CSM-1 devices with firmware before 01.06.02 allow remote attackers to execute arbitrary code via unspecified vectors. | 2017-01-12 | not yet calculated | CVE-2016-3149 MISC BUGTRAQ BID |
| barco -- clickshare | Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-01-12 | not yet calculated | CVE-2016-3150 MISC BUGTRAQ BID |
| barco -- clickshare | Barco ClickShare CSC-1 devices with firmware before 01.09.03 allow remote attackers to obtain the root password by downloading and extracting the firmware image. | 2017-01-12 | not yet calculated | CVE-2016-3152 MISC BUGTRAQ BID |
| blackberry -- blackberry_enterprise_server | An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt. | 2017-01-13 | not yet calculated | CVE-2016-3130 CONFIRM |
| blackberry -- blackberry_enterprise_server | A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a device that was legitimately enrolled on the BES. | 2017-01-13 | not yet calculated | CVE-2016-3128 CONFIRM |
| blackberry -- blackberry | A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link. | 2017-01-13 | not yet calculated | CVE-2017-3890 CONFIRM |
| brocade -- network_advisor | A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files including files with sensitive user information. | 2017-01-14 | not yet calculated | CVE-2016-8207 CONFIRM |
| brocade -- network_advisor | A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed. | 2017-01-14 | not yet calculated | CVE-2016-8205 CONFIRM |
| brocade -- network_advisor | A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files. | 2017-01-14 | not yet calculated | CVE-2016-8206 CONFIRM |
| brocade -- network_advisor | A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed. | 2017-01-14 | not yet calculated | CVE-2016-8204 CONFIRM |
| brocade -- virtual_traffic_manager | A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster. | 2017-01-14 | not yet calculated | CVE-2016-8201 CONFIRM |
| cloud_foundry -- cloud_controller | An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a log aggregator via syslog. | 2017-01-13 | not yet calculated | CVE-2016-9882 CONFIRM |
| foxit -- foxit_pdf_toolkit | Memory Corruption Vulnerability in Foxit PDF Toolkit v1.3 allows an attacker to cause Denial of Service and Remote Code Execution when the victim opens the specially crafted PDF file. The Vulnerability has been fixed in v2.0. | 2017-01-13 | not yet calculated | CVE-2017-5364 CONFIRM |
| gajim -- gajim | The OTR plugin for Gajim sends information in cleartext when using XHTML, which allows remote attackers to obtain sensitive information via unspecified vectors. | 2017-01-13 | not yet calculated | CVE-2016-9107 MLIST MLIST CONFIRM CONFIRM |
| gerrit -- puppet | The Gerrit configuration in the Openstack Puppet module for Gerrit (aka puppet-gerrit) improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a crafted review. | 2017-01-12 | not yet calculated | CVE-2016-5737 MLIST BID CONFIRM |
| gnu -- guile | The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack. | 2017-01-12 | not yet calculated | CVE-2016-8606 MLIST BID FEDORA FEDORA FEDORA |
| gnu -- guile | The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected. | 2017-01-12 | not yet calculated | CVE-2016-8605 MLIST BID FEDORA FEDORA FEDORA |
| google -- android | An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31399736. References: QC-CR#1000546. | 2017-01-12 | not yet calculated | CVE-2016-8423 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31750190. References: MT-ALPS02974192. | 2017-01-12 | not yet calculated | CVE-2016-8433 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31471220. References: QC-CR#979426. | 2017-01-12 | not yet calculated | CVE-2016-8422 CONFIRM |
| google -- android | An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31498403. References: QC-CR#987010. | 2017-01-12 | 2.6 | CVE-2016-8410 CONFIRM |
| google -- android | An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31495687. References: N-CVE-2016-8409. | 2017-01-12 | 2.6 | CVE-2016-8409 CONFIRM |
| google -- android | Improper input validation in Access Control APIs. Access control API may return memory range checking incorrectly. Product: Android. Versions: Kernel 3.18. Android ID: A-31623057. References: QC-CR#1009695. | 2017-01-12 | not yet calculated | CVE-2016-8437 CONFIRM |
| google -- android | Integer overflow leading to a TOCTOU condition in hypervisor PIL. An integer overflow exposes a race condition that may be used to bypass (Peripheral Image Loader) PIL authentication. Product: Android. Versions: Kernel 3.18. Android ID: A-31624565. References: QC-CR#1023638. | 2017-01-12 | not yet calculated | CVE-2016-8438 CONFIRM |
| google -- android | An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31749463. References: MT-ALPS02968886. | 2017-01-12 | not yet calculated | CVE-2016-8447 CONFIRM |
| google -- android | An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31747749. References: MT-ALPS02968909. | 2017-01-12 | not yet calculated | CVE-2016-8446 CONFIRM |
| google -- android | An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31747590. References: MT-ALPS02968983. | 2017-01-12 | not yet calculated | CVE-2016-8445 CONFIRM |
| google -- android | Possible buffer overflow in trust zone access control API. Buffer overflow may occur due to lack of buffer size checking. Product: Android. Versions: Kernel 3.18. Android ID: A-31625204. References: QC-CR#1027804. | 2017-01-12 | not yet calculated | CVE-2016-8439 CONFIRM |
| google -- android | An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31496571. References: N-CVE-2016-8408. | 2017-01-12 | 2.6 | CVE-2016-8408 CONFIRM |
| google -- android | An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31802656. | 2017-01-12 | 4.3 | CVE-2016-8407 CONFIRM |
| google -- android | An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android IDs: A-32438594, A-32635664. | 2017-01-13 | not yet calculated | CVE-2017-0398 CONFIRM |
| google -- android | An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495231. | 2017-01-12 | 4.3 | CVE-2016-8402 CONFIRM |
| google -- android | An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31494725. | 2017-01-12 | 4.3 | CVE-2016-8401 CONFIRM |
| google -- android | An information disclosure vulnerability in the NVIDIA librm library (libnvrm) could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: Kernel-3.18. Android ID: A-31251599. References: N-CVE-2016-8400. | 2017-01-12 | not yet calculated | CVE-2016-8400 CONFIRM |
| google -- android | An information disclosure vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32377688. | 2017-01-12 | 4.3 | CVE-2017-0397 CONFIRM CONFIRM |
| google -- android | An information disclosure vulnerability in visualizer/EffectVisualizer.cpp in libeffects in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31781965. | 2017-01-12 | 4.3 | CVE-2017-0396 CONFIRM CONFIRM |
| google -- android | An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31496950. | 2017-01-12 | 4.3 | CVE-2016-8404 CONFIRM |
| google -- android | An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31495348. | 2017-01-12 | 4.3 | CVE-2016-8403 CONFIRM |
| google -- android | A denial of service vulnerability in Telephony could enable a remote attacker to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31752213. | 2017-01-12 | not yet calculated | CVE-2017-0394 CONFIRM |
| google -- android | An elevation of privilege vulnerability in Contacts could enable a local malicious application to silently create contact information. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32219099. | 2017-01-12 | 4.3 | CVE-2017-0395 CONFIRM |
| google -- android | An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31791148. References: MT-ALPS02982181. | 2017-01-12 | not yet calculated | CVE-2016-8448 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.4. Android ID: A-32178033. | 2017-01-12 | not yet calculated | CVE-2016-8451 CONFIRM |
| google -- android | A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32338390. | 2017-01-12 | not yet calculated | CVE-2017-0382 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1. Android ID: A-31677614. | 2017-01-12 | not yet calculated | CVE-2017-0383 CONFIRM |
| google -- android | A remote code execution vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31607432. | 2017-01-12 | not yet calculated | CVE-2017-0381 CONFIRM CONFIRM |
| google -- android | A denial of service vulnerability in decoder/ihevcd_decode.c in libhevc in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32322258. | 2017-01-12 | 7.1 | CVE-2017-0391 CONFIRM CONFIRM |
| google -- android | A denial of service vulnerability in VBRISeeker.cpp in libstagefright in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32577290. | 2017-01-12 | 7.1 | CVE-2017-0392 CONFIRM CONFIRM |
| google -- android | An elevation of privilege vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32095626. | 2017-01-12 | 9.3 | CVE-2017-0384 CONFIRM CONFIRM |
| google -- android | An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32585400. | 2017-01-12 | 9.3 | CVE-2017-0385 CONFIRM |
| google -- android | A denial of service vulnerability in Tremolo/dpen.s in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31647370. | 2017-01-12 | 7.1 | CVE-2017-0390 CONFIRM CONFIRM |
| google -- android | An elevation of privilege vulnerability in the External Storage Provider could enable a local secondary user to read data from an external storage SD card inserted by the primary user. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32523490. | 2017-01-12 | not yet calculated | CVE-2017-0388 CONFIRM |
| google -- android | An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32660278. | 2017-01-12 | not yet calculated | CVE-2017-0387 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32255299. | 2017-01-12 | not yet calculated | CVE-2017-0386 CONFIRM |
| google -- android | A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-30436808. | 2017-01-12 | 7.1 | CVE-2017-0393 CONFIRM CONFIRM |
| google -- android | Unauthenticated messages processed by the UE. Certain NAS messages are processed when no EPS security context exists in the UE. Product: Android. Versions: Kernel 3.18. Android ID: A-31548486. References: QC-CR#877705. | 2017-01-12 | not yet calculated | CVE-2016-8398 CONFIRM |
| google -- android | An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access sensitive data. Product: Android. Versions: N/A. Android ID: A-32510383. | 2017-01-12 | not yet calculated | CVE-2016-8462 CONFIRM |
| google -- android | An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access sensitive data. Product: Android. Versions: Kernel-3.18. Android ID: A-32369621. | 2017-01-12 | 2.1 | CVE-2016-8461 CONFIRM |
| google -- android | An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31668540. References: N-CVE-2016-8460. | 2017-01-12 | not yet calculated | CVE-2016-8460 CONFIRM |
| google -- android | Possible buffer overflow in storage subsystem. Bad parameters as part of listener responses to RPMB commands could lead to buffer overflow. Product: Android. Versions: Kernel 3.18. Android ID: A-32577972. References: QC-CR#988462. | 2017-01-12 | not yet calculated | CVE-2016-8459 CONFIRM |
| google -- android | A denial of service vulnerability in the Qualcomm FUSE file system could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30786860. References: QC-CR#586855. | 2017-01-12 | not yet calculated | CVE-2016-8463 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service (device interoperability: completely permanent or requiring re-flashing the entire operating system). Product: Android. Versions: N/A. Android ID: A-30308784. | 2017-01-13 | not yet calculated | CVE-2016-8467 CONFIRM |
| google -- android | An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31531758. References: MT-ALPS02961384. | 2017-01-12 | not yet calculated | CVE-2016-8472 CONFIRM |
| google -- android | An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31528890. References: MT-ALPS02961380. | 2017-01-12 | not yet calculated | CVE-2016-8471 CONFIRM |
| google -- android | An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31528889. References: MT-ALPS02961395. | 2017-01-12 | not yet calculated | CVE-2016-8470 CONFIRM |
| google -- android | An information disclosure vulnerability in the camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31351206. References: N-CVE-2016-8469. | 2017-01-12 | not yet calculated | CVE-2016-8469 CONFIRM |
| google -- android | A denial of service vulnerability in core networking could enable a remote attacker to use specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31850211. | 2017-01-12 | not yet calculated | CVE-2017-0389 CONFIRM |
| google -- android | An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796940. | 2017-01-12 | 4.3 | CVE-2016-8406 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31222873. References: N-CVE-2016-6775. | 2017-01-12 | 9.3 | CVE-2016-6775 CONFIRM |
| google -- android | An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31856351. | 2017-01-12 | not yet calculated | CVE-2016-6772 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Framework API could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-30202228. | 2017-01-12 | 4.3 | CVE-2016-6770 CONFIRM |
| google -- android | An elevation of privilege vulnerability in Smart Lock could enable a local malicious user to access Smart Lock settings without a PIN. This issue is rated as Moderate because it first requires physical access to an unlocked device where Smart Lock was the last settings pane accessed by the user. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-29055171. | 2017-01-12 | not yet calculated | CVE-2016-6769 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31680980. References: N-CVE-2016-6776. | 2017-01-12 | 9.3 | CVE-2016-6776 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31910462. References: N-CVE-2016-6777. | 2017-01-12 | 9.3 | CVE-2016-6777 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31251496. | 2017-01-12 | 7.6 | CVE-2016-6780 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31386004. | 2017-01-12 | 7.6 | CVE-2016-6779 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31384646. | 2017-01-12 | 7.6 | CVE-2016-6778 CONFIRM |
| google -- android | A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31631842. | 2017-01-12 | 6.8 | CVE-2016-6768 CONFIRM |
| google -- android | A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4. Android ID: A-31833604. | 2017-01-12 | 7.1 | CVE-2016-6767 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the libziparchive library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31251826. | 2017-01-12 | 6.8 | CVE-2016-6762 CONFIRM |
| google -- android | An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29617572. References: QC-CR#1055783. | 2017-01-12 | 9.3 | CVE-2016-6760 CONFIRM |
| google -- android | An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29982686. References: QC-CR#1055766. | 2017-01-12 | 9.3 | CVE-2016-6759 CONFIRM |
| google -- android | An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148882. References: QC-CR#1071731. | 2017-01-12 | 9.3 | CVE-2016-6758 CONFIRM |
| google -- android | A denial of service vulnerability in Telephony could enable a local malicious application to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of local permanent denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31530456. | 2017-01-12 | 7.1 | CVE-2016-6763 CONFIRM |
| google -- android | A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31681434. | 2017-01-12 | 7.1 | CVE-2016-6764 CONFIRM |
| google -- android | A denial of service vulnerability in libmedia and libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31318219. | 2017-01-12 | 7.1 | CVE-2016-6766 CONFIRM |
| google -- android | An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31385953. References: N-CVE-2016-8397. | 2017-01-12 | 4.3 | CVE-2016-8397 CONFIRM |
| google -- android | A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 7.0. Android ID: A-31449945. | 2017-01-12 | 7.1 | CVE-2016-6765 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31095175. References: MT-ALPS02943455. | 2017-01-12 | 9.3 | CVE-2016-6781 CONFIRM |
| google -- android | An information disclosure vulnerability in the ih264d decoder in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0. Android ID: A-30481714. | 2017-01-12 | not yet calculated | CVE-2016-6773 CONFIRM |
| google -- android | An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The two package names involved in the exfiltration are com.adups.fota and com.adups.fota.sysoper. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of android.uid.system which makes it execute as the system user, which is a very privileged user on the device. Therefore, the app executing as the system user has been granted a number of powerful permissions even though they are not present in the com.adups.fota.sysoper app's AndroidManifest.xml file. This app provides the com.adups.fota app access to the user's call log, text messages, and various device identifiers through the com.adups.fota.sysoper.provider.InfoProvider component. The com.adups.fota app uses timestamps when it runs and is eligible to exfiltrate the user's PII every 72 hours. If 72 hours have passed since the value of the timestamp, then the exfiltration will be triggered by the user plugging in the device to charge or when they leave or enter a wireless network. The exfiltration occurs in the background without any user interaction. | 2017-01-13 | not yet calculated | CVE-2016-10139 MISC MISC |
| google -- android | An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.18. Android ID: A-31251628. References: N-CVE-2016-6790. | 2017-01-12 | 9.3 | CVE-2016-6790 CONFIRM |
| google -- android | An issue was discovered on BLU Advance 5.0 and BLU R1 HD devices with Shanghai Adups software. The com.adups.fota.sysoper app is installed as a system app and cannot be disabled by the user. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of android.uid.system which makes it execute as the system user, which is a very privileged user on the device. The app has an exported broadcast receiver named com.adups.fota.sysoper.WriteCommandReceiver which any app on the device can interact with. Therefore, any app can send a command embedded in an intent which will be executed by the WriteCommandReceiver component which is executing as the system user. The third-party app, utilizing the WriteCommandReceiver, can perform the following actions: call a phone number, factory reset the device, take pictures of the screen, record the screen in a video, install applications, inject events, obtain the Android log, and others. In addition, the com.adups.fota.sysoper.TaskService component will make a request to a URL of http://rebootv5.adsunflower.com/ps/fetch.do where the commands in the String array with a key of sf in the JSON Object sent back by the server will be executed as the system user. Since the connection is made via HTTP, it is vulnerable to a MITM attack. | 2017-01-13 | not yet calculated | CVE-2016-10138 MISC MISC |
| google -- android | An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31224389. References: MT-ALPS02943506. | 2017-01-12 | 9.3 | CVE-2016-6782 CONFIRM |
| google -- android | An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sysoper allows any app on the device to read, write, and delete files as the system user. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of android.uid.system which makes it execute as the system user, which is a very privileged user on the device. This allows a third-party app to read, write, and delete the user's sent and received text messages and call log. This allows a third-party app to obtain PII from the user without permission to do so. | 2017-01-13 | not yet calculated | CVE-2016-10137 MISC MISC |
| google -- android | An information disclosure vulnerability in the MediaTek video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-31249105. | 2017-01-12 | not yet calculated | CVE-2016-8396 CONFIRM |
| google -- android | An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sysoper allows any app on the device to read, write, and delete files as the system user. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of android.uid.system which makes it execute as the system user, which is a very privileged user on the device. This allows a third-party app to read, write, and delete files owned by the system user. The third-party app can modify the /data/system/users/0/settings_secure.xml file to add an app as a notification listener to be able to receive the text of notifications as they are received on the device. This also allows the /data/system/users/0/accounts.db to be read which contains authentication tokens for various accounts on the device. The third-party app can obtain privileged information and also modify files to obtain more privileges on the device. | 2017-01-13 | not yet calculated | CVE-2016-10136 MISC MISC |
| google -- android | An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31748056. References: MT-ALPS02961400. | 2017-01-12 | 9.3 | CVE-2016-6785 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.18. Android ID: A-31251973. References: N-CVE-2016-6789. | 2017-01-12 | 9.3 | CVE-2016-6789 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the MediaTek I2C driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31224428. References: MT-ALPS02943467. | 2017-01-12 | not yet calculated | CVE-2016-6788 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31350044. References: MT-ALPS02943437. | 2017-01-12 | 9.3 | CVE-2016-6783 CONFIRM |
| google --android | An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29421682. References: QC-CR#1055792. | 2017-01-12 | 9.3 | CVE-2016-6761 CONFIRM |
| google --android | Possible buffer overflow in SMMU system call. Improper input validation in ADSP SID2CB system call may result in hypervisor memory overwrite. Product: Android. Versions: Kernel 3.18. Android ID: A-31625306. References: QC-CR#1036747. | 2017-01-12 | not yet calculated | CVE-2016-8440 CONFIRM |
| gstreamer -- gstreamer | Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read. | 2017-01-13 | not yet calculated | CVE-2016-9809 MLIST MLIST CONFIRM CONFIRM |
| gstreamer -- gstreamer | The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs. | 2017-01-13 | not yet calculated | CVE-2016-9808 MLIST MLIST CONFIRM MISC |
| gstreamer -- gstreamer | The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. | 2017-01-13 | not yet calculated | CVE-2016-9811 MLIST MLIST CONFIRM CONFIRM |
| gstreamer -- gstreamer | The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file. | 2017-01-13 | not yet calculated | CVE-2016-9807 MLIST MLIST CONFIRM CONFIRM CONFIRM |
| gstreamer -- gstreamer | The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | 2017-01-13 | not yet calculated | CVE-2016-9813 MLIST MLIST CONFIRM CONFIRM |
| gstreamer -- gstreamer | The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section. | 2017-01-13 | not yet calculated | CVE-2016-9812 MLIST MLIST CONFIRM CONFIRM |
| gstreamer -- gstreamer | The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call. | 2017-01-13 | not yet calculated | CVE-2016-9810 MLIST MLIST CONFIRM CONFIRM |
| ipv6 -- ipv6 | An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and can subsequently perform any type of fragmentation-based attack against legacy IPv6 nodes that do not implement [RFC6946]. That is, employing fragmentation where not actually needed allows for fragmentation-based attack vectors to be employed, unnecessarily. We note that, unfortunately, even nodes that already implement [RFC6946] can be subject to DoS attacks as a result of the generation of IPv6 atomic fragments. Let us assume that Host A is communicating with Host B and that, as a result of the widespread dropping of IPv6 packets that contain extension headers (including fragmentation) [RFC7872], some intermediate node filters fragments between Host B and Host A. If an attacker sends a forged ICMPv6 PTB error message to Host B, reporting an MTU smaller than 1280, this will trigger the generation of IPv6 atomic fragments from that moment on (as required by [RFC2460]). When Host B starts sending IPv6 atomic fragments (in response to the received ICMPv6 PTB error message), these packets will be dropped, since we previously noted that IPv6 packets with extension headers were being dropped between Host B and Host A. Thus, this situation will result in a DoS scenario. Another possible scenario is that in which two BGP peers are employing IPv6 transport and they implement Access Control Lists (ACLs) to drop IPv6 fragments (to avoid control-plane attacks). If the aforementioned BGP peers drop IPv6 fragments but still honor received ICMPv6 PTB error messages, an attacker could easily attack the corresponding peering session by simply sending an ICMPv6 PTB message with a reported MTU smaller than 1280 bytes. Once the attack packet has been sent, the aforementioned routers will themselves be the ones dropping their own traffic. | 2017-01-14 | not yet calculated | CVE-2016-10142 MISC MISC |
| jasper -- jasper | The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | 2017-01-13 | not yet calculated | CVE-2016-8883 MLIST MLIST CONFIRM |
| jasper -- jasper | The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | 2017-01-13 | not yet calculated | CVE-2016-8882 MLIST MLIST CONFIRM |
| jenkins -- jenkins | The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server. | 2017-01-12 | not yet calculated | CVE-2016-9299 MLIST MLIST BID MISC MLIST MLIST FEDORA CONFIRM CONFIRM |
| lenovo -- xclarity_administrator | Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary passwords that are used internally by LXCA code. | 2017-01-12 | not yet calculated | CVE-2016-8221 CONFIRM |
| lg -- mtklogger | An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are accessible to any application that resides on the device. Namely, the com.mediatek.mtklogger.framework.LogReceiver and com.mediatek.mtklogger.framework.MTKLoggerService application components are exported since they contain an intent filter, are not protected by a custom permission, and do not explicitly set the android:exported attribute to false. Therefore, these components are exported by default and are thus accessible to any third party application by using android.content.Intent object for communication. These application components can be used to start and stop the logs using Intent objects with embedded data. The available logs are the GPS log, modem log, network log, and mobile log. The base directory that contains the directories for the 4 types of logs is /sdcard/mtklog which makes them accessible to apps that require the READ_EXTERNAL_STORAGE permission. The GPS log contains the GPS coordinates of the user as well as a timestamp for the coordinates. The modem log contains AT commands and their parameters which allow the user's outgoing and incoming calls and text messages to be obtained. The network log is a tcpdump network capture. The mobile log contains the Android log, which is not available to third-party apps as of Android 4.1. The LG ID is LVE-SMP-160019. | 2017-01-13 | not yet calculated | CVE-2016-10135 MISC |
| libbsd -- libbsd | Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow. | 2017-01-13 | not yet calculated | CVE-2016-2090 MLIST MISC CONFIRM CONFIRM FEDORA FEDORA |
| liferay -- portal | Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template. | 2017-01-13 | not yet calculated | CVE-2010-5327 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt. | 2017-01-14 | not yet calculated | CVE-2017-2584 CONFIRM MLIST CONFIRM CONFIRM |
| linux -- linux_kernel | The MT6573FDVT_SetRegHW function in camera_fdvt.c in the MediaTek driver for Linux allows local users to gain privileges via a crafted application that makes an MT6573FDVTIOC_T_SET_FDCONF_CMD IOCTL call. | 2017-01-12 | not yet calculated | CVE-2016-6492 MISC BUGTRAQ BID CONFIRM |
| linux -- linux_kernel | Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua. | 2017-01-14 | not yet calculated | CVE-2017-5473 CONFIRM CONFIRM |
| matrixssl -- matrixssl | The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret key during RSA key exchange. | 2017-01-13 | not yet calculated | CVE-2016-6886 CONFIRM MISC |
| matrixssl -- matrixssl | The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular expontiation, which might allow remote attackers to predict the secret key via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6887. | 2017-01-13 | not yet calculated | CVE-2016-8671 MLIST MLIST MISC |
| matrixssl -- matrixssl | The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular expontiation, which might allow remote attackers to predict the secret key via a CRT attack. | 2017-01-13 | not yet calculated | CVE-2016-6887 CONFIRM MISC |
| matrixssl -- matrixssl | The pstm_exptmod function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid free and crash) via a base zero value for the modular exponentiation. | 2017-01-13 | not yet calculated | CVE-2016-6885 CONFIRM MISC |
| ntp -- ntp | ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet. | 2017-01-13 | not yet calculated | CVE-2016-9311 CONFIRM CONFIRM CONFIRM CERT-VN |
| ntp -- ntp | NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use. | 2017-01-13 | not yet calculated | CVE-2016-7429 CONFIRM CONFIRM CONFIRM CERT-VN |
| ntp -- ntp | NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression. | 2017-01-13 | not yet calculated | CVE-2016-7431 CONFIRM CONFIRM CONFIRM CERT-VN |
| ntp -- ntp | NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion." | 2017-01-13 | not yet calculated | CVE-2016-7433 CONFIRM CONFIRM CONFIRM CERT-VN |
| ntp -- ntp | The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query. | 2017-01-13 | not yet calculated | CVE-2016-7434 CONFIRM CONFIRM CONFIRM CERT-VN |
| ntp -- ntp | ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet. | 2017-01-13 | not yet calculated | CVE-2016-7428 CONFIRM CONFIRM CONFIRM CERT-VN |
| ntp -- ntp | The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet. | 2017-01-13 | not yet calculated | CVE-2016-7427 CONFIRM CONFIRM CONFIRM CERT-VN |
| ntp -- ntp | The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. | 2017-01-13 | not yet calculated | CVE-2016-9310 CONFIRM CONFIRM CONFIRM CERT-VN |
| ntp -- ntp | ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet. | 2017-01-13 | not yet calculated | CVE-2016-9312 CONFIRM CONFIRM CONFIRM CERT-VN |
| ntp -- ntp | NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. | 2017-01-13 | not yet calculated | CVE-2016-7426 CONFIRM CONFIRM CONFIRM CERT-VN |
| puppet_enterprise -- console | Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter. | 2017-01-12 | not yet calculated | CVE-2015-6501 CONFIRM |
| puppet_enterprise -- console | Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x before 2016.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the redirect parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6501. | 2017-01-12 | not yet calculated | CVE-2016-5715 MISC MISC BUGTRAQ BID CONFIRM |
| serendipity -- serendipity | Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin. | 2017-01-14 | not yet calculated | CVE-2017-5476 CONFIRM |
| serendipity -- serendipity | comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments. | 2017-01-14 | not yet calculated | CVE-2017-5475 CONFIRM |
| serendipity -- serendipity | Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header. | 2017-01-14 | not yet calculated | CVE-2017-5474 CONFIRM |
| smack -- smack | Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response. | 2017-01-12 | not yet calculated | CVE-2016-10027 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM FEDORA |
| web2py -- web2py | Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files. | 2017-01-11 | 5.0 | CVE-2016-4806 MISC EXPLOIT-DB |
| web2py -- web2py | Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim. | 2017-01-11 | 6.8 | CVE-2016-4808 MISC EXPLOIT-DB |
| wordpress -- wordpress | Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php. | 2017-01-14 | not yet calculated | CVE-2017-5492 MLIST CONFIRM CONFIRM CONFIRM |
| wordpress -- wordpress | wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup. | 2017-01-14 | not yet calculated | CVE-2017-5493 MLIST CONFIRM CONFIRM CONFIRM |
| wordpress -- wordpress | wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name. | 2017-01-14 | not yet calculated | CVE-2017-5491 MLIST CONFIRM CONFIRM CONFIRM |
| wordpress -- wordpress | Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload. | 2017-01-14 | not yet calculated | CVE-2017-5489 MLIST CONFIRM CONFIRM |
| wordpress -- wordpress | wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request. | 2017-01-14 | not yet calculated | CVE-2017-5487 MLIST CONFIRM CONFIRM CONFIRM MISC |
| wordpress -- wordpress | Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin. | 2017-01-14 | not yet calculated | CVE-2017-5488 MLIST CONFIRM CONFIRM CONFIRM |
| wordpress -- wordpress | Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php. | 2017-01-14 | not yet calculated | CVE-2017-5490 MLIST CONFIRM CONFIRM CONFIRM MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.