Vulnerability Summary for the Week of January 16, 2017
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache -- storm | The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors. | 2017-01-13 | 10.0 | CVE-2015-3188 MISC BUGTRAQ SECTRACK |
artifex -- mujs | An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS before fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045. The attack requires a regular expression with nested repetition. A successful exploitation of this issue can lead to code execution or a denial of service (buffer overflow) condition. | 2017-01-13 | 7.5 | CVE-2016-10141 CONFIRM CONFIRM |
brocade -- network_advisor | A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed. | 2017-01-14 | 10.0 | CVE-2016-8204 CONFIRM |
brocade -- network_advisor | A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed. | 2017-01-14 | 10.0 | CVE-2016-8205 CONFIRM |
citrix -- provisioning_services | Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. | 2017-01-18 | 7.5 | CVE-2016-9676 BID SECTRACK CONFIRM |
citrix -- provisioning_services | Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. | 2017-01-18 | 7.5 | CVE-2016-9678 BID SECTRACK CONFIRM |
citrix -- provisioning_services | Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer. | 2017-01-18 | 7.5 | CVE-2016-9679 BID SECTRACK CONFIRM |
fedoraproject -- fedora | Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow. | 2017-01-13 | 7.5 | CVE-2016-2090 MLIST MISC CONFIRM CONFIRM FEDORA FEDORA |
fedoraproject -- fedora | Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. | 2017-01-19 | 7.2 | CVE-2016-7543 MLIST BID FEDORA FEDORA FEDORA MLIST GENTOO |
firejail -- firejail | Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. | 2017-01-19 | 7.2 | CVE-2016-9016 MLIST MLIST BID |
google -- android | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31676542. References: B-RB#26684. | 2017-01-18 | 9.3 | CVE-2014-9909 BID CONFIRM |
google -- android | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31746399. References: B-RB#26710. | 2017-01-18 | 7.6 | CVE-2014-9910 BID CONFIRM |
graphicsmagick -- graphicsmagick | Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries. | 2017-01-18 | 7.5 | CVE-2016-7996 MLIST MLIST BID |
intelliants -- subrion_cms | includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request. | 2017-01-20 | 7.5 | CVE-2017-5543 CONFIRM |
metalgenix -- genixcms | SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter. | 2017-01-17 | 7.5 | CVE-2017-5517 BID CONFIRM |
metalgenix -- genixcms | SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2017-01-17 | 7.5 | CVE-2017-5519 BID CONFIRM |
netbsd -- netbsd | CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program. | 2017-01-19 | 7.5 | CVE-2015-8212 NETBSD SECTRACK |
netbsd -- netbsd | mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox. | 2017-01-20 | 7.2 | CVE-2016-6253 MISC NETBSD MISC MISC BID SECTRACK EXPLOIT-DB EXPLOIT-DB |
ntp -- ntp | ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet. | 2017-01-13 | 7.1 | CVE-2016-9311 CONFIRM CONFIRM CONFIRM BID CERT-VN |
samsung -- samsung_mobile | The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object. | 2017-01-18 | 9.3 | CVE-2016-6526 CONFIRM MLIST BID |
samsung -- samsung_mobile | The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object. | 2017-01-18 | 9.3 | CVE-2016-6527 CONFIRM MLIST BID |
selinux_project -- selinux | SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. | 2017-01-19 | 7.2 | CVE-2016-7545 REDHAT MLIST BID CONFIRM FEDORA MLIST |
sociomantic -- git-hub | sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository name. | 2017-01-19 | 7.5 | CVE-2016-7794 MLIST BID CONFIRM |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache -- groovy | main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods. | 2017-01-18 | 5.0 | CVE-2016-6497 CONFIRM MLIST MISC |
artifex -- mujs | The chartorune function in Artifex Software MuJS allows attackers to cause a denial of service (out-of-bounds read) via a * (asterisk) at the end of the input. | 2017-01-18 | 5.0 | CVE-2016-7563 MLIST MLIST CONFIRM |
artifex -- mujs | Heap-based buffer overflow in the Fp_toString function in jsfunction.c in Artifex Software MuJS allows attackers to cause a denial of service (crash) via crafted input. | 2017-01-18 | 5.0 | CVE-2016-7564 MLIST MLIST CONFIRM |
artifex -- mujs | Artifex Software MuJS allows attackers to cause a denial of service (crash) via vectors related to incomplete escape sequences. NOTE: this vulnerability exists due to an incomplete fix for CVE-2016-7563. | 2017-01-18 | 5.0 | CVE-2016-9109 MLIST MLIST MLIST BID CONFIRM |
atlassian -- confluence | Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action. | 2017-01-18 | 4.3 | CVE-2016-6283 MISC FULLDISC FULLDISC BID EXPLOIT-DB |
b2evolution -- b2evolution | Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function. | 2017-01-18 | 4.3 | CVE-2016-7149 MLIST MLIST BID CONFIRM |
b2evolution -- b2evolution | Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter. | 2017-01-15 | 5.5 | CVE-2017-5480 BID CONFIRM CONFIRM |
blackberry -- enterprise_service | A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a device that was legitimately enrolled on the BES. | 2017-01-13 | 6.4 | CVE-2016-3128 CONFIRM BID SECTRACK |
blackberry -- enterprise_service | An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt. | 2017-01-13 | 4.3 | CVE-2016-3130 CONFIRM SECTRACK |
blackberry -- vapp | A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link. | 2017-01-13 | 4.3 | CVE-2017-3890 CONFIRM BID |
brocade -- network_advisor | A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files. | 2017-01-14 | 6.4 | CVE-2016-8206 CONFIRM |
brocade -- network_advisor | A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files including files with sensitive user information. | 2017-01-14 | 5.0 | CVE-2016-8207 CONFIRM |
brocade -- virtual_traffic_manager | A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster. | 2017-01-14 | 6.0 | CVE-2016-8201 CONFIRM |
bzrtp_project -- bzrtp | The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception. | 2017-01-18 | 5.0 | CVE-2016-6271 CONFIRM |
ca -- service_desk_management | RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request. | 2017-01-18 | 5.5 | CVE-2016-10086 BID SECTRACK CONFIRM |
citrix -- provisioning_services | Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors. | 2017-01-18 | 5.0 | CVE-2016-9677 BID SECTRACK CONFIRM |
citrix -- provisioning_services | Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive information from kernel memory via unspecified vectors. | 2017-01-18 | 5.0 | CVE-2016-9680 BID SECTRACK CONFIRM |
cloud_foundry -- capi-release | An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a log aggregator via syslog. | 2017-01-13 | 5.0 | CVE-2016-9882 BID CONFIRM |
cmsmadesimple -- cms_made_simple | Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request. | 2017-01-16 | 6.0 | CVE-2016-7904 MISC MISC BID |
exponentcms -- exponent_cms | Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email. | 2017-01-18 | 4.3 | CVE-2015-8667 CONFIRM MISC |
exponentcms -- exponent_cms | Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then accessing it via the elFinder functionality. | 2017-01-18 | 4.3 | CVE-2015-8684 CONFIRM MISC |
foxitsoftware -- foxit_pdf_toolkit | Memory Corruption Vulnerability in Foxit PDF Toolkit v1.3 allows an attacker to cause Denial of Service and Remote Code Execution when the victim opens the specially crafted PDF file. The Vulnerability has been fixed in v2.0. | 2017-01-13 | 6.8 | CVE-2017-5364 CONFIRM |
google -- android | An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service (device interoperability: completely permanent or requiring re-flashing the entire operating system). Product: Android. Versions: N/A. Android ID: A-30308784. | 2017-01-13 | 4.9 | CVE-2016-8467 BID MISC CONFIRM |
google -- android | An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android IDs: A-32438594, A-32635664. | 2017-01-13 | 4.3 | CVE-2017-0398 BID CONFIRM |
google -- chrome | The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page. | 2017-01-19 | 6.8 | CVE-2016-5196 BID CONFIRM CONFIRM |
google -- chrome | The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbitrary activity on the system via a crafted HTML page. | 2017-01-19 | 6.8 | CVE-2016-5197 BID CONFIRM CONFIRM |
google -- chrome | V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page. | 2017-01-19 | 6.8 | CVE-2016-5198 BID CONFIRM CONFIRM |
google -- chrome | An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file. | 2017-01-19 | 6.8 | CVE-2016-5199 BID CONFIRM CONFIRM |
google -- chrome | V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android incorrectly applied type rules, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2017-01-19 | 6.8 | CVE-2016-5200 BID CONFIRM CONFIRM |
google -- chrome | A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page. | 2017-01-19 | 4.3 | CVE-2016-5201 BID CONFIRM CONFIRM |
google -- chrome | A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 2017-01-19 | 6.8 | CVE-2016-5203 BID CONFIRM CONFIRM |
google -- chrome | Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | 2017-01-19 | 4.3 | CVE-2016-5204 BID CONFIRM CONFIRM |
google -- chrome | Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac, incorrectly handles deferred page loads, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | 2017-01-19 | 4.3 | CVE-2016-5205 BID CONFIRM CONFIRM |
google -- chrome | The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page. | 2017-01-19 | 6.8 | CVE-2016-5206 BID CONFIRM CONFIRM |
google -- chrome | In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page. | 2017-01-19 | 4.3 | CVE-2016-5207 BID CONFIRM CONFIRM |
google -- chrome | Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | 2017-01-19 | 4.3 | CVE-2016-5208 BID CONFIRM CONFIRM |
google -- chrome | Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2017-01-19 | 6.8 | CVE-2016-5209 BID CONFIRM CONFIRM |
google -- chrome | Heap buffer overflow during TIFF image parsing in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 2017-01-19 | 6.8 | CVE-2016-5210 BID CONFIRM CONFIRM |
google -- chrome | A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 2017-01-19 | 6.8 | CVE-2016-5211 BID CONFIRM CONFIRM |
google -- chrome | Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android insufficiently sanitized DevTools URLs, which allowed a remote attacker to read local files via a crafted HTML page. | 2017-01-19 | 4.3 | CVE-2016-5212 BID CONFIRM CONFIRM |
google -- chrome | A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2017-01-19 | 6.8 | CVE-2016-5213 BID CONFIRM CONFIRM |
google -- chrome | Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files, which allowed a remote attacker to prevent the downloaded file from receiving the Mark of the Web via a crafted HTML page. | 2017-01-19 | 4.3 | CVE-2016-5214 BID CONFIRM CONFIRM |
google -- chrome | A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 2017-01-19 | 6.8 | CVE-2016-5215 BID CONFIRM CONFIRM |
google -- chrome | A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. | 2017-01-19 | 6.8 | CVE-2016-5216 BID CONFIRM CONFIRM |
google -- chrome | The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page. | 2017-01-19 | 4.3 | CVE-2016-5217 BID CONFIRM CONFIRM |
google -- chrome | The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox (URL bar) via a crafted HTML page containing PDF data. | 2017-01-19 | 4.3 | CVE-2016-5218 BID CONFIRM CONFIRM |
google -- chrome | A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2017-01-19 | 6.8 | CVE-2016-5219 BID CONFIRM CONFIRM |
google -- chrome | PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to read local files via a crafted PDF file. | 2017-01-19 | 4.3 | CVE-2016-5220 BID CONFIRM CONFIRM |
google -- chrome | Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android possibly allowed a remote attacker to bypass buffer validation via a crafted HTML page. | 2017-01-19 | 6.8 | CVE-2016-5221 BID CONFIRM CONFIRM |
google -- chrome | Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2017-01-19 | 4.3 | CVE-2016-5222 BID CONFIRM CONFIRM |
google -- chrome | Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption or DoS via a crafted PDF file. | 2017-01-19 | 4.3 | CVE-2016-5223 BID CONFIRM CONFIRM |
google -- chrome | A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page. | 2017-01-19 | 4.3 | CVE-2016-5224 BID CONFIRM CONFIRM |
google -- chrome | Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page. | 2017-01-19 | 4.3 | CVE-2016-5225 BID CONFIRM CONFIRM |
google -- chrome | Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar. | 2017-01-19 | 4.3 | CVE-2016-5226 BID CONFIRM CONFIRM |
google -- chrome | Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page. | 2017-01-19 | 4.3 | CVE-2016-9650 BID CONFIRM CONFIRM |
graphicsmagick -- graphicsmagick | The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer. | 2017-01-18 | 5.0 | CVE-2016-7997 MLIST MLIST BID |
gstreamer -- gstreamer | The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file. | 2017-01-13 | 4.3 | CVE-2016-9807 MLIST MLIST BID CONFIRM CONFIRM CONFIRM |
gstreamer -- gstreamer | The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs. | 2017-01-13 | 5.0 | CVE-2016-9808 MLIST MLIST BID CONFIRM MISC |
gstreamer -- gstreamer | Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read. | 2017-01-13 | 6.8 | CVE-2016-9809 MLIST MLIST BID CONFIRM CONFIRM |
gstreamer -- gstreamer | The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call. | 2017-01-13 | 4.3 | CVE-2016-9810 MLIST MLIST BID CONFIRM CONFIRM |
gstreamer -- gstreamer | The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. | 2017-01-13 | 4.3 | CVE-2016-9811 MLIST MLIST BID CONFIRM CONFIRM |
gstreamer -- gstreamer | The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section. | 2017-01-13 | 5.0 | CVE-2016-9812 MLIST MLIST BID CONFIRM CONFIRM |
gstreamer -- gstreamer | The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | 2017-01-13 | 4.3 | CVE-2016-9813 MLIST MLIST BID CONFIRM CONFIRM |
hexchat_project -- hexchat | Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name. | 2017-01-18 | 6.8 | CVE-2016-2087 MISC EXPLOIT-DB |
hexchat_project -- hexchat | Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash) via a large number of options in a CAP LS message. | 2017-01-18 | 5.0 | CVE-2016-2233 MISC EXPLOIT-DB |
ietf -- ipv6 | An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and can subsequently perform any type of fragmentation-based attack against legacy IPv6 nodes that do not implement [RFC6946]. That is, employing fragmentation where not actually needed allows for fragmentation-based attack vectors to be employed, unnecessarily. We note that, unfortunately, even nodes that already implement [RFC6946] can be subject to DoS attacks as a result of the generation of IPv6 atomic fragments. Let us assume that Host A is communicating with Host B and that, as a result of the widespread dropping of IPv6 packets that contain extension headers (including fragmentation) [RFC7872], some intermediate node filters fragments between Host B and Host A. If an attacker sends a forged ICMPv6 PTB error message to Host B, reporting an MTU smaller than 1280, this will trigger the generation of IPv6 atomic fragments from that moment on (as required by [RFC2460]). When Host B starts sending IPv6 atomic fragments (in response to the received ICMPv6 PTB error message), these packets will be dropped, since we previously noted that IPv6 packets with extension headers were being dropped between Host B and Host A. Thus, this situation will result in a DoS scenario. Another possible scenario is that in which two BGP peers are employing IPv6 transport and they implement Access Control Lists (ACLs) to drop IPv6 fragments (to avoid control-plane attacks). If the aforementioned BGP peers drop IPv6 fragments but still honor received ICMPv6 PTB error messages, an attacker could easily attack the corresponding peering session by simply sending an ICMPv6 PTB message with a reported MTU smaller than 1280 bytes. Once the attack packet has been sent, the aforementioned routers will themselves be the ones dropping their own traffic. | 2017-01-14 | 5.0 | CVE-2016-10142 MISC MISC |
imagemagick -- imagemagick | Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write. | 2017-01-18 | 5.0 | CVE-2016-6823 MLIST BID CONFIRM CONFIRM |
imagemagick -- imagemagick | The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file. | 2017-01-18 | 4.3 | CVE-2016-7101 MLIST BID CONFIRM CONFIRM CONFIRM |
imagemagick -- imagemagick | MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | 2017-01-18 | 4.3 | CVE-2016-7799 MLIST MLIST BID CONFIRM CONFIRM |
imagemagick -- imagemagick | magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file. | 2017-01-18 | 4.3 | CVE-2016-7906 MLIST MLIST BID CONFIRM CONFIRM |
jasper_project -- jasper | The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | 2017-01-13 | 4.3 | CVE-2016-8882 MLIST MLIST CONFIRM |
jasper_project -- jasper | The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | 2017-01-13 | 4.3 | CVE-2016-8883 MLIST MLIST CONFIRM |
jcraft -- jsch | Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command. | 2017-01-19 | 4.3 | CVE-2016-5725 MISC FULLDISC CONFIRM BID MISC EXPLOIT-DB |
lg -- lg_mobile | An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are accessible to any application that resides on the device. Namely, the com.mediatek.mtklogger.framework.LogReceiver and com.mediatek.mtklogger.framework.MTKLoggerService application components are exported since they contain an intent filter, are not protected by a custom permission, and do not explicitly set the android:exported attribute to false. Therefore, these components are exported by default and are thus accessible to any third party application by using android.content.Intent object for communication. These application components can be used to start and stop the logs using Intent objects with embedded data. The available logs are the GPS log, modem log, network log, and mobile log. The base directory that contains the directories for the 4 types of logs is /sdcard/mtklog which makes them accessible to apps that require the READ_EXTERNAL_STORAGE permission. The GPS log contains the GPS coordinates of the user as well as a timestamp for the coordinates. The modem log contains AT commands and their parameters which allow the user's outgoing and incoming calls and text messages to be obtained. The network log is a tcpdump network capture. The mobile log contains the Android log, which is not available to third-party apps as of Android 4.1. The LG ID is LVE-SMP-160019. | 2017-01-13 | 4.3 | CVE-2016-10135 MISC |
libical_project -- libical | libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file. | 2017-01-18 | 6.4 | CVE-2016-9584 MLIST BID |
libtiff -- libtiff | Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff. | 2017-01-20 | 4.3 | CVE-2016-5318 MLIST MLIST BID |
libtiff -- libtiff | Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file. | 2017-01-20 | 4.3 | CVE-2016-5319 MLIST MLIST BID |
libtiff -- libtiff | tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode. | 2017-01-18 | 4.3 | CVE-2016-9273 CONFIRM MLIST MLIST BID |
libtiff -- libtiff | The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values. | 2017-01-18 | 5.0 | CVE-2016-9297 CONFIRM MLIST MLIST BID |
liferay -- liferay_portal | Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template. | 2017-01-13 | 6.5 | CVE-2010-5327 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
linux -- linux_kernel | crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5). | 2017-01-18 | 4.9 | CVE-2016-10147 CONFIRM MLIST CONFIRM MLIST CONFIRM CONFIRM |
matrixssl -- matrixssl | The pstm_exptmod function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid free and crash) via a base zero value for the modular exponentiation. | 2017-01-13 | 5.0 | CVE-2016-6885 CONFIRM MISC |
matrixssl -- matrixssl | The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret key during RSA key exchange. | 2017-01-13 | 5.0 | CVE-2016-6886 CONFIRM BID MISC |
matrixssl -- matrixssl | The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack. | 2017-01-13 | 4.3 | CVE-2016-6887 CONFIRM MISC |
matrixssl -- matrixssl | The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6887. | 2017-01-13 | 4.3 | CVE-2016-8671 MLIST MLIST BID MISC |
metalgenix -- genixcms | Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters. | 2017-01-17 | 4.3 | CVE-2017-5516 BID CONFIRM |
metalgenix -- genixcms | The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address. | 2017-01-17 | 4.3 | CVE-2017-5518 BID CONFIRM |
metalgenix -- genixcms | The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions. | 2017-01-17 | 6.5 | CVE-2017-5520 BID CONFIRM |
moodle -- moodle | In Moodle 3.x, glossary search displays entries without checking user permissions to view them. | 2017-01-20 | 5.0 | CVE-2016-5012 CONFIRM |
moodle -- moodle | In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam. | 2017-01-20 | 5.8 | CVE-2016-5013 CONFIRM |
moodle -- moodle | In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course. | 2017-01-20 | 5.8 | CVE-2016-5014 CONFIRM |
moodle -- moodle | In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed. | 2017-01-20 | 5.0 | CVE-2016-7038 CONFIRM |
moodle -- moodle | In Moodle 2.x and 3.x, the question engine allows access to files that should not be available. | 2017-01-20 | 5.0 | CVE-2016-8642 CONFIRM |
moodle -- moodle | In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services. | 2017-01-20 | 4.0 | CVE-2016-8643 CONFIRM |
moodle -- moodle | In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. | 2017-01-20 | 5.0 | CVE-2016-8644 CONFIRM |
moodle -- moodle | In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. | 2017-01-20 | 5.0 | CVE-2017-2576 CONFIRM |
moodle -- moodle | In Moodle 3.x, there is XSS in the assignment submission page. | 2017-01-20 | 4.3 | CVE-2017-2578 CONFIRM |
novell -- opensuse | The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers tocause a denial of service (invalid read and crash) via a crafted tiff image. | 2017-01-20 | 4.3 | CVE-2016-5321 SUSE |
ntop -- ntop | Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua. | 2017-01-14 | 6.8 | CVE-2017-5473 CONFIRM CONFIRM |
ntp -- ntp | NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. | 2017-01-13 | 4.3 | CVE-2016-7426 CONFIRM CONFIRM CONFIRM BID CERT-VN |
ntp -- ntp | NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use. | 2017-01-13 | 4.3 | CVE-2016-7429 CONFIRM CONFIRM CONFIRM BID CERT-VN |
ntp -- ntp | NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression. | 2017-01-13 | 5.0 | CVE-2016-7431 CONFIRM CONFIRM CONFIRM BID CERT-VN |
ntp -- ntp | NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion." | 2017-01-13 | 5.0 | CVE-2016-7433 CONFIRM CONFIRM CONFIRM BID CERT-VN |
ntp -- ntp | The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query. | 2017-01-13 | 5.0 | CVE-2016-7434 CONFIRM CONFIRM CONFIRM BID CERT-VN |
ntp -- ntp | The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. | 2017-01-13 | 6.4 | CVE-2016-9310 CONFIRM CONFIRM CONFIRM BID CERT-VN |
ntp -- ntp | ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet. | 2017-01-13 | 5.0 | CVE-2016-9312 CONFIRM CONFIRM CONFIRM BID CERT-VN |
opensuse_project -- opensuse | Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool. | 2017-01-20 | 4.3 | CVE-2016-5316 SUSE SUSE SUSE MLIST |
opensuse_project -- opensuse | Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file. | 2017-01-20 | 4.3 | CVE-2016-5317 SUSE SUSE SUSE MLIST MLIST |
opensuse_project -- opensuse | The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image. | 2017-01-20 | 5.0 | CVE-2016-5323 SUSE MLIST |
otr -- gajim-otr | The OTR plugin for Gajim sends information in cleartext when using XHTML, which allows remote attackers to obtain sensitive information via unspecified vectors. | 2017-01-13 | 5.0 | CVE-2016-9107 MLIST MLIST BID CONFIRM CONFIRM |
s9y -- serendipity | Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header. | 2017-01-14 | 5.8 | CVE-2017-5474 CONFIRM |
s9y -- serendipity | comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments. | 2017-01-14 | 6.8 | CVE-2017-5475 CONFIRM |
s9y -- serendipity | Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin. | 2017-01-14 | 6.8 | CVE-2017-5476 CONFIRM |
samsung -- exynos_fimg2d_driver | The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows local users to cause a denial of service (kernel panic) via a crafted ioctl command. | 2017-01-18 | 4.9 | CVE-2016-9278 CONFIRM MLIST MLIST BID |
samsung -- exynos_fimg2d_driver | Use-after-free vulnerability in the Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows attackers to obtain sensitive information via unspecified vectors. | 2017-01-18 | 5.0 | CVE-2016-9279 CONFIRM MLIST MLIST BID |
sociomantic -- git-hub | sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL. | 2017-01-19 | 6.8 | CVE-2016-7793 MLIST BID CONFIRM |
spip -- spip | Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code. | 2017-01-18 | 6.8 | CVE-2016-7980 MLIST MLIST MLIST BID CONFIRM CONFIRM CONFIRM |
spip -- spip | Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action. | 2017-01-18 | 4.3 | CVE-2016-7981 MLIST MLIST MLIST BID CONFIRM CONFIRM CONFIRM |
spip -- spip | Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action. | 2017-01-18 | 5.0 | CVE-2016-7982 MLIST MLIST MLIST BID CONFIRM |
spip -- spip | The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action. | 2017-01-18 | 6.5 | CVE-2016-7998 MLIST MLIST MLIST BID CONFIRM CONFIRM CONFIRM |
spip -- spip | ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action. | 2017-01-18 | 4.3 | CVE-2016-7999 MLIST MLIST MLIST MLIST BID CONFIRM CONFIRM |
symphony-cms -- symphony_cms | Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder parameters. | 2017-01-20 | 5.0 | CVE-2017-5541 CONFIRM CONFIRM |
symphony-cms -- symphony_cms | Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter. | 2017-01-20 | 4.3 | CVE-2017-5542 CONFIRM CONFIRM |
tiki -- tikiwiki_cms/groupware | A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field. | 2017-01-20 | 5.0 | CVE-2016-10143 CONFIRM CONFIRM |
tqdm_project -- tqdm | The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory. | 2017-01-19 | 4.6 | CVE-2016-10075 MLIST BID MISC |
unrealircd -- unrealircd | The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter. | 2017-01-18 | 6.8 | CVE-2016-7144 MLIST MLIST BID CONFIRM CONFIRM |
viprinet -- multichannel_vpn_router_300_firmware | Multiple cross-site scripting (XSS) vulnerabilities in the 'old' and 'new' interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool. | 2017-01-20 | 4.3 | CVE-2014-2045 MISC FULLDISC BUGTRAQ EXPLOIT-DB MISC |
viprinet -- multichannel_vpn_router_300_firmware | The hardware VPN client in Viprinet MultichannelVPN Router 300 verison 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows an attacker to perform a Man in the Middle attack. | 2017-01-20 | 4.3 | CVE-2014-9754 MISC FULLDISC BUGTRAQ |
viprinet -- multichannel_vpn_router_300_firmware | The hardware VPN client in Viprinet MultichannelVPN Router 300 verison 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows remote attackers to perform a replay attack. | 2017-01-20 | 5.0 | CVE-2014-9755 MISC FULLDISC BUGTRAQ |
w3m_project -- w3m | The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags. | 2017-01-20 | 4.3 | CVE-2016-9435 SUSE MLIST BID CONFIRM MISC GENTOO |
w3m_project -- w3m | parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag. | 2017-01-20 | 4.3 | CVE-2016-9436 SUSE MLIST BID CONFIRM MISC GENTOO |
wordpress -- wordpress | The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896. | 2017-01-18 | 4.0 | CVE-2016-10148 MLIST CONFIRM CONFIRM MISC |
wordpress -- wordpress | Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool. | 2017-01-18 | 5.5 | CVE-2016-6896 MLIST MISC |
wordpress -- wordpress | Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896. | 2017-01-18 | 4.3 | CVE-2016-6897 MLIST BID CONFIRM MISC |
wordpress -- wordpress | wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request. | 2017-01-14 | 5.0 | CVE-2017-5487 MLIST BID CONFIRM CONFIRM CONFIRM MISC |
wordpress -- wordpress | Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin. | 2017-01-14 | 4.3 | CVE-2017-5488 MLIST BID CONFIRM CONFIRM CONFIRM |
wordpress -- wordpress | Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload. | 2017-01-14 | 6.8 | CVE-2017-5489 MLIST BID CONFIRM CONFIRM |
wordpress -- wordpress | Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php. | 2017-01-14 | 4.3 | CVE-2017-5490 MLIST BID CONFIRM CONFIRM CONFIRM MISC |
wordpress -- wordpress | wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name. | 2017-01-14 | 5.0 | CVE-2017-5491 MLIST BID CONFIRM CONFIRM CONFIRM |
wordpress -- wordpress | Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php. | 2017-01-14 | 6.8 | CVE-2017-5492 MLIST BID CONFIRM CONFIRM CONFIRM |
wordpress -- wordpress | wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup. | 2017-01-14 | 5.0 | CVE-2017-5493 MLIST BID CONFIRM CONFIRM CONFIRM |
zimbra -- zimbra_collaboration_suite | Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to affect integrity via unknown vectors, aka bug 99810. | 2017-01-18 | 4.0 | CVE-2016-3401 CONFIRM CONFIRM |
zimbra -- zimbra_collaboration_suite | Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect confidentiality via unknown vectors, aka bug 99167. | 2017-01-18 | 5.0 | CVE-2016-3402 CONFIRM CONFIRM |
zimbra -- zimbra_collaboration_suite | Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103959. | 2017-01-18 | 5.0 | CVE-2016-3404 CONFIRM CONFIRM |
zimbra -- zimbra_collaboration_suite | Multiple unspecified vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to affect integrity via unknown vectors, aka bugs 103961 and 104828. | 2017-01-18 | 5.0 | CVE-2016-3405 CONFIRM CONFIRM |
zimbra -- zimbra_collaboration_suite | Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the Client uploader extension or (2) extension REST handlers, aka bugs 104294 and 104456. | 2017-01-18 | 6.8 | CVE-2016-3406 CONFIRM CONFIRM CONFIRM CONFIRM |
zimbra -- zimbra_collaboration_suite | Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104222, 104910, 105071, and 105175. | 2017-01-18 | 4.3 | CVE-2016-3407 CONFIRM CONFIRM |
zimbra -- zimbra_collaboration_suite | Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 101813. | 2017-01-18 | 4.3 | CVE-2016-3408 CONFIRM CONFIRM |
zimbra -- zimbra_collaboration_suite | Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 102637. | 2017-01-18 | 4.3 | CVE-2016-3409 CONFIRM CONFIRM |
zimbra -- zimbra_collaboration_suite | Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103956, 103995, 104475, 104838, and 104839. | 2017-01-18 | 4.3 | CVE-2016-3410 CONFIRM CONFIRM |
zimbra -- zimbra_collaboration_suite | Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 103609. | 2017-01-18 | 4.3 | CVE-2016-3411 CONFIRM CONFIRM |
zimbra -- zimbra_collaboration_suite | Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103997, 104413, 104414, 104777, and 104791. | 2017-01-18 | 4.3 | CVE-2016-3412 CONFIRM CONFIRM |
zimbra -- zimbra_collaboration_suite | Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103996. | 2017-01-18 | 5.0 | CVE-2016-3413 CONFIRM CONFIRM |
zimbra -- zimbra_collaboration_suite | Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 allows remote authenticated users to affect availability via unknown vectors, aka bug 102029. | 2017-01-18 | 4.0 | CVE-2016-3414 CONFIRM CONFIRM |
zimbra -- zimbra_collaboration_suite | Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276. | 2017-01-18 | 6.4 | CVE-2016-3415 CONFIRM CONFIRM |
zimbra -- zimbra_collaboration_suite | Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104552 and 104703. | 2017-01-18 | 4.3 | CVE-2016-3999 CONFIRM CONFIRM |
zimbra -- zimbra_collaboration_suite | Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 104477. | 2017-01-18 | 4.3 | CVE-2016-4019 CONFIRM CONFIRM |
zoneminder -- zoneminder | Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30.0, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server. | 2017-01-13 | 5.0 | CVE-2016-10140 CONFIRM |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
b2evolution -- b2evolution | Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name. | 2017-01-18 | 3.5 | CVE-2016-7150 MLIST MLIST BID CONFIRM |
b2evolution -- b2evolution | Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame. | 2017-01-15 | 3.5 | CVE-2017-5494 BID CONFIRM CONFIRM |
info-zip -- unzip | Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method. | 2017-01-18 | 2.1 | CVE-2014-9913 MLIST MLIST MLIST MLIST BID CONFIRM |
info-zip -- unzip | Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header. | 2017-01-18 | 2.1 | CVE-2016-9844 MLIST MLIST MLIST BID CONFIRM |
linux -- linux_kernel | arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt. | 2017-01-14 | 3.6 | CVE-2017-2584 CONFIRM MLIST BID CONFIRM CONFIRM |
metalgenix -- genixcms | Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names. | 2017-01-17 | 3.5 | CVE-2017-5515 BID CONFIRM |
ntp -- ntp | The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet. | 2017-01-13 | 3.3 | CVE-2016-7427 CONFIRM CONFIRM CONFIRM BID CERT-VN |
ntp -- ntp | ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet. | 2017-01-13 | 3.3 | CVE-2016-7428 CONFIRM CONFIRM CONFIRM BID CERT-VN |
phpmailer_project -- phpmailer | An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory. | 2017-01-16 | 2.1 | CVE-2017-5223 MISC BID MISC |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
libimobiledevice -- libplist | The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short. | 2017-01-20 | not yet calculated | CVE-2017-5545 CONFIRM CONFIRM |
netgear -- routers | An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. The bug is exploitable remotely if the remote management option is set, and can also be exploited given access to the router over LAN or WLAN. When trying to access the web panel, a user is asked to authenticate; if the authentication is canceled and password recovery is not enabled, the user is redirected to a page that exposes a password recovery token. If a user supplies the correct token to the page /passwordrecovered.cgi?id=TOKEN (and password recovery is not enabled), they will receive the admin password for the router. If password recovery is set the exploit will fail, as it will ask the user for the recovery questions that were previously set when enabling that feature. This is persistent (even after disabling the recovery option, the exploit will fail) because the router will ask for the security questions. | 2017-01-17 | not yet calculated | CVE-2017-5521 CONFIRM BID |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.