SB16-361: Vulnerability Summary for the Week of December 19, 2016

Original release date: December 26, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
blackberry — good_enterprise_mobility_server A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS server via commands executed on the Karaf command shell. 2016-12-16 8.5 CVE-2016-3129
CONFIRM
BID
bundler — bundler Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334. 2016-12-22 7.5 CVE-2016-7954
MISC
MLIST
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
canonical — ubuntu_linux An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a “{“. This allows remote attackers to execute arbitrary Python code. 2016-12-16 9.3 CVE-2016-9949
BID
MISC
MISC
MISC
canonical — ubuntu_linux An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file “Package” and “SourcePackage” fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system. 2016-12-16 9.3 CVE-2016-9950
BID
MISC
MISC
MISC
dotcms — dotcms SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1. 2016-12-19 7.5 CVE-2016-2355
CONFIRM
BID
CONFIRM
microsoft — edge Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability.” 2016-12-20 7.6 CVE-2016-7181
MS
BID
SECTRACK
microsoft — windows_server_2008 The Graphics Component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability.” 2016-12-20 7.2 CVE-2016-7259
MISC
MS
BUGTRAQ
BID
microsoft — windows_server_2008 The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability.” 2016-12-20 7.2 CVE-2016-7260
MS
BID
microsoft — excel_for_mac Microsoft Excel for Mac 2011 and Excel 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka “Microsoft Office Memory Corruption Vulnerability.” 2016-12-20 9.3 CVE-2016-7263
MS
BID
SECTRACK
microsoft — windows_server_2008 The Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka “Windows Graphics Remote Code Execution Vulnerability.” 2016-12-20 9.3 CVE-2016-7272
MS
BID
SECTRACK
MISC
microsoft — windows_10 The Graphics component in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka “Windows Graphics Remote Code Execution Vulnerability.” 2016-12-20 9.3 CVE-2016-7273
MS
BID
SECTRACK
microsoft — windows_server_2008 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka “Windows Uniscribe Remote Code Execution Vulnerability.” 2016-12-20 9.3 CVE-2016-7274
MS
BID
microsoft — office Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka “Microsoft Office OLE DLL Side Loading Vulnerability.” 2016-12-20 7.2 CVE-2016-7275
MS
BID
SECTRACK
microsoft — office Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka “Microsoft Office Memory Corruption Vulnerability.” 2016-12-20 9.3 CVE-2016-7277
MS
BID
SECTRACK
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability.” 2016-12-20 7.6 CVE-2016-7279
MS
MS
BID
SECTRACK
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2016-12-20 9.3 CVE-2016-7283
MS
BID
SECTRACK
microsoft — edge The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-7288, CVE-2016-7296, and CVE-2016-7297. 2016-12-20 7.6 CVE-2016-7286
MS
BID
SECTRACK
microsoft — edge The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability.” 2016-12-20 7.6 CVE-2016-7287
MS
MS
BID
SECTRACK
microsoft — edge The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-7286, CVE-2016-7296, and CVE-2016-7297. 2016-12-20 7.6 CVE-2016-7288
MS
BID
SECTRACK
microsoft — publisher Microsoft Publisher 2010 SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka “Microsoft Office Memory Corruption Vulnerability.” 2016-12-20 9.3 CVE-2016-7289
MS
BID
SECTRACK
microsoft — windows_server_2016 The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka “Windows Installer Elevation of Privilege Vulnerability.” 2016-12-20 7.2 CVE-2016-7292
MS
BID
SECTRACK
microsoft — edge The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-7286, CVE-2016-7288, and CVE-2016-7297. 2016-12-20 7.6 CVE-2016-7296
MS
BID
SECTRACK
microsoft — edge The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-7286, CVE-2016-7288, and CVE-2016-7296. 2016-12-20 7.6 CVE-2016-7297
MS
BID
SECTRACK
microsoft — word_viewer Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka “Microsoft Office Memory Corruption Vulnerability.” 2016-12-20 9.3 CVE-2016-7298
MS
BID
SECTRACK
nvidia — gpu_driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where multiple pointers are used without checking for NULL, leading to denial of service or potential escalation of privileges. 2016-12-16 7.2 CVE-2016-8813
CONFIRM
BID
nvidia — gpu_driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where multiple pointers are used without checking for NULL, leading to denial of service or potential escalation of privileges. 2016-12-16 7.2 CVE-2016-8814
CONFIRM
BID
nvidia — gpu_driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the index to an array, leading to denial of service or potential escalation of privileges. 2016-12-16 7.2 CVE-2016-8815
CONFIRM
BID
nvidia — gpu_driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the index to an array, leading to denial of service or potential escalation of privileges. 2016-12-16 7.2 CVE-2016-8816
CONFIRM
BID
nvidia — gpu_driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the size input to memcpy(), causing a buffer overflow, leading to denial of service or potential escalation of privileges. 2016-12-16 7.2 CVE-2016-8817
CONFIRM
BID
nvidia — gpu_driver All versions of NVIDIA Windows GPU Display contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a pointer passed from a user to the driver is used without validation, leading to denial of service or potential escalation of privileges. 2016-12-16 7.2 CVE-2016-8818
CONFIRM
BID
nvidia — gpu_driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a handle to a kernel object may be returned to the user, leading to possible denial of service or escalation of privileges. 2016-12-16 7.2 CVE-2016-8819
CONFIRM
BID
nvidia — gpu_driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where improper access controls may allow a user to access arbitrary physical memory, leading to an escalation of privileges. 2016-12-16 7.2 CVE-2016-8821
CONFIRM
BID
nvidia — gpu_driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000E, 0x600000F, and 0x6000010 where a value passed from a user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges. 2016-12-16 7.2 CVE-2016-8822
CONFIRM
BID
nvidia — gpu_driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where the size of an input buffer is not validated leading to a denial of service or possible escalation of privileges 2016-12-16 7.2 CVE-2016-8823
CONFIRM
BID
MISC
nvidia — gpu_driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where improper access controls allow a regular user to write a part of the registry intended for privileged users only, leading to escalation of privileges. 2016-12-16 7.2 CVE-2016-8824
CONFIRM
BID
nvidia — gpu_driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges. 2016-12-16 7.2 CVE-2016-8825
CONFIRM
BID
samsung — samsung_mobile Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7119. 2016-12-16 10.0 CVE-2016-9965
CONFIRM
BID
samsung — samsung_mobile Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7120. 2016-12-16 10.0 CVE-2016-9966
CONFIRM
BID
samsung — samsung_mobile Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7121. 2016-12-16 10.0 CVE-2016-9967
CONFIRM
BID
siemens — simatic_s7-300_cpu_firmware A vulnerability in SIEMENS SIMATIC S7-300 PN CPUs (all versions including V3.2.12) and SIMATIC S7-400 PN CPUs (V6 and V7) could allow a remote attacker to cause a Denial of Service condition by sending specially crafted packets to port 80/TCP. 2016-12-16 7.8 CVE-2016-9158
BID
CONFIRM
MISC
technicolor — xfinity_gateway_router_dpc3941t_firmware CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco dpc3941T) devices with firmware dpc3941-P20-18-v303r20421733-160413a-CMCST allows an attacker to change the Wi-Fi password, open the remote management interface, or reset the router. 2016-12-16 7.9 CVE-2016-7454
BID
MISC

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apport_project — apport An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK. 2016-12-16 4.3 CVE-2016-9951
BID
MISC
MISC
MISC
bmc — remedy_action_request_system Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password. 2016-12-21 5.0 CVE-2016-2349
BID
CONFIRM
bottlepy — bottle redirect() in bottle.py in bottle 0.12.10 doesn’t filter a “rn” sequence, which leads to a CRLF attack, as demonstrated by a redirect(“233rnSet-Cookie: name=salt”) call. 2016-12-16 4.3 CVE-2016-9964
BID
CONFIRM
CONFIRM
debian — debian_linux An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user’s cleartext password, DES encrypted with a known key. 2016-12-16 5.0 CVE-2013-1430
BID
CONFIRM
CONFIRM
ffmpeg — ffmpeg The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file. 2016-12-23 6.8 CVE-2016-6671
MLIST
BID
ffmpeg — ffmpeg The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file. 2016-12-23 4.3 CVE-2016-6881
MLIST
BID
ffmpeg — ffmpeg The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted ‘nctg’ structure. 2016-12-23 4.3 CVE-2016-7122
MLIST
BID
ffmpeg — ffmpeg The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file. 2016-12-23 6.8 CVE-2016-7450
MLIST
BID
ffmpeg — ffmpeg The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode. 2016-12-23 6.8 CVE-2016-7502
MLIST
BID
ffmpeg — ffmpeg The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted “strh” structure. 2016-12-23 4.3 CVE-2016-7555
MLIST
BID
ffmpeg — ffmpeg The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file. 2016-12-23 4.3 CVE-2016-7562
MLIST
BID
ffmpeg — ffmpeg The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. 2016-12-23 4.3 CVE-2016-7785
MLIST
BID
ffmpeg — ffmpeg The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file. 2016-12-23 4.3 CVE-2016-7905
MLIST
BID
ffmpeg — ffmpeg The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. 2016-12-23 4.3 CVE-2016-8595
MLIST
BID
ffmpeg — ffmpeg The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file. 2016-12-23 4.3 CVE-2016-9561
MLIST
BID
google — chrome Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages. 2016-12-17 4.3 CVE-2016-5181
BID
CONFIRM
CONFIRM
CONFIRM
google — chrome Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages. 2016-12-17 6.8 CVE-2016-5182
BID
CONFIRM
CONFIRM
google — chrome A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files. 2016-12-17 6.8 CVE-2016-5183
BID
CONFIRM
CONFIRM
CONFIRM
google — chrome PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files. 2016-12-17 6.8 CVE-2016-5184
BID
CONFIRM
CONFIRM
google — chrome Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages. 2016-12-17 6.8 CVE-2016-5185
BID
CONFIRM
CONFIRM
google — chrome Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files. 2016-12-17 6.8 CVE-2016-5186
BID
CONFIRM
CONFIRM
google — chrome Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages. 2016-12-17 4.3 CVE-2016-5187
BID
CONFIRM
CONFIRM
google — chrome Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages. 2016-12-17 4.3 CVE-2016-5188
BID
CONFIRM
CONFIRM
google — chrome Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages. 2016-12-17 4.3 CVE-2016-5189
BID
CONFIRM
CONFIRM
google — chrome Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages. 2016-12-17 6.8 CVE-2016-5190
BID
CONFIRM
CONFIRM
google — chrome Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:payload@example.com URL. 2016-12-17 4.3 CVE-2016-5191
BID
CONFIRM
CONFIRM
CONFIRM
google — chrome Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages. 2016-12-17 4.3 CVE-2016-5192
BID
CONFIRM
CONFIRM
google — chrome Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages. 2016-12-17 4.3 CVE-2016-5193
BID
CONFIRM
CONFIRM
google — android The non-existent notification listener vulnerability was introduced in the initial Android 5.0.2 builds for the Samsung Galaxy S6 Edge devices, but the vulnerability can persist on the device even after the device has been upgraded to an Android 5.1.1 or 6.0.1 build. The vulnerable system app gives a non-existent app the ability to read the notifications from the device, which a third-party app can utilize if it uses a package name of com.samsung.android.app.portalservicewidget. This vulnerability allows an unprivileged third-party app to obtain the text of the user’s notifications, which tend to contain personal data. 2016-12-23 4.3 CVE-2016-6910
MISC
horde — groupware Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink attribute. 2016-12-20 4.3 CVE-2016-5303
MLIST
MLIST
BID
CONFIRM
CONFIRM
image-info_project — image-info_for_perl perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or, potentially, information disclosure. 2016-12-22 5.8 CVE-2016-9181
MLIST
BID
miscellaneous
joomla — joomla! An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view allow users to view articles that should not be publicly accessible, as demonstrated by an index.php?option=com_content&view=article&id=1&template=beez3 request. 2016-12-16 5.0 CVE-2016-9837
BID
CONFIRM
joomla — joomla! An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user’s account and reset the user’s group mappings, username, and password, as demonstrated by submitting a form that targets the `registration.register` task. 2016-12-16 5.0 CVE-2016-9838
BID
CONFIRM
lynx — lynx lynx: It was found that Lynx doesn’t parse the authority component of the URL correctly when the host name part ends with ‘?’, and could instead be tricked into connecting to a different host. 2016-12-22 5.0 CVE-2016-9179
MLIST
BID
microsoft — edge Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka “Microsoft Edge Information Disclosure Vulnerability,” a different vulnerability than CVE-2016-7280. 2016-12-20 4.3 CVE-2016-7206
MS
BID
SECTRACK
microsoft — windows_server_2008 The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka “GDI Information Disclosure Vulnerability.” 2016-12-20 4.3 CVE-2016-7257
MS
MS
BID
SECTRACK
SECTRACK
microsoft — excel Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka “Microsoft Office Security Feature Bypass Vulnerability.” 2016-12-20 6.8 CVE-2016-7262
MS
BID
SECTRACK
microsoft — excel_for_mac Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka “Microsoft Office Information Disclosure Vulnerability.” 2016-12-20 5.8 CVE-2016-7264
MS
BID
SECTRACK
microsoft — excel Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka “Microsoft Office Information Disclosure Vulnerability.” 2016-12-20 5.8 CVE-2016-7265
MS
BID
SECTRACK
microsoft — excel Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka “Microsoft Office Security Feature Bypass Vulnerability.” 2016-12-20 6.8 CVE-2016-7266
MS
BID
SECTRACK
microsoft — excel Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses file formats, which makes it easier for remote attackers to execute arbitrary code via a crafted document, aka “Microsoft Office Security Feature Bypass Vulnerability.” 2016-12-20 4.3 CVE-2016-7267
MS
BID
SECTRACK
microsoft — word_for_mac Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka “Microsoft Office Information Disclosure Vulnerability.” 2016-12-20 5.8 CVE-2016-7268
MS
BID
SECTRACK
microsoft — .net_framework The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka “.NET Information Disclosure Vulnerability.” 2016-12-20 5.0 CVE-2016-7270
MS
BID
SECTRACK
microsoft — windows_10 The Secure Kernel Mode implementation in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to bypass the virtual trust level (VTL) protection mechanism via a crafted application, aka “Secure Kernel Mode Elevation of Privilege Vulnerability.” 2016-12-20 4.6 CVE-2016-7271
MS
BID
microsoft — office Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka “Microsoft Office Information Disclosure Vulnerability.” 2016-12-20 5.8 CVE-2016-7276
MS
BID
SECTRACK
microsoft — edge Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka “Microsoft Edge Information Disclosure Vulnerability,” a different vulnerability than CVE-2016-7206. 2016-12-20 4.3 CVE-2016-7280
MS
BID
SECTRACK
microsoft — internet_explorer Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka “Microsoft Browser Information Disclosure Vulnerability.” 2016-12-20 4.3 CVE-2016-7282
MS
MS
BID
SECTRACK
microsoft — internet_explorer Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka “Internet Explorer Information Disclosure Vulnerability.” 2016-12-20 4.3 CVE-2016-7284
MS
BID
SECTRACK
microsoft — word_for_mac Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka “Microsoft Office Information Disclosure Vulnerability,” a different vulnerability than CVE-2016-7291. 2016-12-20 5.8 CVE-2016-7290
MS
BID
SECTRACK
microsoft — word_for_mac Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka “Microsoft Office Information Disclosure Vulnerability,” a different vulnerability than CVE-2016-7290. 2016-12-20 5.8 CVE-2016-7291
MS
BID
SECTRACK
microsoft — auto_updater_for_mac Untrusted search path vulnerability in Microsoft Auto Updater for Mac allows local users to gain privileges via a Trojan horse executable file, aka “Microsoft (MAU) Office Elevation of Privilege Vulnerability.” 2016-12-20 4.6 CVE-2016-7300
MS
BID
SECTRACK
netapp — snap_creator_framework NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user. 2016-12-21 5.0 CVE-2016-7172
BID
CONFIRM
nvidia — gpu_driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a check on a function return value is missing, potentially allowing an uninitialized value to be used as the source of a strcpy() call, leading to denial of service or information disclosure. 2016-12-16 5.6 CVE-2016-8820
CONFIRM
BID
nvidia — gpu_driver All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) where a user can cause a GPU interrupt storm, leading to a denial of service. 2016-12-16 4.9 CVE-2016-8826
CONFIRM
BID
nvidia — geforce_experience NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack. 2016-12-16 5.0 CVE-2016-8827
CONFIRM
BID
openjpeg — openjpeg openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code. 2016-12-22 6.8 CVE-2016-9675
MLIST
BID
pivotal_software — greenplum An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation of external tables using GPHDFS protocol has a vulnerability whereby arbitrary commands can be injected into the system. In order to exploit this vulnerability the user must have superuser ‘gpadmin’ access to the system or have been granted GPHDFS protocol permissions in order to create a GPHDFS external table. 2016-12-16 6.5 CVE-2016-6656
BID
CONFIRM
pivotal_software — cloud_foundry_elastic_runtime An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later. 2016-12-16 5.8 CVE-2016-6657
BID
CONFIRM
python-openxml — python-docx python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted document. 2016-12-21 6.8 CVE-2016-5851
MLIST
MLIST
BID
CONFIRM
redhat — enterprise_linux_hpc_node sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo. 2016-12-22 4.9 CVE-2016-7091
BID
MLIST
REDHAT
roundcube — webmail Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message. 2016-12-20 4.3 CVE-2016-4552
CONFIRM
CONFIRM
sap — solution_manager Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd requests, aka SAP Security Note 2344524. 2016-12-19 5.0 CVE-2016-10005
BID
MISC
siemens — desigo_web_module_pxa40-w0_firmware Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U (All firmware versions < V6.00.046) use a pseudo random number generator with insufficient entropy to generate certificates for HTTPS, potentially allowing remote attackers to reconstruct the corresponding private key. 2016-12-23 5.0 CVE-2016-9154
BID
CONFIRM
siemens — simatic_s7-300_cpu_firmware A vulnerability in SIEMENS SIMATIC S7-300 PN CPUs (all versions including V3.2.12) and SIMATIC S7-400 PN CPUs (all versions including V7) could allow a remote attacker to obtain credentials from the PLC if protection-level 2 is configured on the affected devices. 2016-12-16 4.3 CVE-2016-9159
BID
CONFIRM
MISC
siemens — simatic_wincc A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions. 2016-12-16 5.8 CVE-2016-9160
BID
CONFIRM
MISC
spip — spip SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL. 2016-12-16 4.3 CVE-2016-9997
BID
CONFIRM
spip — spip SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL. 2016-12-16 4.3 CVE-2016-9998
BID
CONFIRM
tiki — tikiwiki_cms/groupware Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don’t have the input sanitized, related to tiki-setup.php and article_image.php. The impact is XSS. 2016-12-23 4.3 CVE-2016-9889
CONFIRM
xmltwig — xml-twig_for_perl perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option’s setting. 2016-12-22 6.4 CVE-2016-9180
MLIST
BID
miscellaneous

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
microsoft — windows_server_2008 The Crypto driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka “Windows Crypto Driver Information Disclosure Vulnerability.” 2016-12-20 2.1 CVE-2016-7219
MS
BID
SECTRACK
microsoft — windows_10 The kernel in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 mishandles page-fault system calls, which allows local users to obtain sensitive information from arbitrary processes via a crafted application, aka “Windows Kernel Memory Address Information Disclosure Vulnerability.” 2016-12-20 2.1 CVE-2016-7258
MS
BID
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka “Windows Hyperlink Object Library Information Disclosure Vulnerability.” 2016-12-20 2.6 CVE-2016-7278
MS
BID
SECTRACK
microsoft — internet_explorer The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka “Microsoft Browser Security Feature Bypass Vulnerability.” 2016-12-20 2.6 CVE-2016-7281
MS
MS
BID
SECTRACK
microsoft — windows_server_2016 The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information from process memory via a crafted application, aka “Windows Common Log File System Driver Information Disclosure Vulnerability.” 2016-12-20 2.1 CVE-2016-7295
MS
BID
pivotal_software — cloud_foundry Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3 allow attackers to gain privileges by accessing UAA logs and subsequently running a specially crafted application that interacts with a configured SAML provider. 2016-12-23 2.6 CVE-2016-6659
CONFIRM
rapid7 — nexpose In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag name field. Once this tag is viewed in the Tag Detail page of the Rapid7 Nexpose 6.4.12 UI by another authenticated user, the script is run in that user’s browser context. 2016-12-20 3.5 CVE-2016-9757
BID
CONFIRM

Back to top

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
fedora_project — kscreenlocker Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again. 2016-12-23

not yet calculated

CVE-2016-2312
FEDORA
FEDORA
MISC
MISC
CONFIRM
imagemagick_studio — imagemagick An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks’s convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality. 2016-12-23

not yet calculated

CVE-2016-8707
MISC
kde — kdesu A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. 2016-12-23

not yet calculated

CVE-2016-7787
SUSE
SUSE
MLIST
BID
kde — kmail KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed. 2016-12-23

not yet calculated

CVE-2016-7968
MLIST
BID
kde — kmail KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled. 2016-12-23

not yet calculated

CVE-2016-7967
MLIST
BID
kde — kmail Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail’s plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content. 2016-12-23

not yet calculated

CVE-2016-7966
SUSE
DEBIAN
MLIST
BID
FEDORA
modx — revolution Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/getfiles. 2016-12-24

not yet calculated

CVE-2016-10039
CONFIRM
CONFIRM
modx — revolution Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/remove. 2016-12-24

not yet calculated

CVE-2016-10038
CONFIRM
CONFIRM
modx — revolution Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist. 2016-12-24

not yet calculated

CVE-2016-10037
CONFIRM
CONFIRM
owasp — antisamy In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS. 2016-12-24

not yet calculated

CVE-2016-10006
CONFIRM
qemu — chardev_backend_support Quick Emulator (Qemu) built with the ‘chardev’ backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS. 2016-12-23 not yet calculated CVE-2016-9923
MLIST
BID
qemu — cirrus_CLGD_VGA_Emulator Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. 2016-12-23 not yet calculated CVE-2016-9921
MLIST
BID
qemu — USB_EHCI_emulation_support Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in ‘ehci_init_transfer’. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. 2016-12-23

not yet calculated

CVE-2016-9911
MLIST
BID
qemu — USB_redirector Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in ‘usbredir_handle_destroy’. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. 2016-12-23

not yet calculated

CVE-2016-9907
MLIST
BID
qemu — virtio_gpu_device_emulator_support Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in ‘virtio_gpu_resource_destroy’. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host. 2016-12-23

not yet calculated

CVE-2016-9912
MLIST
BID
qemu — virtio_GPU_device_emulator_support Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing ‘VIRTIO_GPU_CMD_GET_CAPSET’ command. A guest user/process could use this flaw to leak contents of the host memory bytes. 2016-12-23

not yet calculated

CVE-2016-9908
MLIST
BID
tarantool — msgpuck An exploitable incorrect return value vulnerability exists in the mp_check function of Tarantool’s Msgpuck library 1.0.3. A specially crafted packet can cause the mp_check function to incorrectly return success when trying to check if decoding a map16 packet will read outside the bounds of a buffer, resulting in a denial of service vulnerability. 2016-12-23 not yet calculated CVE-2016-9036
MISC
tarantool — xrow_header_decode_function An exploitable out-of-bounds array access vulnerability exists in the xrow_header_decode function of Tarantool 1.7.2.0-g8e92715. A specially crafted packet can cause the function to access an element outside the bounds of a global array that is used to determine the type of the specified key’s value. This can lead to an out of bounds read within the context of the server. An attacker who exploits this vulnerability can cause a denial of service vulnerability on the server. 2016-12-23

not yet calculated

CVE-2016-9037
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Powered by WPeMatico

This entry was posted in Alerts. Bookmark the permalink.