SB17-023: Vulnerability Summary for the Week of January 16, 2017

Original release date: January 23, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — storm The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors. 2017-01-13 10.0 CVE-2015-3188
MISC
BUGTRAQ
SECTRACK
artifex — mujs An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS before fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045. The attack requires a regular expression with nested repetition. A successful exploitation of this issue can lead to code execution or a denial of service (buffer overflow) condition. 2017-01-13 7.5 CVE-2016-10141
CONFIRM
CONFIRM
brocade — network_advisor A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed. 2017-01-14 10.0 CVE-2016-8204
CONFIRM
brocade — network_advisor A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed. 2017-01-14 10.0 CVE-2016-8205
CONFIRM
citrix — provisioning_services Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. 2017-01-18 7.5 CVE-2016-9676
BID
SECTRACK
CONFIRM
citrix — provisioning_services Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. 2017-01-18 7.5 CVE-2016-9678
BID
SECTRACK
CONFIRM
citrix — provisioning_services Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer. 2017-01-18 7.5 CVE-2016-9679
BID
SECTRACK
CONFIRM
fedoraproject — fedora Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow. 2017-01-13 7.5 CVE-2016-2090
MLIST
MISC
CONFIRM
CONFIRM
FEDORA
FEDORA
fedoraproject — fedora Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. 2017-01-19 7.2 CVE-2016-7543
MLIST
BID
FEDORA
FEDORA
FEDORA
MLIST
GENTOO
firejail — firejail Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. 2017-01-19 7.2 CVE-2016-9016
MLIST
MLIST
BID
google — android An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31676542. References: B-RB#26684. 2017-01-18 9.3 CVE-2014-9909
BID
CONFIRM
google — android An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31746399. References: B-RB#26710. 2017-01-18 7.6 CVE-2014-9910
BID
CONFIRM
graphicsmagick — graphicsmagick Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries. 2017-01-18 7.5 CVE-2016-7996
MLIST
MLIST
BID
intelliants — subrion_cms includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request. 2017-01-20 7.5 CVE-2017-5543
CONFIRM
metalgenix — genixcms SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter. 2017-01-17 7.5 CVE-2017-5517
BID
CONFIRM
metalgenix — genixcms SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter. 2017-01-17 7.5 CVE-2017-5519
BID
CONFIRM
netbsd — netbsd CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program. 2017-01-19 7.5 CVE-2015-8212
NETBSD
SECTRACK
netbsd — netbsd mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox. 2017-01-20 7.2 CVE-2016-6253
MISC
NETBSD
MISC
MISC
BID
SECTRACK
EXPLOIT-DB
EXPLOIT-DB
ntp — ntp ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet. 2017-01-13 7.1 CVE-2016-9311
CONFIRM
CONFIRM
CONFIRM
BID
CERT-VN
samsung — samsung_mobile The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object. 2017-01-18 9.3 CVE-2016-6526
CONFIRM
MLIST
BID
samsung — samsung_mobile The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object. 2017-01-18 9.3 CVE-2016-6527
CONFIRM
MLIST
BID
selinux_project — selinux SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. 2017-01-19 7.2 CVE-2016-7545
REDHAT
MLIST
BID
CONFIRM
FEDORA
MLIST
sociomantic — git-hub sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository name. 2017-01-19 7.5 CVE-2016-7794
MLIST
BID
CONFIRM

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — groovy main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods. 2017-01-18 5.0 CVE-2016-6497
CONFIRM
MLIST
MISC
artifex — mujs The chartorune function in Artifex Software MuJS allows attackers to cause a denial of service (out-of-bounds read) via a * (asterisk) at the end of the input. 2017-01-18 5.0 CVE-2016-7563
MLIST
MLIST
CONFIRM
artifex — mujs Heap-based buffer overflow in the Fp_toString function in jsfunction.c in Artifex Software MuJS allows attackers to cause a denial of service (crash) via crafted input. 2017-01-18 5.0 CVE-2016-7564
MLIST
MLIST
CONFIRM
artifex — mujs Artifex Software MuJS allows attackers to cause a denial of service (crash) via vectors related to incomplete escape sequences. NOTE: this vulnerability exists due to an incomplete fix for CVE-2016-7563. 2017-01-18 5.0 CVE-2016-9109
MLIST
MLIST
MLIST
BID
CONFIRM
atlassian — confluence Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action. 2017-01-18 4.3 CVE-2016-6283
MISC
FULLDISC
FULLDISC
BID
EXPLOIT-DB
b2evolution — b2evolution Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function. 2017-01-18 4.3 CVE-2016-7149
MLIST
MLIST
BID
CONFIRM
b2evolution — b2evolution Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter. 2017-01-15 5.5 CVE-2017-5480
BID
CONFIRM
CONFIRM
blackberry — enterprise_service A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a device that was legitimately enrolled on the BES. 2017-01-13 6.4 CVE-2016-3128
CONFIRM
BID
SECTRACK
blackberry — enterprise_service An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt. 2017-01-13 4.3 CVE-2016-3130
CONFIRM
SECTRACK
blackberry — vapp A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link. 2017-01-13 4.3 CVE-2017-3890
CONFIRM
BID
brocade — network_advisor A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files. 2017-01-14 6.4 CVE-2016-8206
CONFIRM
brocade — network_advisor A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files including files with sensitive user information. 2017-01-14 5.0 CVE-2016-8207
CONFIRM
brocade — virtual_traffic_manager A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster. 2017-01-14 6.0 CVE-2016-8201
CONFIRM
bzrtp_project — bzrtp The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception. 2017-01-18 5.0 CVE-2016-6271
CONFIRM
ca — service_desk_management RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request. 2017-01-18 5.5 CVE-2016-10086
BID
SECTRACK
CONFIRM
citrix — provisioning_services Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors. 2017-01-18 5.0 CVE-2016-9677
BID
SECTRACK
CONFIRM
citrix — provisioning_services Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive information from kernel memory via unspecified vectors. 2017-01-18 5.0 CVE-2016-9680
BID
SECTRACK
CONFIRM
cloud_foundry — capi-release An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a log aggregator via syslog. 2017-01-13 5.0 CVE-2016-9882
BID
CONFIRM
cmsmadesimple — cms_made_simple Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request. 2017-01-16 6.0 CVE-2016-7904
MISC
MISC
BID
exponentcms — exponent_cms Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email. 2017-01-18 4.3 CVE-2015-8667
CONFIRM
MISC
exponentcms — exponent_cms Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then accessing it via the elFinder functionality. 2017-01-18 4.3 CVE-2015-8684
CONFIRM
MISC
foxitsoftware — foxit_pdf_toolkit Memory Corruption Vulnerability in Foxit PDF Toolkit v1.3 allows an attacker to cause Denial of Service and Remote Code Execution when the victim opens the specially crafted PDF file. The Vulnerability has been fixed in v2.0. 2017-01-13 6.8 CVE-2017-5364
CONFIRM
google — android An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service (device interoperability: completely permanent or requiring re-flashing the entire operating system). Product: Android. Versions: N/A. Android ID: A-30308784. 2017-01-13 4.9 CVE-2016-8467
BID
MISC
CONFIRM
google — android An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android IDs: A-32438594, A-32635664. 2017-01-13 4.3 CVE-2017-0398
BID
CONFIRM
google — chrome The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page. 2017-01-19 6.8 CVE-2016-5196
BID
CONFIRM
CONFIRM
google — chrome The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbitrary activity on the system via a crafted HTML page. 2017-01-19 6.8 CVE-2016-5197
BID
CONFIRM
CONFIRM
google — chrome V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page. 2017-01-19 6.8 CVE-2016-5198
BID
CONFIRM
CONFIRM
google — chrome An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file. 2017-01-19 6.8 CVE-2016-5199
BID
CONFIRM
CONFIRM
google — chrome V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android incorrectly applied type rules, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2017-01-19 6.8 CVE-2016-5200
BID
CONFIRM
CONFIRM
google — chrome A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page. 2017-01-19 4.3 CVE-2016-5201
BID
CONFIRM
CONFIRM
google — chrome A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. 2017-01-19 6.8 CVE-2016-5203
BID
CONFIRM
CONFIRM
google — chrome Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. 2017-01-19 4.3 CVE-2016-5204
BID
CONFIRM
CONFIRM
google — chrome Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac, incorrectly handles deferred page loads, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. 2017-01-19 4.3 CVE-2016-5205
BID
CONFIRM
CONFIRM
google — chrome The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page. 2017-01-19 6.8 CVE-2016-5206
BID
CONFIRM
CONFIRM
google — chrome In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page. 2017-01-19 4.3 CVE-2016-5207
BID
CONFIRM
CONFIRM
google — chrome Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. 2017-01-19 4.3 CVE-2016-5208
BID
CONFIRM
CONFIRM
google — chrome Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2017-01-19 6.8 CVE-2016-5209
BID
CONFIRM
CONFIRM
google — chrome Heap buffer overflow during TIFF image parsing in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. 2017-01-19 6.8 CVE-2016-5210
BID
CONFIRM
CONFIRM
google — chrome A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. 2017-01-19 6.8 CVE-2016-5211
BID
CONFIRM
CONFIRM
google — chrome Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android insufficiently sanitized DevTools URLs, which allowed a remote attacker to read local files via a crafted HTML page. 2017-01-19 4.3 CVE-2016-5212
BID
CONFIRM
CONFIRM
google — chrome A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2017-01-19 6.8 CVE-2016-5213
BID
CONFIRM
CONFIRM
google — chrome Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files, which allowed a remote attacker to prevent the downloaded file from receiving the Mark of the Web via a crafted HTML page. 2017-01-19 4.3 CVE-2016-5214
BID
CONFIRM
CONFIRM
google — chrome A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. 2017-01-19 6.8 CVE-2016-5215
BID
CONFIRM
CONFIRM
google — chrome A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. 2017-01-19 6.8 CVE-2016-5216
BID
CONFIRM
CONFIRM
google — chrome The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page. 2017-01-19 4.3 CVE-2016-5217
BID
CONFIRM
CONFIRM
google — chrome The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox (URL bar) via a crafted HTML page containing PDF data. 2017-01-19 4.3 CVE-2016-5218
BID
CONFIRM
CONFIRM
google — chrome A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2017-01-19 6.8 CVE-2016-5219
BID
CONFIRM
CONFIRM
google — chrome PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to read local files via a crafted PDF file. 2017-01-19 4.3 CVE-2016-5220
BID
CONFIRM
CONFIRM
google — chrome Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android possibly allowed a remote attacker to bypass buffer validation via a crafted HTML page. 2017-01-19 6.8 CVE-2016-5221
BID
CONFIRM
CONFIRM
google — chrome Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2017-01-19 4.3 CVE-2016-5222
BID
CONFIRM
CONFIRM
google — chrome Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption or DoS via a crafted PDF file. 2017-01-19 4.3 CVE-2016-5223
BID
CONFIRM
CONFIRM
google — chrome A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page. 2017-01-19 4.3 CVE-2016-5224
BID
CONFIRM
CONFIRM
google — chrome Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page. 2017-01-19 4.3 CVE-2016-5225
BID
CONFIRM
CONFIRM
google — chrome Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar. 2017-01-19 4.3 CVE-2016-5226
BID
CONFIRM
CONFIRM
google — chrome Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page. 2017-01-19 4.3 CVE-2016-9650
BID
CONFIRM
CONFIRM
graphicsmagick — graphicsmagick The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer. 2017-01-18 5.0 CVE-2016-7997
MLIST
MLIST
BID
gstreamer — gstreamer The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file. 2017-01-13 4.3 CVE-2016-9807
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
gstreamer — gstreamer The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs. 2017-01-13 5.0 CVE-2016-9808
MLIST
MLIST
BID
CONFIRM
MISC
gstreamer — gstreamer Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read. 2017-01-13 6.8 CVE-2016-9809
MLIST
MLIST
BID
CONFIRM
CONFIRM
gstreamer — gstreamer The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call. 2017-01-13 4.3 CVE-2016-9810
MLIST
MLIST
BID
CONFIRM
CONFIRM
gstreamer — gstreamer The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. 2017-01-13 4.3 CVE-2016-9811
MLIST
MLIST
BID
CONFIRM
CONFIRM
gstreamer — gstreamer The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section. 2017-01-13 5.0 CVE-2016-9812
MLIST
MLIST
BID
CONFIRM
CONFIRM
gstreamer — gstreamer The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. 2017-01-13 4.3 CVE-2016-9813
MLIST
MLIST
BID
CONFIRM
CONFIRM
hexchat_project — hexchat Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name. 2017-01-18 6.8 CVE-2016-2087
MISC
EXPLOIT-DB
hexchat_project — hexchat Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash) via a large number of options in a CAP LS message. 2017-01-18 5.0 CVE-2016-2233
MISC
EXPLOIT-DB
ietf — ipv6 An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and can subsequently perform any type of fragmentation-based attack against legacy IPv6 nodes that do not implement [RFC6946]. That is, employing fragmentation where not actually needed allows for fragmentation-based attack vectors to be employed, unnecessarily. We note that, unfortunately, even nodes that already implement [RFC6946] can be subject to DoS attacks as a result of the generation of IPv6 atomic fragments. Let us assume that Host A is communicating with Host B and that, as a result of the widespread dropping of IPv6 packets that contain extension headers (including fragmentation) [RFC7872], some intermediate node filters fragments between Host B and Host A. If an attacker sends a forged ICMPv6 PTB error message to Host B, reporting an MTU smaller than 1280, this will trigger the generation of IPv6 atomic fragments from that moment on (as required by [RFC2460]). When Host B starts sending IPv6 atomic fragments (in response to the received ICMPv6 PTB error message), these packets will be dropped, since we previously noted that IPv6 packets with extension headers were being dropped between Host B and Host A. Thus, this situation will result in a DoS scenario. Another possible scenario is that in which two BGP peers are employing IPv6 transport and they implement Access Control Lists (ACLs) to drop IPv6 fragments (to avoid control-plane attacks). If the aforementioned BGP peers drop IPv6 fragments but still honor received ICMPv6 PTB error messages, an attacker could easily attack the corresponding peering session by simply sending an ICMPv6 PTB message with a reported MTU smaller than 1280 bytes. Once the attack packet has been sent, the aforementioned routers will themselves be the ones dropping their own traffic. 2017-01-14 5.0 CVE-2016-10142
MISC
MISC
imagemagick — imagemagick Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write. 2017-01-18 5.0 CVE-2016-6823
MLIST
BID
CONFIRM
CONFIRM
imagemagick — imagemagick The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file. 2017-01-18 4.3 CVE-2016-7101
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. 2017-01-18 4.3 CVE-2016-7799
MLIST
MLIST
BID
CONFIRM
CONFIRM
imagemagick — imagemagick magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file. 2017-01-18 4.3 CVE-2016-7906
MLIST
MLIST
BID
CONFIRM
CONFIRM
jasper_project — jasper The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. 2017-01-13 4.3 CVE-2016-8882
MLIST
MLIST
CONFIRM
jasper_project — jasper The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. 2017-01-13 4.3 CVE-2016-8883
MLIST
MLIST
CONFIRM
jcraft — jsch Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a .. (dot dot backslash) in a response to a recursive GET command. 2017-01-19 4.3 CVE-2016-5725
MISC
FULLDISC
CONFIRM
BID
MISC
EXPLOIT-DB
lg — lg_mobile An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are accessible to any application that resides on the device. Namely, the com.mediatek.mtklogger.framework.LogReceiver and com.mediatek.mtklogger.framework.MTKLoggerService application components are exported since they contain an intent filter, are not protected by a custom permission, and do not explicitly set the android:exported attribute to false. Therefore, these components are exported by default and are thus accessible to any third party application by using android.content.Intent object for communication. These application components can be used to start and stop the logs using Intent objects with embedded data. The available logs are the GPS log, modem log, network log, and mobile log. The base directory that contains the directories for the 4 types of logs is /sdcard/mtklog which makes them accessible to apps that require the READ_EXTERNAL_STORAGE permission. The GPS log contains the GPS coordinates of the user as well as a timestamp for the coordinates. The modem log contains AT commands and their parameters which allow the user’s outgoing and incoming calls and text messages to be obtained. The network log is a tcpdump network capture. The mobile log contains the Android log, which is not available to third-party apps as of Android 4.1. The LG ID is LVE-SMP-160019. 2017-01-13 4.3 CVE-2016-10135
MISC
libical_project — libical libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file. 2017-01-18 6.4 CVE-2016-9584
MLIST
BID
libtiff — libtiff Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff. 2017-01-20 4.3 CVE-2016-5318
MLIST
MLIST
BID
libtiff — libtiff Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file. 2017-01-20 4.3 CVE-2016-5319
MLIST
MLIST
BID
libtiff — libtiff tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode. 2017-01-18 4.3 CVE-2016-9273
CONFIRM
MLIST
MLIST
BID
libtiff — libtiff The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values. 2017-01-18 5.0 CVE-2016-9297
CONFIRM
MLIST
MLIST
BID
liferay — liferay_portal Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template. 2017-01-13 6.5 CVE-2010-5327
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5). 2017-01-18 4.9 CVE-2016-10147
CONFIRM
MLIST
CONFIRM
MLIST
CONFIRM
CONFIRM
matrixssl — matrixssl The pstm_exptmod function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid free and crash) via a base zero value for the modular exponentiation. 2017-01-13 5.0 CVE-2016-6885
CONFIRM
MISC
matrixssl — matrixssl The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key’s modulus for the secret key during RSA key exchange. 2017-01-13 5.0 CVE-2016-6886
CONFIRM
BID
MISC
matrixssl — matrixssl The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack. 2017-01-13 4.3 CVE-2016-6887
CONFIRM
MISC
matrixssl — matrixssl The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6887. 2017-01-13 4.3 CVE-2016-8671
MLIST
MLIST
BID
MISC
metalgenix — genixcms Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters. 2017-01-17 4.3 CVE-2017-5516
BID
CONFIRM
metalgenix — genixcms The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address. 2017-01-17 4.3 CVE-2017-5518
BID
CONFIRM
metalgenix — genixcms The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions. 2017-01-17 6.5 CVE-2017-5520
BID
CONFIRM
moodle — moodle In Moodle 3.x, glossary search displays entries without checking user permissions to view them. 2017-01-20 5.0 CVE-2016-5012
CONFIRM
moodle — moodle In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam. 2017-01-20 5.8 CVE-2016-5013
CONFIRM
moodle — moodle In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course. 2017-01-20 5.8 CVE-2016-5014
CONFIRM
moodle — moodle In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed. 2017-01-20 5.0 CVE-2016-7038
CONFIRM
moodle — moodle In Moodle 2.x and 3.x, the question engine allows access to files that should not be available. 2017-01-20 5.0 CVE-2016-8642
CONFIRM
moodle — moodle In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services. 2017-01-20 4.0 CVE-2016-8643
CONFIRM
moodle — moodle In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. 2017-01-20 5.0 CVE-2016-8644
CONFIRM
moodle — moodle In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. 2017-01-20 5.0 CVE-2017-2576
CONFIRM
moodle — moodle In Moodle 3.x, there is XSS in the assignment submission page. 2017-01-20 4.3 CVE-2017-2578
CONFIRM
novell — opensuse The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers tocause a denial of service (invalid read and crash) via a crafted tiff image. 2017-01-20 4.3 CVE-2016-5321
SUSE
ntop — ntop Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua. 2017-01-14 6.8 CVE-2017-5473
CONFIRM
CONFIRM
ntp — ntp NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. 2017-01-13 4.3 CVE-2016-7426
CONFIRM
CONFIRM
CONFIRM
BID
CERT-VN
ntp — ntp NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use. 2017-01-13 4.3 CVE-2016-7429
CONFIRM
CONFIRM
CONFIRM
BID
CERT-VN
ntp — ntp NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression. 2017-01-13 5.0 CVE-2016-7431
CONFIRM
CONFIRM
CONFIRM
BID
CERT-VN
ntp — ntp NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a “root distance that did not include the peer dispersion.” 2017-01-13 5.0 CVE-2016-7433
CONFIRM
CONFIRM
CONFIRM
BID
CERT-VN
ntp — ntp The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query. 2017-01-13 5.0 CVE-2016-7434
CONFIRM
CONFIRM
CONFIRM
BID
CERT-VN
ntp — ntp The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. 2017-01-13 6.4 CVE-2016-9310
CONFIRM
CONFIRM
CONFIRM
BID
CERT-VN
ntp — ntp ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet. 2017-01-13 5.0 CVE-2016-9312
CONFIRM
CONFIRM
CONFIRM
BID
CERT-VN
opensuse_project — opensuse Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool. 2017-01-20 4.3 CVE-2016-5316
SUSE
SUSE
SUSE
MLIST
opensuse_project — opensuse Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file. 2017-01-20 4.3 CVE-2016-5317
SUSE
SUSE
SUSE
MLIST
MLIST
opensuse_project — opensuse The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image. 2017-01-20 5.0 CVE-2016-5323
SUSE
MLIST
otr — gajim-otr The OTR plugin for Gajim sends information in cleartext when using XHTML, which allows remote attackers to obtain sensitive information via unspecified vectors. 2017-01-13 5.0 CVE-2016-9107
MLIST
MLIST
BID
CONFIRM
CONFIRM
s9y — serendipity Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header. 2017-01-14 5.8 CVE-2017-5474
CONFIRM
s9y — serendipity comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments. 2017-01-14 6.8 CVE-2017-5475
CONFIRM
s9y — serendipity Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin. 2017-01-14 6.8 CVE-2017-5476
CONFIRM
samsung — exynos_fimg2d_driver The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows local users to cause a denial of service (kernel panic) via a crafted ioctl command. 2017-01-18 4.9 CVE-2016-9278
CONFIRM
MLIST
MLIST
BID
samsung — exynos_fimg2d_driver Use-after-free vulnerability in the Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows attackers to obtain sensitive information via unspecified vectors. 2017-01-18 5.0 CVE-2016-9279
CONFIRM
MLIST
MLIST
BID
sociomantic — git-hub sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL. 2017-01-19 6.8 CVE-2016-7793
MLIST
BID
CONFIRM
spip — spip Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code. 2017-01-18 6.8 CVE-2016-7980
MLIST
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
spip — spip Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action. 2017-01-18 4.3 CVE-2016-7981
MLIST
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
spip — spip Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action. 2017-01-18 5.0 CVE-2016-7982
MLIST
MLIST
MLIST
BID
CONFIRM
spip — spip The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action. 2017-01-18 6.5 CVE-2016-7998
MLIST
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
spip — spip ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action. 2017-01-18 4.3 CVE-2016-7999
MLIST
MLIST
MLIST
MLIST
BID
CONFIRM
CONFIRM
symphony-cms — symphony_cms Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder parameters. 2017-01-20 5.0 CVE-2017-5541
CONFIRM
CONFIRM
symphony-cms — symphony_cms Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter. 2017-01-20 4.3 CVE-2017-5542
CONFIRM
CONFIRM
tiki — tikiwiki_cms/groupware A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field. 2017-01-20 5.0 CVE-2016-10143
CONFIRM
CONFIRM
tqdm_project — tqdm The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory. 2017-01-19 4.6 CVE-2016-10075
MLIST
BID
MISC
unrealircd — unrealircd The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter. 2017-01-18 6.8 CVE-2016-7144
MLIST
MLIST
BID
CONFIRM
CONFIRM
viprinet — multichannel_vpn_router_300_firmware Multiple cross-site scripting (XSS) vulnerabilities in the ‘old’ and ‘new’ interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool. 2017-01-20 4.3 CVE-2014-2045
MISC
FULLDISC
BUGTRAQ
EXPLOIT-DB
MISC
viprinet — multichannel_vpn_router_300_firmware The hardware VPN client in Viprinet MultichannelVPN Router 300 verison 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint’s SSL key) before initiating the exchange, which allows an attacker to perform a Man in the Middle attack. 2017-01-20 4.3 CVE-2014-9754
MISC
FULLDISC
BUGTRAQ
viprinet — multichannel_vpn_router_300_firmware The hardware VPN client in Viprinet MultichannelVPN Router 300 verison 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint’s SSL key) before initiating the exchange, which allows remote attackers to perform a replay attack. 2017-01-20 5.0 CVE-2014-9755
MISC
FULLDISC
BUGTRAQ
w3m_project — w3m The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to

tags.
2017-01-20 4.3 CVE-2016-9435
SUSE
MLIST
BID
CONFIRM
MISC
GENTOO
w3m_project — w3m parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a tag. 2017-01-20 4.3 CVE-2016-9436
SUSE
MLIST
BID
CONFIRM
MISC
GENTOO
wordpress — wordpress The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896. 2017-01-18 4.0 CVE-2016-10148
MLIST
CONFIRM
CONFIRM
MISC
wordpress — wordpress Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool. 2017-01-18 5.5 CVE-2016-6896
MLIST
MISC
wordpress — wordpress Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896. 2017-01-18 4.3 CVE-2016-6897
MLIST
BID
CONFIRM
MISC
wordpress — wordpress wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request. 2017-01-14 5.0 CVE-2017-5487
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
MISC
wordpress — wordpress Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin. 2017-01-14 4.3 CVE-2017-5488
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
wordpress — wordpress Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload. 2017-01-14 6.8 CVE-2017-5489
MLIST
BID
CONFIRM
CONFIRM
wordpress — wordpress Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php. 2017-01-14 4.3 CVE-2017-5490
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
MISC
wordpress — wordpress wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name. 2017-01-14 5.0 CVE-2017-5491
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
wordpress — wordpress Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php. 2017-01-14 6.8 CVE-2017-5492
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
wordpress — wordpress wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup. 2017-01-14 5.0 CVE-2017-5493
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
zimbra — zimbra_collaboration_suite Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to affect integrity via unknown vectors, aka bug 99810. 2017-01-18 4.0 CVE-2016-3401
CONFIRM
CONFIRM
zimbra — zimbra_collaboration_suite Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect confidentiality via unknown vectors, aka bug 99167. 2017-01-18 5.0 CVE-2016-3402
CONFIRM
CONFIRM
zimbra — zimbra_collaboration_suite Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103959. 2017-01-18 5.0 CVE-2016-3404
CONFIRM
CONFIRM
zimbra — zimbra_collaboration_suite Multiple unspecified vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to affect integrity via unknown vectors, aka bugs 103961 and 104828. 2017-01-18 5.0 CVE-2016-3405
CONFIRM
CONFIRM
zimbra — zimbra_collaboration_suite Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the Client uploader extension or (2) extension REST handlers, aka bugs 104294 and 104456. 2017-01-18 6.8 CVE-2016-3406
CONFIRM
CONFIRM
CONFIRM
CONFIRM
zimbra — zimbra_collaboration_suite Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104222, 104910, 105071, and 105175. 2017-01-18 4.3 CVE-2016-3407
CONFIRM
CONFIRM
zimbra — zimbra_collaboration_suite Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 101813. 2017-01-18 4.3 CVE-2016-3408
CONFIRM
CONFIRM
zimbra — zimbra_collaboration_suite Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 102637. 2017-01-18 4.3 CVE-2016-3409
CONFIRM
CONFIRM
zimbra — zimbra_collaboration_suite Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103956, 103995, 104475, 104838, and 104839. 2017-01-18 4.3 CVE-2016-3410
CONFIRM
CONFIRM
zimbra — zimbra_collaboration_suite Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 103609. 2017-01-18 4.3 CVE-2016-3411
CONFIRM
CONFIRM
zimbra — zimbra_collaboration_suite Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103997, 104413, 104414, 104777, and 104791. 2017-01-18 4.3 CVE-2016-3412
CONFIRM
CONFIRM
zimbra — zimbra_collaboration_suite Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103996. 2017-01-18 5.0 CVE-2016-3413
CONFIRM
CONFIRM
zimbra — zimbra_collaboration_suite Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 allows remote authenticated users to affect availability via unknown vectors, aka bug 102029. 2017-01-18 4.0 CVE-2016-3414
CONFIRM
CONFIRM
zimbra — zimbra_collaboration_suite Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276. 2017-01-18 6.4 CVE-2016-3415
CONFIRM
CONFIRM
zimbra — zimbra_collaboration_suite Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104552 and 104703. 2017-01-18 4.3 CVE-2016-3999
CONFIRM
CONFIRM
zimbra — zimbra_collaboration_suite Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 104477. 2017-01-18 4.3 CVE-2016-4019
CONFIRM
CONFIRM
zoneminder — zoneminder Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30.0, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server. 2017-01-13 5.0 CVE-2016-10140
CONFIRM

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
b2evolution — b2evolution Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name. 2017-01-18 3.5 CVE-2016-7150
MLIST
MLIST
BID
CONFIRM
b2evolution — b2evolution Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame. 2017-01-15 3.5 CVE-2017-5494
BID
CONFIRM
CONFIRM
info-zip — unzip Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method. 2017-01-18 2.1 CVE-2014-9913
MLIST
MLIST
MLIST
MLIST
BID
CONFIRM
info-zip — unzip Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header. 2017-01-18 2.1 CVE-2016-9844
MLIST
MLIST
MLIST
BID
CONFIRM
linux — linux_kernel arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt. 2017-01-14 3.6 CVE-2017-2584
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
metalgenix — genixcms Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names. 2017-01-17 3.5 CVE-2017-5515
BID
CONFIRM
ntp — ntp The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet. 2017-01-13 3.3 CVE-2016-7427
CONFIRM
CONFIRM
CONFIRM
BID
CERT-VN
ntp — ntp ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet. 2017-01-13 3.3 CVE-2016-7428
CONFIRM
CONFIRM
CONFIRM
BID
CERT-VN
phpmailer_project — phpmailer An issue was discovered in PHPMailer before 5.2.22. PHPMailer’s msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory. 2017-01-16 2.1 CVE-2017-5223
MISC
BID
MISC

Back to top

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
libimobiledevice — libplist
 
The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short. 2017-01-20 not yet calculated CVE-2017-5545
CONFIRM
CONFIRM
netgear — routers
 
An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. The bug is exploitable remotely if the remote management option is set, and can also be exploited given access to the router over LAN or WLAN. When trying to access the web panel, a user is asked to authenticate; if the authentication is canceled and password recovery is not enabled, the user is redirected to a page that exposes a password recovery token. If a user supplies the correct token to the page /passwordrecovered.cgi?id=TOKEN (and password recovery is not enabled), they will receive the admin password for the router. If password recovery is set the exploit will fail, as it will ask the user for the recovery questions that were previously set when enabling that feature. This is persistent (even after disabling the recovery option, the exploit will fail) because the router will ask for the security questions. 2017-01-17 not yet calculated CVE-2017-5521
CONFIRM
BID

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Powered by WPeMatico

This entry was posted in Alerts. Bookmark the permalink.