SB17-044: Vulnerability Summary for the Week of February 6, 2017

Original release date: February 13, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
dotnetnuke — dotnetnuke The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx. 2017-02-06 7.5 CVE-2015-2794
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DB
exponentcms — exponent_cms Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id parameter in a showComments expComment controller action. 2017-02-07 7.5 CVE-2016-7400
MLIST
MLIST
BID
CONFIRM
CONFIRM
exponentcms — exponent_cms An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects source_selector.php and the following parameter: src. 2017-02-06 7.5 CVE-2017-5879
BID
MISC
google — android Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets. 2017-02-07 7.2 CVE-2014-9914
CONFIRM
CONFIRM
CONFIRM
BID
CONFIRM
google — android The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call. 2017-02-07 7.2 CVE-2016-10044
CONFIRM
CONFIRM
CONFIRM
BID
CONFIRM
google — android A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Product: Android. Versions: N/A. Android ID: A-32652894. References: QC-CR#1077457. 2017-02-08 10.0 CVE-2016-8418
BID
CONFIRM
google — android A remote code execution vulnerability in Surfaceflinger could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Surfaceflinger process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-31960359. 2017-02-08 9.3 CVE-2017-0405
BID
CONFIRM
google — android A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32915871. 2017-02-08 9.3 CVE-2017-0406
BID
CONFIRM
google — android A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32873375. 2017-02-08 9.3 CVE-2017-0407
BID
CONFIRM
google — android An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31929765. 2017-02-08 9.3 CVE-2017-0410
BID
CONFIRM
google — android An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33042690. 2017-02-08 9.3 CVE-2017-0411
BID
CONFIRM
google — android An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33039926. 2017-02-08 9.3 CVE-2017-0412
BID
CONFIRM
google — android An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32706020. 2017-02-08 9.3 CVE-2017-0415
BID
CONFIRM
google — android An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32886609. 2017-02-08 9.3 CVE-2017-0416
BID
CONFIRM
google — android An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32705438. 2017-02-08 9.3 CVE-2017-0417
BID
CONFIRM
google — android An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32703959. 2017-02-08 9.3 CVE-2017-0418
BID
CONFIRM
google — android An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32220769. 2017-02-08 9.3 CVE-2017-0419
BID
CONFIRM
google — android A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322088. 2017-02-08 7.8 CVE-2017-0422
BID
CONFIRM
google — android An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33001936. 2017-02-08 7.6 CVE-2017-0434
BID
CONFIRM
google — android An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32769717. 2017-02-08 7.6 CVE-2017-0445
BID
CONFIRM
google — android An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32917445. 2017-02-08 7.6 CVE-2017-0446
BID
CONFIRM
google — android An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32919560. 2017-02-08 7.6 CVE-2017-0447
BID
CONFIRM
google — android An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it is mitigated by current platform configurations. Product: Android. Versions: N/A. Android ID: A-32917432. 2017-02-08 9.3 CVE-2017-0450
BID
CONFIRM
graphicsmagick — graphicsmagick Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317. 2017-02-06 7.5 CVE-2016-7446
SUSE
SUSE
MLIST
BID
CONFIRM
graphicsmagick — graphicsmagick Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors. 2017-02-06 7.5 CVE-2016-7447
SUSE
SUSE
MLIST
BID
CONFIRM
graphicsmagick — graphicsmagick The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size. 2017-02-06 7.8 CVE-2016-7448
SUSE
SUSE
MLIST
BID
CONFIRM
libwebp_project — libwebp Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors. 2017-02-03 7.5 CVE-2016-9085
MLIST
BID
CONFIRM
CONFIRM
FEDORA
FEDORA
FEDORA
GENTOO
linux — linux_kernel Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device. 2017-02-06 10.0 CVE-2016-10150
CONFIRM
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
linux — linux_kernel The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging reliance on earlier net/ceph/crypto.c code. 2017-02-06 7.2 CVE-2016-10153
CONFIRM
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
linux — linux_kernel An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32454494. References: QC-CR#1087209. 2017-02-08 7.6 CVE-2016-8419
BID
CONFIRM
linux — linux_kernel An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451171. References: QC-CR#1087807. 2017-02-08 7.6 CVE-2016-8420
BID
CONFIRM
linux — linux_kernel An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451104. References: QC-CR#1087797. 2017-02-08 7.6 CVE-2016-8421
BID
CONFIRM
linux — linux_kernel An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32879283. References: QC-CR#1091940. 2017-02-08 7.6 CVE-2016-8476
BID
CONFIRM
linux — linux_kernel An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31804432. References: QC-CR#1086186. 2017-02-08 7.6 CVE-2016-8480
BID
CONFIRM
linux — linux_kernel An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906415. References: QC-CR#1078000. 2017-02-08 7.6 CVE-2016-8481
BID
CONFIRM
linux — linux_kernel An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495866. 2017-02-08 9.3 CVE-2017-0427
BID
CONFIRM
linux — linux_kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32401526. References: N-CVE-2017-0428. 2017-02-08 9.3 CVE-2017-0428
BID
CONFIRM
linux — linux_kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32636619. References: N-CVE-2017-0429. 2017-02-08 9.3 CVE-2017-0429
BID
CONFIRM
linux — linux_kernel An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32838767. References: B-RB#107459. 2017-02-08 9.3 CVE-2017-0430
BID
CONFIRM
linux — linux_kernel An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-28332719. 2017-02-08 7.6 CVE-2017-0432
BID
CONFIRM
linux — linux_kernel An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31913571. 2017-02-08 7.6 CVE-2017-0433
BID
CONFIRM
linux — linux_kernel An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906657. References: QC-CR#1078000. 2017-02-08 7.6 CVE-2017-0435
BID
CONFIRM
linux — linux_kernel An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32624661. References: QC-CR#1078000. 2017-02-08 7.6 CVE-2017-0436
BID
CONFIRM
linux — linux_kernel An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402310. References: QC-CR#1092497. 2017-02-08 7.6 CVE-2017-0437
BID
CONFIRM
linux — linux_kernel An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402604. References: QC-CR#1092497. 2017-02-08 7.6 CVE-2017-0438
BID
CONFIRM
linux — linux_kernel An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32450647. References: QC-CR#1092059. 2017-02-08 7.6 CVE-2017-0439
BID
CONFIRM
linux — linux_kernel An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33252788. References: QC-CR#1095770. 2017-02-08 7.6 CVE-2017-0440
BID
CONFIRM
linux — linux_kernel An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32872662. References: QC-CR#1095009. 2017-02-08 7.6 CVE-2017-0441
BID
CONFIRM
linux — linux_kernel An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32871330. References: QC-CR#1092497. 2017-02-08 7.6 CVE-2017-0442
BID
CONFIRM
linux — linux_kernel An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32877494. References: QC-CR#1092497. 2017-02-08 7.6 CVE-2017-0443
BID
CONFIRM
linux — linux_kernel An elevation of privilege vulnerability in the Realtek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32705232. 2017-02-08 7.6 CVE-2017-0444
BID
CONFIRM
linux — linux_kernel An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10. Android ID: A-31707909. References: B-RB#32094. 2017-02-08 7.6 CVE-2017-0449
BID
CONFIRM
linux — linux_kernel The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possibly have unspecified other impact in opportunistic circumstances by leveraging the selection of a large value for a random number. 2017-02-06 7.2 CVE-2017-5546
CONFIRM
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
linux — linux_kernel drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. 2017-02-06 7.2 CVE-2017-5547
CONFIRM
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
linux — linux_kernel drivers/net/ieee802154/atusb.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. 2017-02-06 7.2 CVE-2017-5548
CONFIRM
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
linux — linux_kernel Integer overflow in the vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted size value in a VC4_SUBMIT_CL ioctl call. 2017-02-06 7.2 CVE-2017-5576
CONFIRM
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
MLIST
msweet — mini-xml The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. 2017-02-03 7.1 CVE-2016-4570
MLIST
MLIST
BID
CONFIRM
msweet — mini-xml The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. 2017-02-03 7.1 CVE-2016-4571
MLIST
MLIST
BID
CONFIRM
saltstack — salt Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. 2017-02-07 7.5 CVE-2016-9639
MLIST
MLIST
BID
CONFIRM
sendquick — avera_sms_gateway_firmware An issue was discovered on SendQuick Entera and Avera devices before 2HF16. Multiple Command Injection vulnerabilities allow attackers to execute arbitrary system commands. 2017-02-05 7.5 CVE-2016-10098
BID
MISC
sendquick — avera_sms_gateway_firmware An issue was discovered on SendQuick Entera and Avera devices before 2HF16. The application failed to check the access control of the request which could result in an attacker being able to shutdown the system. 2017-02-05 7.8 CVE-2017-5136
BID
MISC

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cairographics — cairo Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file. 2017-02-03 4.3 CVE-2016-9082
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
cisco — firepower_management_center A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base. More Information: CSCvb95281. Known Affected Releases: 6.1.0 6.2.0. Known Fixed Releases: 6.1.0.1 6.2.0. 2017-02-03 5.0 CVE-2017-3809
BID
CONFIRM
cisco — firepower_management_center A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance’s ability to block certain web content, aka a URL Bypass. More Information: CSCvb93980. Known Affected Releases: 5.3.0 5.4.0 6.0.0 6.0.1 6.1.0. 2017-02-03 5.0 CVE-2017-3814
BID
CONFIRM
cisco — prime_service_catalog A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a web URL redirect attack against a user who is logged in to an affected system. More Information: CSCvb21745. Known Affected Releases: 10.0_R2_tanggula. 2017-02-03 4.9 CVE-2017-3810
BID
CONFIRM
debian — debian_linux The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. 2017-02-03 5.8 CVE-2016-10165
SUSE
DEBIAN
MLIST
MLIST
BID
CONFIRM
debian — debian_linux Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file. 2017-02-06 4.3 CVE-2016-9532
CONFIRM
DEBIAN
MLIST
MLIST
MLIST
BID
CONFIRM
GENTOO
dotcms — dotcms XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /news-events/events date parameter. 2017-02-06 4.3 CVE-2017-5876
BID
MISC
dotcms — dotcms XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /about-us/locations/index direction parameter. 2017-02-06 4.3 CVE-2017-5877
BID
MISC
fedoraproject — fedora Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file. 2017-02-03 4.3 CVE-2016-4796
MLIST
CONFIRM
CONFIRM
CONFIRM
FEDORA
FEDORA
FEDORA
FEDORA
fedoraproject — fedora Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947. 2017-02-03 4.3 CVE-2016-4797
MLIST
CONFIRM
CONFIRM
MISC
FEDORA
FEDORA
FEDORA
FEDORA
fedoraproject — fedora The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. 2017-02-03 4.3 CVE-2016-8568
SUSE
SUSE
SUSE
SUSE
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
FEDORA
FEDORA
FEDORA
fedoraproject — fedora The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. 2017-02-03 4.3 CVE-2016-8569
SUSE
SUSE
SUSE
SUSE
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
FEDORA
FEDORA
FEDORA
fedoraproject — fedora Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression. 2017-02-03 5.0 CVE-2016-9108
MLIST
BID
CONFIRM
FEDORA
FEDORA
FEDORA
gnome — librsvg The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file. 2017-02-03 4.3 CVE-2016-6163
MLIST
MLIST
CONFIRM
gnu — libiberty The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types. 2017-02-07 5.0 CVE-2016-6131
MLIST
MLIST
BID
CONFIRM
MLIST
google — android A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 7.1.1. Android ID: A-32769670. 2017-02-08 6.8 CVE-2017-0408
BID
CONFIRM
google — android A remote code execution vulnerability in libstagefright could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31999646. 2017-02-08 6.8 CVE-2017-0409
BID
CONFIRM
google — android An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32161610. 2017-02-08 4.3 CVE-2017-0413
BID
CONFIRM
google — android An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32807795. 2017-02-08 4.3 CVE-2017-0414
BID
CONFIRM
google — android An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32615212. 2017-02-08 4.3 CVE-2017-0420
BID
CONFIRM
google — android An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32555637. 2017-02-08 4.3 CVE-2017-0421
BID
CONFIRM
google — android An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it is a general bypass for a user level defense in depth or exploit mitigation technology in a privileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322450. 2017-02-08 4.3 CVE-2017-0424
BID
CONFIRM
google — android An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32720785. 2017-02-08 4.3 CVE-2017-0425
BID
CONFIRM
google — android An information disclosure vulnerability in the Filesystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32799236. 2017-02-08 4.3 CVE-2017-0426
BID
CONFIRM
graphicsmagick — graphicsmagick The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an “unterminated” string. 2017-02-06 5.0 CVE-2016-7449
SUSE
SUSE
MLIST
BID
CONFIRM
graphicsmagick — graphicsmagick Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow. 2017-02-06 5.0 CVE-2016-7800
SUSE
SUSE
DEBIAN
MLIST
BID
CONFIRM
CONFIRM
ibm — connections IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses. 2017-02-08 4.0 CVE-2016-0307
CONFIRM
BID
ibm — connections IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images. 2017-02-08 4.0 CVE-2016-0308
CONFIRM
BID
ibm — security_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data. 2017-02-07 4.0 CVE-2016-6094
CONFIRM
BID
ibm — security_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2017-02-07 4.3 CVE-2016-6096
CONFIRM
BID
libavformat_project — libavformat Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer allows remote attackers to cause a denial of service (crash) via large dimensions in a gif file. 2017-02-03 4.3 CVE-2016-4352
MLIST
CONFIRM
libavformat_project — libavformat The avcodec_decode_audio4 function in libavcodec in libavformat 57.34.103, as used in MPlayer, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file. 2017-02-03 4.3 CVE-2016-5115
MLIST
CONFIRM
libtiff — libtiff Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file. 2017-02-06 4.3 CVE-2016-5102
CONFIRM
BID
CONFIRM
GENTOO
linux — linux_kernel include/linux/init_task.h in the Linux kernel before 2.6.35 does not prevent signals with a process group ID of zero from reaching the swapper process, which allows local users to cause a denial of service (system crash) by leveraging access to this process group. 2017-02-06 4.9 CVE-2010-5328
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a scatterlist. 2017-02-06 4.9 CVE-2016-10154
CONFIRM
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
linux — linux_kernel The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image. 2017-02-06 4.9 CVE-2016-10208
CONFIRM
FULLDISC
MLIST
BID
CONFIRM
CONFIRM
linux — linux_kernel An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-32721029. References: N-CVE-2017-0448. 2017-02-08 4.3 CVE-2017-0448
BID
CONFIRM
linux — linux_kernel The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a “MOV SS, NULL selector” instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application. 2017-02-06 4.6 CVE-2017-2583
CONFIRM
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
linux — linux_kernel The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references. 2017-02-06 4.9 CVE-2017-2596
MLIST
BID
CONFIRM
linux — linux_kernel The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) via inconsistent size values in a VC4_SUBMIT_CL ioctl call. 2017-02-06 4.9 CVE-2017-5577
CONFIRM
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
MLIST
netapp — snap_creator_framework Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. 2017-02-07 6.8 CVE-2016-5372
CONFIRM
openafs — openafs OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses. 2017-02-06 5.0 CVE-2016-9772
MLIST
BID
CONFIRM
openjpeg — openjpeg The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file. 2017-02-03 4.3 CVE-2016-3183
MLIST
CONFIRM
CONFIRM
CONFIRM
FEDORA
FEDORA
FEDORA
FEDORA
GENTOO
opensuse_project — opensuse magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file. 2017-02-03 4.3 CVE-2016-5241
SUSE
SUSE
CONFIRM
MLIST
MLIST
BID
CONFIRM
plone — plone Cross-site scripting (XSS) vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the obj_ids:tokens parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7140. 2017-02-04 4.3 CVE-2016-7147
BID
MISC
MISC
MISC
sanadata — sanacms Cross-site scripting (XSS) vulnerability in index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter. 2017-02-04 4.3 CVE-2017-5882
BID
MISC
sendquick — avera_sms_gateway_firmware An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective. 2017-02-05 5.0 CVE-2017-5137
BID
MISC
sogo — sogo Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to upload a large attachment, related to temporary files. 2017-02-03 6.8 CVE-2016-6188
MLIST
BID
CONFIRM
CONFIRM
suse — linux_enterprise_debuginfo Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c. 2017-02-03 4.3 CVE-2016-2317
SUSE
SUSE
SUSE
DEBIAN
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
BID
CONFIRM
suse — linux_enterprise_debuginfo GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c. 2017-02-03 4.3 CVE-2016-2318
SUSE
SUSE
SUSE
DEBIAN
MLIST
MLIST
MLIST
MLIST
MLIST
BID
CONFIRM
zoneminder — zoneminder Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client’s browser. The URL is /zm/index.php and sample parameters could include action=login&view=postlogin[XSS] view=console[XSS] view=groups[XSS] view=events&filter[terms][1][cnj]=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=[XSS]and view=events&limit=1%22%3E%3C/a%3E[XSS] (among others). 2017-02-06 4.3 CVE-2017-5367
MISC
MISC
BID
zoneminder — zoneminder ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and automatically create a new admin user within the web application for remote persistence and further attacks. The URL is /zm/index.php and sample parameters could include action=user uid=0 newUser[Username]=attacker1 newUser[Password]=Password1234 conf_password=Password1234 newUser[System]=Edit (among others). 2017-02-06 6.8 CVE-2017-5368
MISC
MISC
BID

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
dotcms — dotcms XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter. 2017-02-06 3.5 CVE-2017-5875
BID
MISC
freebsd — freebsd bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readable permissions on the snmpd.config file, which allows local users to obtain the secret key for USM authentication by reading the file. 2017-02-07 2.1 CVE-2015-5677
CONFIRM
FREEBSD
google — android An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability in the Bluetooth stack. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32612586. 2017-02-08 2.9 CVE-2017-0423
BID
CONFIRM
ibm — connections IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials. 2017-02-08 3.5 CVE-2016-0305
CONFIRM
BID
ibm — connections IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker’s domain. 2017-02-08 3.5 CVE-2016-0310
CONFIRM
BID
ibm — security_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user. 2017-02-07 2.1 CVE-2016-6092
CONFIRM
ibm — security_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system. 2017-02-07 2.1 CVE-2016-6097
CONFIRM
BID
linux — linux_kernel An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31704078. References: QC-CR#1076407. 2017-02-08 2.6 CVE-2016-8414
BID
CONFIRM
linux — linux_kernel An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796345. References: QC-CR#1073129. 2017-02-08 2.6 CVE-2017-0451
BID
CONFIRM
linux — linux_kernel The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log. 2017-02-06 2.1 CVE-2017-5549
CONFIRM
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
linux — linux_kernel Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision. 2017-02-06 2.1 CVE-2017-5550
CONFIRM
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
linux — linux_kernel The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097. 2017-02-06 3.6 CVE-2017-5551
CONFIRM
CONFIRM
MLIST
BID
CONFIRM
CONFIRM

Back to top

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
atutor — atutor
 
Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file. 2017-02-07 not yet calculated CVE-2016-2539
CONFIRM
MISC
busybox — busybox
 
Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing. 2017-02-09 not yet calculated CVE-2016-2148
MLIST
CONFIRM
CONFIRM
busybox — busybox
 
Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write. 2017-02-09 not yet calculated CVE-2016-2147
MLIST
CONFIRM
CONFIRM
cisco — anyconnect_secure_mobility_client_software
 
A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient implementation of the access controls. An attacker could exploit this vulnerability by opening the Internet Explorer browser. An exploit could allow the attacker to use Internet Explorer with the privileges of the SYSTEM user. This may allow the attacker to execute privileged commands on the targeted system. This vulnerability affects versions prior to released versions 4.4.00243 and later and 4.3.05017 and later. Cisco Bug IDs: CSCvc43976. 2017-02-09 not yet calculated CVE-2017-3813
CONFIRM
cisco — asa_software
 
A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 9.0-9.6, could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by sending a crafted URL to the affected system. An exploit could allow the remote attacker to cause a reload of the affected system or potentially execute code. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 or IPv6 traffic. A valid TCP connection is needed to perform the attack. The attacker needs to have valid credentials to log in to the Clientless SSL VPN portal. Vulnerable Cisco ASA Software running on the following products may be affected by this vulnerability: Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco ASA for Firepower 9300 Series, Cisco ASA for Firepower 4100 Series. Cisco Bug IDs: CSCvc23838. 2017-02-09 not yet calculated CVE-2017-3807
CONFIRM
citrix — netscaler
 
Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 does not properly generate GCM nonces, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging a reused nonce in a session and a “forbidden attack,” a similar issue to CVE-2016-0270. 2017-02-08 not yet calculated CVE-2017-5933
MISC
CONFIRM
dhcpcd — dhcpcd
 
dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length. 2017-02-07 not yet calculated CVE-2016-1504
CONFIRM
CONFIRM
MLIST
MLIST
dotclear — dotclear
 
Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment. 2017-02-09 not yet calculated CVE-2015-8831
CONFIRM
MISC
FULLDISC
MLIST
MLIST
MISC
CONFIRM
dotclear — dotclear
 
Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with “manage their own media items” and “manage their own entries and comments” permissions to execute arbitrary PHP code by uploading a file with a (1) .pht, (2) .phps, or (3) .phtml extension. 2017-02-09 not yet calculated CVE-2015-8832
CONFIRM
MISC
FULLDISC
MLIST
MLIST
MISC
CONFIRM
emc — data_domain_os
 
EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10 has a command injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. 2017-02-03 not yet calculated CVE-2016-8216
CONFIRM
BID
SECTRACK
emc — data_protection_advisor
 
EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system. 2017-02-03 not yet calculated CVE-2016-8211
CONFIRM
BID
SECTRACK
emc — isilon_insightiq
 
EMC Isilon InsightIQ 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.1, 3.0.0 is affected by an authentication bypass vulnerability that could potentially be exploited by attackers to compromise the affected system. 2017-02-08 not yet calculated CVE-2017-2765
CONFIRM
BID
emc — recoverpoint
 
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissions set on a sensitive system file. A malicious administrator with configuration privileges may access this sensitive system file and compromise the affected system. 2017-02-03 not yet calculated CVE-2016-6648
CONFIRM
BID
SECTRACK
emc — recoverpoint
 
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by multiple command injection vulnerabilities where a malicious administrator with configuration privileges may bypass the user interface and escalate his privileges to root. 2017-02-03 not yet calculated CVE-2016-6649
CONFIRM
BID
SECTRACK
emc — rsa_web_threat_detection
 
EMC RSA Web Threat Detection version 5.0, RSA Web Threat Detection version 5.1, RSA Web Threat Detection version 5.1.2 has a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. 2017-02-03 not yet calculated CVE-2016-0919
CONFIRM
BID
SECTRACK
emoncms — emoncms
 
An issue was discovered in Emoncms through 9.8.0. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the “emoncms-master/Modules/vis/visualisations/compare.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. 2017-02-11 not yet calculated CVE-2017-5964
MISC
f5 — big-ip
 
A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well. 2017-02-09 not yet calculated CVE-2016-9244
SECTRACK
CONFIRM
fastspot — bigtree_cms
 
An issue was discovered in Fastspot BigTree bigtree-form-builder before 1.2. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP POST parameters passed to a “site/index.php/../../extensions/com.fastspot.form-builder/ajax/redraw-field.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. 2017-02-10 not yet calculated CVE-2016-10215
MISC
ffmpeg — ffmpeg
 
Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size. 2017-02-09 not yet calculated CVE-2016-10192
MLIST
MLIST
BID
CONFIRM
CONFIRM
ffmpeg — libavformat
 
Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches. 2017-02-09 not yet calculated CVE-2016-10191
MLIST
MLIST
BID
CONFIRM
CONFIRM
ffmpeg — libavformat
 
Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response. 2017-02-09 not yet calculated CVE-2016-10190
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
firejail — firejail
 
Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the –private option. 2017-02-09 not yet calculated CVE-2017-5180
MISC
BID
MISC
firejail — firejail
 
Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the –private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180. 2017-02-09 not yet calculated CVE-2017-5940
MISC
MISC
MISC
MISC
MISC
fortinet — fortinet_fortiwlc
 
The implementation of an ANSI X9.31 RNG in Fortinet FortiWLC allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption. 2017-02-08 not yet calculated CVE-2016-8492
BID
CONFIRM
gettext — gettext
 
Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header. 2017-02-07 not yet calculated CVE-2016-6175
CONFIRM
CONFIRM
MISC
gnu — gnu_coreutils
 
chroot in GNU coreutils, when used with –userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal’s input buffer. 2017-02-07 not yet calculated CVE-2016-2781
MLIST
MLIST
gradle — gradle
 
ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object. 2017-02-07 not yet calculated CVE-2016-6199
MISC
MISC
gstreamer — gstreamer
 
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags. 2017-02-09 not yet calculated CVE-2017-5841
MLIST
MLIST
BID
CONFIRM
CONFIRM
gstreamer — gstreamer
 
The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi. 2017-02-09 not yet calculated CVE-2017-5842
MLIST
MLIST
BID
CONFIRM
CONFIRM
gstreamer — gstreamer
 
The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index. 2017-02-09 not yet calculated CVE-2017-5840
MLIST
MLIST
BID
CONFIRM
CONFIRM
gstreamer — gstreamer
 
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX. 2017-02-09 not yet calculated CVE-2017-5839
MLIST
MLIST
BID
CONFIRM
CONFIRM
gstreamer — gstreamer
 
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file. 2017-02-09 not yet calculated CVE-2017-5837
MLIST
MLIST
BID
CONFIRM
CONFIRM
gstreamer — gstreamer
 
The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string. 2017-02-09 not yet calculated CVE-2017-5838
MLIST
MLIST
BID
CONFIRM
CONFIRM
gstreamer — gstreamer
 
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file. 2017-02-09 not yet calculated CVE-2017-5844
MLIST
MLIST
BID
CONFIRM
CONFIRM
gstreamer — gstreamer
 
Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf. 2017-02-09 not yet calculated CVE-2017-5843
MLIST
MLIST
BID
CONFIRM
CONFIRM
gstreamer — gstreamer
 
The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors. 2017-02-09 not yet calculated CVE-2017-5847
MLIST
MLIST
BID
CONFIRM
CONFIRM
gstreamer — gstreamer
 
The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing. 2017-02-09 not yet calculated CVE-2017-5848
MLIST
MLIST
BID
CONFIRM
gstreamer — gstreamer
 
The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value. 2017-02-09 not yet calculated CVE-2016-10199
MLIST
MLIST
BID
CONFIRM
CONFIRM
gstreamer — gstreamer
 
The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file. 2017-02-09 not yet calculated CVE-2017-5846
MLIST
MLIST
BID
CONFIRM
CONFIRM
gstreamer — gstreamer
 
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that “goes behind” the surrounding tag. 2017-02-09 not yet calculated CVE-2017-5845
MLIST
MLIST
BID
CONFIRM
CONFIRM
gstreamer — gstreamer
 
The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file. 2017-02-09 not yet calculated CVE-2016-10198
MLIST
MLIST
BID
CONFIRM
CONFIRM
ibm — cloud_orchestrator
 
A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to. 2017-02-08 not yet calculated CVE-2016-0203
CONFIRM
BID
ibm — cloud_orchestrator
 
A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain. 2017-02-08 not yet calculated CVE-2016-0202
CONFIRM
BID
ibm — cloud_orchestrator
 
A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain. 2017-02-08 not yet calculated CVE-2015-7494
CONFIRM
BID
ibm — cloud_orchestrator
 
IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL. 2017-02-08 not yet calculated CVE-2016-0206
CONFIRM
BID
ibm — dashdb
 
IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database. 2017-02-08 not yet calculated CVE-2016-8954
CONFIRM
BID
ibm — domino
 
IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a “forbidden attack.” NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue. 2017-02-08 not yet calculated CVE-2016-0270
CONFIRM
CONFIRM
CONFIRM
BID
MISC
ibm — infosphere_information_server
 
IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information. 2017-02-08 not yet calculated CVE-2015-7493
CONFIRM
BID
ibm — jazz
 
An unspecified vulnerability in IBM Jazz Team Server may disclose some deployment information to an authenticated user. 2017-02-08 not yet calculated CVE-2016-2866
CONFIRM
ibm — maximo IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2017-02-08 not yet calculated CVE-2016-5902
CONFIRM
BID
ibm — rational_doors
 
IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2017-02-08 not yet calculated CVE-2017-1127
CONFIRM
BID
ibm — rational_doors
 
IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2017-02-08 not yet calculated CVE-2017-1128
CONFIRM
BID
ibm — rational_doors
 
IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system. 2017-02-08 not yet calculated CVE-2016-9748
CONFIRM
BID
ibm — rational_team_concert
 
IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2017-02-08 not yet calculated CVE-2016-6032
CONFIRM
ibm — security_access_manager IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content. 2017-02-07 not yet calculated CVE-2016-3020
CONFIRM
ibm — security_access_manager
 
The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access. 2017-02-08 not yet calculated CVE-2015-5013
CONFIRM
BID
ibm — security_directory_server
 
IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash. 2017-02-08 not yet calculated CVE-2015-1976
CONFIRM
BID
ibm — sterling_b2b_integrator
 
IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to a vulnerable server running to cause the server to disclose sensitive information in the HTTP response. 2017-02-08 not yet calculated CVE-2016-0210
CONFIRM
BID
ibm — system_storage
 
IBM System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to the company network, to change a user’s password and gain remote access to the system. 2017-02-08 not yet calculated CVE-2016-9005
CONFIRM
BID
ibm — tealeaf_customer_experience
 
IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the TLS certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. 2017-02-08 not yet calculated CVE-2016-5900
CONFIRM
ibm — tivoli
 
IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivoli Storage Manager password in application trace output if the password access option is prompt and the password is changed. 2017-02-08 not yet calculated CVE-2016-5918
CONFIRM
BID
ibm — tivoli
 
IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick an unsuspecting victim to execute the file. 2017-02-08 not yet calculated CVE-2016-0214
CONFIRM
BID
ibm — tivoli
 
IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim’s path, an attacker could exploit this vulnerability when the installer is executed to run arbitrary code on the system with privileges of the victim. 2017-02-08 not yet calculated CVE-2016-5934
CONFIRM
BID
ibm — tivoli
 
IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system. 2017-02-07 not yet calculated CVE-2016-6104
CONFIRM
BID
ibm — websphere
 
IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator privileges to obtain sensitive information. 2017-02-08 not yet calculated CVE-2015-7418
CONFIRM
BID
it_items_database — it_items_database
 
An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The vulnerability exists due to insufficient filtration of user-supplied data in the “value” HTTP POST parameter passed to the “itdb-1.23/js/DataTables-1.8.2/examples/examples_support/editable_ajax.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. 2017-02-10 not yet calculated CVE-2016-10216
MISC
jenkins — jenkins
 
Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields. 2017-02-09 not yet calculated CVE-2016-4987
CONFIRM
jenkins — jenkins
 
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. 2017-02-09 not yet calculated CVE-2016-4988
CONFIRM
jenkins — jenkins
 
The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations. 2017-02-09 not yet calculated CVE-2016-3102
CONFIRM
jenkins — jenkins
 
Directory traversal vulnerability in the TAP plugin before 1.25 in Jenkins allows remote attackers to read arbitrary files via an unspecified parameter. 2017-02-09 not yet calculated CVE-2016-4986
CONFIRM
jenkins — jenkins
 
Cross-site scripting (XSS) vulnerability in the Extra Columns plugin before 1.17 in Jenkins allows remote attackers to inject arbitrary web script or HTML by leveraging failure to filter tool tips through the configured markup formatter. 2017-02-09 not yet calculated CVE-2016-3101
CONFIRM
knot_dns — knot_dns
 
Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR. 2017-02-09 not yet calculated CVE-2016-6171
MLIST
MLIST
BID
MISC
CONFIRM
CONFIRM
MLIST
libtorrent — libtorrent
 
The construct function in puff.cpp in Libtorrent 1.1.0 allows remote torrent trackers to cause a denial of service (segmentation fault and crash) via a crafted GZIP response. 2017-02-07 not yet calculated CVE-2016-7164
MLIST
MLIST
BID
CONFIRM
CONFIRM
linux — runuser
 
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal’s input buffer. 2017-02-07 not yet calculated CVE-2016-2779
MLIST
MLIST
MISC
moodle — moodle
 
An issue was discovered in the PoodLL Filter plugin through 3.0.20 for Moodle. The vulnerability exists due to insufficient filtration of user-supplied data in the “poodll_audio_url” HTTP GET parameter passed to the “filter_poodll_moodle32_2016112802/poodll/mp3recorderskins/brazil/index.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. 2017-02-10 not yet calculated CVE-2017-5945
MISC
netapp — oncommand_system_manager
 
NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors. 2017-02-07 not yet calculated CVE-2015-8322
CONFIRM
netapp — oncommand_system_manager
 
Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors. 2017-02-07 not yet calculated CVE-2016-3063
CONFIRM
netapp — oncommand_unified_manager
 
NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors. 2017-02-07 not yet calculated CVE-2016-6667
CONFIRM
netapp — oncommand_workflow
 
NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors. 2017-02-07 not yet calculated CVE-2016-1894
CONFIRM
netapp — ontap
 
NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors. 2017-02-07 not yet calculated CVE-2016-4341
CONFIRM
netapp — ontap
 
NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access. 2017-02-07 not yet calculated CVE-2016-6495
CONFIRM
netapp — snap_center_server
 
NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors. 2017-02-07 not yet calculated CVE-2016-1502
CONFIRM
netapp — snapdrive
 
NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors. 2017-02-07 not yet calculated CVE-2015-8544
CONFIRM
netapp — virtual_storage_console
 
NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors. 2017-02-07 not yet calculated CVE-2016-5711
CONFIRM
netcomm_wireless — hspa_router
 
ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands. 2017-02-09 not yet calculated CVE-2015-6023
MISC
FULLDISC
FULLDISC
BUGTRAQ
BUGTRAQ
EXPLOIT-DB
netcomm_wireless — hspa_router
 
ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the DIA_IPADDRESS parameter. 2017-02-09 not yet calculated CVE-2015-6024
MISC
FULLDISC
FULLDISC
BUGTRAQ
BUGTRAQ
EXPLOIT-DB
nitro_pro — nitro_pro
 
A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this vulnerability. 2017-02-10 not yet calculated CVE-2016-8711
MISC
nitro_pro — nitro_pro
 
A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability. 2017-02-10 not yet calculated CVE-2016-8713
MISC
nitro_pro — nitro_pro
 
A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability. 2017-02-10 not yet calculated CVE-2016-8709
MISC
nlnet_labs — nsd
 
NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data. 2017-02-09 not yet calculated CVE-2016-6173
CONFIRM
MLIST
MLIST
BID
MISC
MLIST
MLIST
CONFIRM
oracle — java
 
An issue was discovered in the serialize-to-js package 0.5.0 for Node.js. Untrusted data passed into the deserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE). 2017-02-10 not yet calculated CVE-2017-5954
MISC
MISC
oracle — java
 
An issue was discovered in ionize through 1.0.8. The vulnerability exists due to insufficient filtration of user-supplied data in the “path” HTTP GET parameter passed to the “ionize-master/themes/admin/javascript/tinymce/jscripts/tiny_mce/plugins/codemirror/dialog.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. 2017-02-11 not yet calculated CVE-2017-5961
MISC
oracle — java
 
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE). 2017-02-09 not yet calculated CVE-2017-5941
MISC
MISC
oracle — mysql
 
Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3. 2017-02-11 not yet calculated CVE-2017-3302
MISC
pear_project — pear_html_ajax
 
PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression. 2017-02-06 not yet calculated CVE-2017-5677
MISC
MISC
MISC
BID
MISC
MISC
perl — perl
 
The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument. 2017-02-07 not yet calculated CVE-2015-8608
MISC
CONFIRM
phalcon_eye — phalcon_eye
 
An issue was discovered in Phalcon Eye through 0.4.1. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the “phalconeye-master/public/external/pydio/plugins/editor.webodf/frame.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. 2017-02-11 not yet calculated CVE-2017-5960
MISC
puppet — puppet_communications_protocol
 
The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2. 2017-02-08 not yet calculated CVE-2016-9686
CONFIRM
radware — radware
 
A10 AX1030 and possibly other devices with software before 2.7.2-P8 uses random GCM nonce generations, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging a reused nonce in a session and a “forbidden attack,” a similar issue to CVE-2016-0270. 2017-02-08 not yet calculated CVE-2016-10213
MISC
CONFIRM
radware — radware
 
Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a “forbidden attack,” a similar issue to CVE-2016-0270. NOTE: this issue may be due to the use of a third-party Cavium product. 2017-02-08 not yet calculated CVE-2016-10212
MISC
CONFIRM
simple_machines — simple_machines_forum
 
Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter. 2017-02-09 not yet calculated CVE-2016-5726
MLIST
MLIST
simple_machines — simple_machines_forum
 
LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop. 2017-02-09 not yet calculated CVE-2016-5727
MLIST
MLIST
CONFIRM
CONFIRM
squid — squidguard
 
Cross-site scripting (XSS) vulnerability in squidGuard.cgi in squidGuard before 1.5 allows remote attackers to inject arbitrary web script or HTML via a blocked site link. 2017-02-09 not yet calculated CVE-2015-8936
MLIST
MLIST
BID
CONFIRM
CONFIRM
symfony — symfony
 
Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. 2017-02-07 not yet calculated CVE-2016-2403
CONFIRM
BID
tor_project — torbrowser-launcher
 
Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signature. 2017-02-07 not yet calculated CVE-2016-3180
BID
CONFIRM
typo3 — typo3
 
An issue was discovered in caddy (for TYPO3) before 7.2.10. The vulnerability exists due to insufficient filtration of user-supplied data in the “paymillToken” HTTP POST parameter passed to the “caddy/Resources/Public/JavaScript/e-payment/paymill/api/php/payment.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. 2017-02-11 not yet calculated CVE-2017-5963
MISC
typo3 — typo3
 
An issue was discovered in contexts_wurfl (for TYPO3) before 0.4.2. The vulnerability exists due to insufficient filtration of user-supplied data in the “force_ua” HTTP GET parameter passed to the “/contexts_wurfl/Library/wurfl-dbapi-1.4.4.0/check_wurfl.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. 2017-02-11 not yet calculated CVE-2017-5962
MISC
unninett — simplesamlphp
 
The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors. 2017-02-07 not yet calculated CVE-2016-3124
BID
CONFIRM
vim — vim
 
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. 2017-02-10 not yet calculated CVE-2017-5953
CONFIRM
CONFIRM
webui — webui
 
Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme. 2017-02-09 not yet calculated CVE-2016-8494
CONFIRM
wind_river — vxworks
 
Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a username and password. 2017-02-07 not yet calculated CVE-2015-7599
CONFIRM
BID
CONFIRM
MISC
windows — windows_os
 
The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended “Please select booking identification” UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog. 2017-02-09 not yet calculated CVE-2017-5634
MISC
MISC
MISC
wordpress — wordpress
 
An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail. 2017-02-10 not yet calculated CVE-2017-5942
MISC
xmpp — xmpp
 
An incorrect implementation of “XEP-0280: Message Carbons” in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application’s display. This allows for various kinds of social engineering attacks. This CVE is for Jitsi 2.5.5061 – 2.9.5544. 2017-02-09 not yet calculated CVE-2017-5603
MISC
MISC
MISC
MISC
xmpp — xmpp
 
An incorrect implementation of “XEP-0280: Message Carbons” in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application’s display. This allows for various kinds of social engineering attacks. This CVE is for Psi+ (0.16.563.580 – 0.16.571.627). 2017-02-09 not yet calculated CVE-2017-5593
MISC
MISC
MISC
MISC
xmpp — xmpp
 
An incorrect implementation of “XEP-0280: Message Carbons” in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application’s display. This allows for various kinds of social engineering attacks. This CVE is for profanity (0.4.7 – 0.5.0). 2017-02-09 not yet calculated CVE-2017-5592
MISC
MISC
MISC
MISC
xmpp — xmpp
 
An incorrect implementation of “XEP-0280: Message Carbons” in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application’s display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and Slixmpp all versions up to 1.2.3, as bundled in poezio (0.8 – 0.10) and other products. 2017-02-09 not yet calculated CVE-2017-5591
MISC
MISC
MISC
MISC
xmpp — xmpp
 
An incorrect implementation of “XEP-0280: Message Carbons” in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application’s display. This allows for various kinds of social engineering attacks. This CVE is for ChatSecure (3.2.0 – 4.0.0; only iOS) and Zom (all versions up to 1.0.11; only iOS). 2017-02-09 not yet calculated CVE-2017-5590
MISC
MISC
MISC
MISC
MISC
xmpp — xmpp
 
An incorrect implementation of “XEP-0280: Message Carbons” in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application’s display. This allows for various kinds of social engineering attacks. This CVE is for Converse.js (0.8.0 – 1.0.6, 2.0.0 – 2.0.4). 2017-02-09 not yet calculated CVE-2017-5858
MISC
MISC
MISC
MISC
xmpp — xmpp
 
An incorrect implementation of “XEP-0280: Message Carbons” in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application’s display. This allows for various kinds of social engineering attacks. This CVE is for jappix 1.0.0 to 1.1.6. 2017-02-09 not yet calculated CVE-2017-5602
MISC
MISC
MISC
MISC
xmpp — xmpp
 
An incorrect implementation of “XEP-0280: Message Carbons” in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application’s display. This allows for various kinds of social engineering attacks. This CVE is for Xabber (only if manually enabled: 1.0.30, 1.0.30 VIP, beta 1.0.3 – 1.0.74; Android). 2017-02-09 not yet calculated CVE-2017-5606
MISC
MISC
MISC
xmpp — xmpp
 
An incorrect implementation of “XEP-0280: Message Carbons” in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application’s display. This allows for various kinds of social engineering attacks. This CVE is for Movim 0.8 – 0.10. 2017-02-09 not yet calculated CVE-2017-5605
MISC
MISC
MISC
MISC
xmpp — xmpp
 
An incorrect implementation of “XEP-0280: Message Carbons” in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application’s display. This allows for various kinds of social engineering attacks. This CVE is for mcabber 1.0.0 – 1.0.4. 2017-02-09 not yet calculated CVE-2017-5604
MISC
MISC
MISC
MISC
xmpp — xmpp
 
An incorrect implementation of “XEP-0280: Message Carbons” in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application’s display. This allows for various kinds of social engineering attacks. This CVE is for yaxim and Bruno (0.8.6 – 0.8.8; Android). 2017-02-09 not yet calculated CVE-2017-5589
MISC
MISC
MISC
MISC
zoneminder — zoneminder
 
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the web server user (www-data). The attack vector is a .. (dot dot) in the path parameter within a zm/index.php?view=file&path= request. 2017-02-06 not yet calculated CVE-2017-5595
MISC
MISC
BID
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

This entry was posted in Alerts. Bookmark the permalink.