SB17-044: Vulnerability Summary for the Week of February 6, 2017
Original release date: February 13, 2017
Back to top
Back to top
Back to top
Back to top
from US-CERT National Cyber Alert System http://ift.tt/2l0HM1m
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| dotnetnuke -- dotnetnuke | The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx. | 2017-02-06 | 7.5 | CVE-2015-2794 CONFIRM CONFIRM CONFIRM EXPLOIT-DB |
| exponentcms -- exponent_cms | Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id parameter in a showComments expComment controller action. | 2017-02-07 | 7.5 | CVE-2016-7400 MLIST MLIST BID CONFIRM CONFIRM |
| exponentcms -- exponent_cms | An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects source_selector.php and the following parameter: src. | 2017-02-06 | 7.5 | CVE-2017-5879 BID MISC |
| google -- android | Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets. | 2017-02-07 | 7.2 | CVE-2014-9914 CONFIRM CONFIRM CONFIRM BID CONFIRM |
| google -- android | The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call. | 2017-02-07 | 7.2 | CVE-2016-10044 CONFIRM CONFIRM CONFIRM BID CONFIRM |
| google -- android | A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Product: Android. Versions: N/A. Android ID: A-32652894. References: QC-CR#1077457. | 2017-02-08 | 10.0 | CVE-2016-8418 BID CONFIRM |
| google -- android | A remote code execution vulnerability in Surfaceflinger could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Surfaceflinger process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-31960359. | 2017-02-08 | 9.3 | CVE-2017-0405 BID CONFIRM |
| google -- android | A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32915871. | 2017-02-08 | 9.3 | CVE-2017-0406 BID CONFIRM |
| google -- android | A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32873375. | 2017-02-08 | 9.3 | CVE-2017-0407 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31929765. | 2017-02-08 | 9.3 | CVE-2017-0410 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33042690. | 2017-02-08 | 9.3 | CVE-2017-0411 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33039926. | 2017-02-08 | 9.3 | CVE-2017-0412 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32706020. | 2017-02-08 | 9.3 | CVE-2017-0415 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32886609. | 2017-02-08 | 9.3 | CVE-2017-0416 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32705438. | 2017-02-08 | 9.3 | CVE-2017-0417 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32703959. | 2017-02-08 | 9.3 | CVE-2017-0418 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32220769. | 2017-02-08 | 9.3 | CVE-2017-0419 BID CONFIRM |
| google -- android | A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322088. | 2017-02-08 | 7.8 | CVE-2017-0422 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33001936. | 2017-02-08 | 7.6 | CVE-2017-0434 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32769717. | 2017-02-08 | 7.6 | CVE-2017-0445 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32917445. | 2017-02-08 | 7.6 | CVE-2017-0446 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32919560. | 2017-02-08 | 7.6 | CVE-2017-0447 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it is mitigated by current platform configurations. Product: Android. Versions: N/A. Android ID: A-32917432. | 2017-02-08 | 9.3 | CVE-2017-0450 BID CONFIRM |
| graphicsmagick -- graphicsmagick | Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317. | 2017-02-06 | 7.5 | CVE-2016-7446 SUSE SUSE MLIST BID CONFIRM |
| graphicsmagick -- graphicsmagick | Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors. | 2017-02-06 | 7.5 | CVE-2016-7447 SUSE SUSE MLIST BID CONFIRM |
| graphicsmagick -- graphicsmagick | The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size. | 2017-02-06 | 7.8 | CVE-2016-7448 SUSE SUSE MLIST BID CONFIRM |
| libwebp_project -- libwebp | Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors. | 2017-02-03 | 7.5 | CVE-2016-9085 MLIST BID CONFIRM CONFIRM FEDORA FEDORA FEDORA GENTOO |
| linux -- linux_kernel | Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device. | 2017-02-06 | 10.0 | CVE-2016-10150 CONFIRM CONFIRM MLIST BID CONFIRM CONFIRM |
| linux -- linux_kernel | The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging reliance on earlier net/ceph/crypto.c code. | 2017-02-06 | 7.2 | CVE-2016-10153 CONFIRM CONFIRM MLIST BID CONFIRM CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32454494. References: QC-CR#1087209. | 2017-02-08 | 7.6 | CVE-2016-8419 BID CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451171. References: QC-CR#1087807. | 2017-02-08 | 7.6 | CVE-2016-8420 BID CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451104. References: QC-CR#1087797. | 2017-02-08 | 7.6 | CVE-2016-8421 BID CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32879283. References: QC-CR#1091940. | 2017-02-08 | 7.6 | CVE-2016-8476 BID CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31804432. References: QC-CR#1086186. | 2017-02-08 | 7.6 | CVE-2016-8480 BID CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906415. References: QC-CR#1078000. | 2017-02-08 | 7.6 | CVE-2016-8481 BID CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495866. | 2017-02-08 | 9.3 | CVE-2017-0427 BID CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32401526. References: N-CVE-2017-0428. | 2017-02-08 | 9.3 | CVE-2017-0428 BID CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32636619. References: N-CVE-2017-0429. | 2017-02-08 | 9.3 | CVE-2017-0429 BID CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32838767. References: B-RB#107459. | 2017-02-08 | 9.3 | CVE-2017-0430 BID CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-28332719. | 2017-02-08 | 7.6 | CVE-2017-0432 BID CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31913571. | 2017-02-08 | 7.6 | CVE-2017-0433 BID CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906657. References: QC-CR#1078000. | 2017-02-08 | 7.6 | CVE-2017-0435 BID CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32624661. References: QC-CR#1078000. | 2017-02-08 | 7.6 | CVE-2017-0436 BID CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402310. References: QC-CR#1092497. | 2017-02-08 | 7.6 | CVE-2017-0437 BID CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402604. References: QC-CR#1092497. | 2017-02-08 | 7.6 | CVE-2017-0438 BID CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32450647. References: QC-CR#1092059. | 2017-02-08 | 7.6 | CVE-2017-0439 BID CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33252788. References: QC-CR#1095770. | 2017-02-08 | 7.6 | CVE-2017-0440 BID CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32872662. References: QC-CR#1095009. | 2017-02-08 | 7.6 | CVE-2017-0441 BID CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32871330. References: QC-CR#1092497. | 2017-02-08 | 7.6 | CVE-2017-0442 BID CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32877494. References: QC-CR#1092497. | 2017-02-08 | 7.6 | CVE-2017-0443 BID CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Realtek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32705232. | 2017-02-08 | 7.6 | CVE-2017-0444 BID CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10. Android ID: A-31707909. References: B-RB#32094. | 2017-02-08 | 7.6 | CVE-2017-0449 BID CONFIRM |
| linux -- linux_kernel | The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possibly have unspecified other impact in opportunistic circumstances by leveraging the selection of a large value for a random number. | 2017-02-06 | 7.2 | CVE-2017-5546 CONFIRM CONFIRM MLIST BID CONFIRM CONFIRM |
| linux -- linux_kernel | drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. | 2017-02-06 | 7.2 | CVE-2017-5547 CONFIRM CONFIRM MLIST BID CONFIRM CONFIRM |
| linux -- linux_kernel | drivers/net/ieee802154/atusb.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. | 2017-02-06 | 7.2 | CVE-2017-5548 CONFIRM CONFIRM MLIST BID CONFIRM CONFIRM |
| linux -- linux_kernel | Integer overflow in the vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted size value in a VC4_SUBMIT_CL ioctl call. | 2017-02-06 | 7.2 | CVE-2017-5576 CONFIRM CONFIRM MLIST BID CONFIRM CONFIRM MLIST |
| msweet -- mini-xml | The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. | 2017-02-03 | 7.1 | CVE-2016-4570 MLIST MLIST BID CONFIRM |
| msweet -- mini-xml | The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. | 2017-02-03 | 7.1 | CVE-2016-4571 MLIST MLIST BID CONFIRM |
| saltstack -- salt | Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. | 2017-02-07 | 7.5 | CVE-2016-9639 MLIST MLIST BID CONFIRM |
| sendquick -- avera_sms_gateway_firmware | An issue was discovered on SendQuick Entera and Avera devices before 2HF16. Multiple Command Injection vulnerabilities allow attackers to execute arbitrary system commands. | 2017-02-05 | 7.5 | CVE-2016-10098 BID MISC |
| sendquick -- avera_sms_gateway_firmware | An issue was discovered on SendQuick Entera and Avera devices before 2HF16. The application failed to check the access control of the request which could result in an attacker being able to shutdown the system. | 2017-02-05 | 7.8 | CVE-2017-5136 BID MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cairographics -- cairo | Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file. | 2017-02-03 | 4.3 | CVE-2016-9082 MLIST BID CONFIRM CONFIRM CONFIRM |
| cisco -- firepower_management_center | A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base. More Information: CSCvb95281. Known Affected Releases: 6.1.0 6.2.0. Known Fixed Releases: 6.1.0.1 6.2.0. | 2017-02-03 | 5.0 | CVE-2017-3809 BID CONFIRM |
| cisco -- firepower_management_center | A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass. More Information: CSCvb93980. Known Affected Releases: 5.3.0 5.4.0 6.0.0 6.0.1 6.1.0. | 2017-02-03 | 5.0 | CVE-2017-3814 BID CONFIRM |
| cisco -- prime_service_catalog | A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a web URL redirect attack against a user who is logged in to an affected system. More Information: CSCvb21745. Known Affected Releases: 10.0_R2_tanggula. | 2017-02-03 | 4.9 | CVE-2017-3810 BID CONFIRM |
| debian -- debian_linux | The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. | 2017-02-03 | 5.8 | CVE-2016-10165 SUSE DEBIAN MLIST MLIST BID CONFIRM |
| debian -- debian_linux | Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file. | 2017-02-06 | 4.3 | CVE-2016-9532 CONFIRM DEBIAN MLIST MLIST MLIST BID CONFIRM GENTOO |
| dotcms -- dotcms | XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /news-events/events date parameter. | 2017-02-06 | 4.3 | CVE-2017-5876 BID MISC |
| dotcms -- dotcms | XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /about-us/locations/index direction parameter. | 2017-02-06 | 4.3 | CVE-2017-5877 BID MISC |
| fedoraproject -- fedora | Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file. | 2017-02-03 | 4.3 | CVE-2016-4796 MLIST CONFIRM CONFIRM CONFIRM FEDORA FEDORA FEDORA FEDORA |
| fedoraproject -- fedora | Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947. | 2017-02-03 | 4.3 | CVE-2016-4797 MLIST CONFIRM CONFIRM MISC FEDORA FEDORA FEDORA FEDORA |
| fedoraproject -- fedora | The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. | 2017-02-03 | 4.3 | CVE-2016-8568 SUSE SUSE SUSE SUSE MLIST BID CONFIRM CONFIRM CONFIRM FEDORA FEDORA FEDORA |
| fedoraproject -- fedora | The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. | 2017-02-03 | 4.3 | CVE-2016-8569 SUSE SUSE SUSE SUSE MLIST BID CONFIRM CONFIRM CONFIRM FEDORA FEDORA FEDORA |
| fedoraproject -- fedora | Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression. | 2017-02-03 | 5.0 | CVE-2016-9108 MLIST BID CONFIRM FEDORA FEDORA FEDORA |
| gnome -- librsvg | The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file. | 2017-02-03 | 4.3 | CVE-2016-6163 MLIST MLIST CONFIRM |
| gnu -- libiberty | The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types. | 2017-02-07 | 5.0 | CVE-2016-6131 MLIST MLIST BID CONFIRM MLIST |
| google -- android | A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 7.1.1. Android ID: A-32769670. | 2017-02-08 | 6.8 | CVE-2017-0408 BID CONFIRM |
| google -- android | A remote code execution vulnerability in libstagefright could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31999646. | 2017-02-08 | 6.8 | CVE-2017-0409 BID CONFIRM |
| google -- android | An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32161610. | 2017-02-08 | 4.3 | CVE-2017-0413 BID CONFIRM |
| google -- android | An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32807795. | 2017-02-08 | 4.3 | CVE-2017-0414 BID CONFIRM |
| google -- android | An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32615212. | 2017-02-08 | 4.3 | CVE-2017-0420 BID CONFIRM |
| google -- android | An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32555637. | 2017-02-08 | 4.3 | CVE-2017-0421 BID CONFIRM |
| google -- android | An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it is a general bypass for a user level defense in depth or exploit mitigation technology in a privileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322450. | 2017-02-08 | 4.3 | CVE-2017-0424 BID CONFIRM |
| google -- android | An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32720785. | 2017-02-08 | 4.3 | CVE-2017-0425 BID CONFIRM |
| google -- android | An information disclosure vulnerability in the Filesystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32799236. | 2017-02-08 | 4.3 | CVE-2017-0426 BID CONFIRM |
| graphicsmagick -- graphicsmagick | The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string. | 2017-02-06 | 5.0 | CVE-2016-7449 SUSE SUSE MLIST BID CONFIRM |
| graphicsmagick -- graphicsmagick | Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow. | 2017-02-06 | 5.0 | CVE-2016-7800 SUSE SUSE DEBIAN MLIST BID CONFIRM CONFIRM |
| ibm -- connections | IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses. | 2017-02-08 | 4.0 | CVE-2016-0307 CONFIRM BID |
| ibm -- connections | IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images. | 2017-02-08 | 4.0 | CVE-2016-0308 CONFIRM BID |
| ibm -- security_key_lifecycle_manager | IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data. | 2017-02-07 | 4.0 | CVE-2016-6094 CONFIRM BID |
| ibm -- security_key_lifecycle_manager | IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2017-02-07 | 4.3 | CVE-2016-6096 CONFIRM BID |
| libavformat_project -- libavformat | Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer allows remote attackers to cause a denial of service (crash) via large dimensions in a gif file. | 2017-02-03 | 4.3 | CVE-2016-4352 MLIST CONFIRM |
| libavformat_project -- libavformat | The avcodec_decode_audio4 function in libavcodec in libavformat 57.34.103, as used in MPlayer, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file. | 2017-02-03 | 4.3 | CVE-2016-5115 MLIST CONFIRM |
| libtiff -- libtiff | Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file. | 2017-02-06 | 4.3 | CVE-2016-5102 CONFIRM BID CONFIRM GENTOO |
| linux -- linux_kernel | include/linux/init_task.h in the Linux kernel before 2.6.35 does not prevent signals with a process group ID of zero from reaching the swapper process, which allows local users to cause a denial of service (system crash) by leveraging access to this process group. | 2017-02-06 | 4.9 | CVE-2010-5328 CONFIRM CONFIRM CONFIRM CONFIRM MLIST CONFIRM CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a scatterlist. | 2017-02-06 | 4.9 | CVE-2016-10154 CONFIRM CONFIRM MLIST BID CONFIRM CONFIRM |
| linux -- linux_kernel | The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image. | 2017-02-06 | 4.9 | CVE-2016-10208 CONFIRM FULLDISC MLIST BID CONFIRM CONFIRM |
| linux -- linux_kernel | An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-32721029. References: N-CVE-2017-0448. | 2017-02-08 | 4.3 | CVE-2017-0448 BID CONFIRM |
| linux -- linux_kernel | The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application. | 2017-02-06 | 4.6 | CVE-2017-2583 CONFIRM CONFIRM MLIST BID CONFIRM CONFIRM |
| linux -- linux_kernel | The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references. | 2017-02-06 | 4.9 | CVE-2017-2596 MLIST BID CONFIRM |
| linux -- linux_kernel | The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) via inconsistent size values in a VC4_SUBMIT_CL ioctl call. | 2017-02-06 | 4.9 | CVE-2017-5577 CONFIRM CONFIRM MLIST BID CONFIRM CONFIRM MLIST |
| netapp -- snap_creator_framework | Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. | 2017-02-07 | 6.8 | CVE-2016-5372 CONFIRM |
| openafs -- openafs | OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses. | 2017-02-06 | 5.0 | CVE-2016-9772 MLIST BID CONFIRM |
| openjpeg -- openjpeg | The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file. | 2017-02-03 | 4.3 | CVE-2016-3183 MLIST CONFIRM CONFIRM CONFIRM FEDORA FEDORA FEDORA FEDORA GENTOO |
| opensuse_project -- opensuse | magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file. | 2017-02-03 | 4.3 | CVE-2016-5241 SUSE SUSE CONFIRM MLIST MLIST BID CONFIRM |
| plone -- plone | Cross-site scripting (XSS) vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the obj_ids:tokens parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7140. | 2017-02-04 | 4.3 | CVE-2016-7147 BID MISC MISC MISC |
| sanadata -- sanacms | Cross-site scripting (XSS) vulnerability in index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 2017-02-04 | 4.3 | CVE-2017-5882 BID MISC |
| sendquick -- avera_sms_gateway_firmware | An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective. | 2017-02-05 | 5.0 | CVE-2017-5137 BID MISC |
| sogo -- sogo | Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to upload a large attachment, related to temporary files. | 2017-02-03 | 6.8 | CVE-2016-6188 MLIST BID CONFIRM CONFIRM |
| suse -- linux_enterprise_debuginfo | Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c. | 2017-02-03 | 4.3 | CVE-2016-2317 SUSE SUSE SUSE DEBIAN MLIST MLIST MLIST MLIST MLIST MLIST BID CONFIRM |
| suse -- linux_enterprise_debuginfo | GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c. | 2017-02-03 | 4.3 | CVE-2016-2318 SUSE SUSE SUSE DEBIAN MLIST MLIST MLIST MLIST MLIST BID CONFIRM |
| zoneminder -- zoneminder | Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample parameters could include action=login&view=postlogin[XSS] view=console[XSS] view=groups[XSS] view=events&filter[terms][1][cnj]=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=[XSS]and view=events&limit=1%22%3E%3C/a%3E[XSS] (among others). | 2017-02-06 | 4.3 | CVE-2017-5367 MISC MISC BID |
| zoneminder -- zoneminder | ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and automatically create a new admin user within the web application for remote persistence and further attacks. The URL is /zm/index.php and sample parameters could include action=user uid=0 newUser[Username]=attacker1 newUser[Password]=Password1234 conf_password=Password1234 newUser[System]=Edit (among others). | 2017-02-06 | 6.8 | CVE-2017-5368 MISC MISC BID |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| dotcms -- dotcms | XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter. | 2017-02-06 | 3.5 | CVE-2017-5875 BID MISC |
| freebsd -- freebsd | bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readable permissions on the snmpd.config file, which allows local users to obtain the secret key for USM authentication by reading the file. | 2017-02-07 | 2.1 | CVE-2015-5677 CONFIRM FREEBSD |
| google -- android | An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability in the Bluetooth stack. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32612586. | 2017-02-08 | 2.9 | CVE-2017-0423 BID CONFIRM |
| ibm -- connections | IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | 2017-02-08 | 3.5 | CVE-2016-0305 CONFIRM BID |
| ibm -- connections | IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. | 2017-02-08 | 3.5 | CVE-2016-0310 CONFIRM BID |
| ibm -- security_key_lifecycle_manager | IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user. | 2017-02-07 | 2.1 | CVE-2016-6092 CONFIRM |
| ibm -- security_key_lifecycle_manager | IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system. | 2017-02-07 | 2.1 | CVE-2016-6097 CONFIRM BID |
| linux -- linux_kernel | An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31704078. References: QC-CR#1076407. | 2017-02-08 | 2.6 | CVE-2016-8414 BID CONFIRM |
| linux -- linux_kernel | An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796345. References: QC-CR#1073129. | 2017-02-08 | 2.6 | CVE-2017-0451 BID CONFIRM |
| linux -- linux_kernel | The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log. | 2017-02-06 | 2.1 | CVE-2017-5549 CONFIRM CONFIRM MLIST BID CONFIRM CONFIRM |
| linux -- linux_kernel | Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision. | 2017-02-06 | 2.1 | CVE-2017-5550 CONFIRM CONFIRM MLIST BID CONFIRM CONFIRM |
| linux -- linux_kernel | The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097. | 2017-02-06 | 3.6 | CVE-2017-5551 CONFIRM CONFIRM MLIST BID CONFIRM CONFIRM |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| atutor -- atutor | Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file. | 2017-02-07 | not yet calculated | CVE-2016-2539 CONFIRM MISC |
| busybox -- busybox | Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing. | 2017-02-09 | not yet calculated | CVE-2016-2148 MLIST CONFIRM CONFIRM |
| busybox -- busybox | Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write. | 2017-02-09 | not yet calculated | CVE-2016-2147 MLIST CONFIRM CONFIRM |
| cisco -- anyconnect_secure_mobility_client_software | A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient implementation of the access controls. An attacker could exploit this vulnerability by opening the Internet Explorer browser. An exploit could allow the attacker to use Internet Explorer with the privileges of the SYSTEM user. This may allow the attacker to execute privileged commands on the targeted system. This vulnerability affects versions prior to released versions 4.4.00243 and later and 4.3.05017 and later. Cisco Bug IDs: CSCvc43976. | 2017-02-09 | not yet calculated | CVE-2017-3813 CONFIRM |
| cisco -- asa_software | A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 9.0-9.6, could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by sending a crafted URL to the affected system. An exploit could allow the remote attacker to cause a reload of the affected system or potentially execute code. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 or IPv6 traffic. A valid TCP connection is needed to perform the attack. The attacker needs to have valid credentials to log in to the Clientless SSL VPN portal. Vulnerable Cisco ASA Software running on the following products may be affected by this vulnerability: Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco ASA for Firepower 9300 Series, Cisco ASA for Firepower 4100 Series. Cisco Bug IDs: CSCvc23838. | 2017-02-09 | not yet calculated | CVE-2017-3807 CONFIRM |
| citrix -- netscaler | Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 does not properly generate GCM nonces, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270. | 2017-02-08 | not yet calculated | CVE-2017-5933 MISC CONFIRM |
| dhcpcd -- dhcpcd | dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length. | 2017-02-07 | not yet calculated | CVE-2016-1504 CONFIRM CONFIRM MLIST MLIST |
| dotclear -- dotclear | Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment. | 2017-02-09 | not yet calculated | CVE-2015-8831 CONFIRM MISC FULLDISC MLIST MLIST MISC CONFIRM |
| dotclear -- dotclear | Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries and comments" permissions to execute arbitrary PHP code by uploading a file with a (1) .pht, (2) .phps, or (3) .phtml extension. | 2017-02-09 | not yet calculated | CVE-2015-8832 CONFIRM MISC FULLDISC MLIST MLIST MISC CONFIRM |
| emc -- data_domain_os | EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10 has a command injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 2017-02-03 | not yet calculated | CVE-2016-8216 CONFIRM BID SECTRACK |
| emc -- data_protection_advisor | EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system. | 2017-02-03 | not yet calculated | CVE-2016-8211 CONFIRM BID SECTRACK |
| emc -- isilon_insightiq | EMC Isilon InsightIQ 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.1, 3.0.0 is affected by an authentication bypass vulnerability that could potentially be exploited by attackers to compromise the affected system. | 2017-02-08 | not yet calculated | CVE-2017-2765 CONFIRM BID |
| emc -- recoverpoint | EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissions set on a sensitive system file. A malicious administrator with configuration privileges may access this sensitive system file and compromise the affected system. | 2017-02-03 | not yet calculated | CVE-2016-6648 CONFIRM BID SECTRACK |
| emc -- recoverpoint | EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by multiple command injection vulnerabilities where a malicious administrator with configuration privileges may bypass the user interface and escalate his privileges to root. | 2017-02-03 | not yet calculated | CVE-2016-6649 CONFIRM BID SECTRACK |
| emc -- rsa_web_threat_detection | EMC RSA Web Threat Detection version 5.0, RSA Web Threat Detection version 5.1, RSA Web Threat Detection version 5.1.2 has a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 2017-02-03 | not yet calculated | CVE-2016-0919 CONFIRM BID SECTRACK |
| emoncms -- emoncms | An issue was discovered in Emoncms through 9.8.0. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "emoncms-master/Modules/vis/visualisations/compare.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-02-11 | not yet calculated | CVE-2017-5964 MISC |
| f5 -- big-ip | A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well. | 2017-02-09 | not yet calculated | CVE-2016-9244 SECTRACK CONFIRM |
| fastspot -- bigtree_cms | An issue was discovered in Fastspot BigTree bigtree-form-builder before 1.2. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP POST parameters passed to a "site/http://ift.tt/2kPdBdv; URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-02-10 | not yet calculated | CVE-2016-10215 MISC |
| ffmpeg -- ffmpeg | Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size. | 2017-02-09 | not yet calculated | CVE-2016-10192 MLIST MLIST BID CONFIRM CONFIRM |
| ffmpeg -- libavformat | Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches. | 2017-02-09 | not yet calculated | CVE-2016-10191 MLIST MLIST BID CONFIRM CONFIRM |
| ffmpeg -- libavformat | Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response. | 2017-02-09 | not yet calculated | CVE-2016-10190 MLIST MLIST BID CONFIRM CONFIRM CONFIRM |
| firejail -- firejail | Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. | 2017-02-09 | not yet calculated | CVE-2017-5180 MISC BID MISC |
| firejail -- firejail | Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180. | 2017-02-09 | not yet calculated | CVE-2017-5940 MISC MISC MISC MISC MISC |
| fortinet -- fortinet_fortiwlc | The implementation of an ANSI X9.31 RNG in Fortinet FortiWLC allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption. | 2017-02-08 | not yet calculated | CVE-2016-8492 BID CONFIRM |
| gettext -- gettext | Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header. | 2017-02-07 | not yet calculated | CVE-2016-6175 CONFIRM CONFIRM MISC |
| gnu -- gnu_coreutils | chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. | 2017-02-07 | not yet calculated | CVE-2016-2781 MLIST MLIST |
| gradle -- gradle | ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object. | 2017-02-07 | not yet calculated | CVE-2016-6199 MISC MISC |
| gstreamer -- gstreamer | The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags. | 2017-02-09 | not yet calculated | CVE-2017-5841 MLIST MLIST BID CONFIRM CONFIRM |
| gstreamer -- gstreamer | The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi. | 2017-02-09 | not yet calculated | CVE-2017-5842 MLIST MLIST BID CONFIRM CONFIRM |
| gstreamer -- gstreamer | The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index. | 2017-02-09 | not yet calculated | CVE-2017-5840 MLIST MLIST BID CONFIRM CONFIRM |
| gstreamer -- gstreamer | The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX. | 2017-02-09 | not yet calculated | CVE-2017-5839 MLIST MLIST BID CONFIRM CONFIRM |
| gstreamer -- gstreamer | The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file. | 2017-02-09 | not yet calculated | CVE-2017-5837 MLIST MLIST BID CONFIRM CONFIRM |
| gstreamer -- gstreamer | The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string. | 2017-02-09 | not yet calculated | CVE-2017-5838 MLIST MLIST BID CONFIRM CONFIRM |
| gstreamer -- gstreamer | The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file. | 2017-02-09 | not yet calculated | CVE-2017-5844 MLIST MLIST BID CONFIRM CONFIRM |
| gstreamer -- gstreamer | Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf. | 2017-02-09 | not yet calculated | CVE-2017-5843 MLIST MLIST BID CONFIRM CONFIRM |
| gstreamer -- gstreamer | The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors. | 2017-02-09 | not yet calculated | CVE-2017-5847 MLIST MLIST BID CONFIRM CONFIRM |
| gstreamer -- gstreamer | The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing. | 2017-02-09 | not yet calculated | CVE-2017-5848 MLIST MLIST BID CONFIRM |
| gstreamer -- gstreamer | The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value. | 2017-02-09 | not yet calculated | CVE-2016-10199 MLIST MLIST BID CONFIRM CONFIRM |
| gstreamer -- gstreamer | The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file. | 2017-02-09 | not yet calculated | CVE-2017-5846 MLIST MLIST BID CONFIRM CONFIRM |
| gstreamer -- gstreamer | The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that "goes behind" the surrounding tag. | 2017-02-09 | not yet calculated | CVE-2017-5845 MLIST MLIST BID CONFIRM CONFIRM |
| gstreamer -- gstreamer | The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file. | 2017-02-09 | not yet calculated | CVE-2016-10198 MLIST MLIST BID CONFIRM CONFIRM |
| ibm -- cloud_orchestrator | A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to. | 2017-02-08 | not yet calculated | CVE-2016-0203 CONFIRM BID |
| ibm -- cloud_orchestrator | A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain. | 2017-02-08 | not yet calculated | CVE-2016-0202 CONFIRM BID |
| ibm -- cloud_orchestrator | A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain. | 2017-02-08 | not yet calculated | CVE-2015-7494 CONFIRM BID |
| ibm -- cloud_orchestrator | IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL. | 2017-02-08 | not yet calculated | CVE-2016-0206 CONFIRM BID |
| ibm -- dashdb | IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database. | 2017-02-08 | not yet calculated | CVE-2016-8954 CONFIRM BID |
| ibm -- domino | IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue. | 2017-02-08 | not yet calculated | CVE-2016-0270 CONFIRM CONFIRM CONFIRM BID MISC |
| ibm -- infosphere_information_server | IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information. | 2017-02-08 | not yet calculated | CVE-2015-7493 CONFIRM BID |
| ibm -- jazz | An unspecified vulnerability in IBM Jazz Team Server may disclose some deployment information to an authenticated user. | 2017-02-08 | not yet calculated | CVE-2016-2866 CONFIRM |
| ibm -- maximo | IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2017-02-08 | not yet calculated | CVE-2016-5902 CONFIRM BID |
| ibm -- rational_doors | IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2017-02-08 | not yet calculated | CVE-2017-1127 CONFIRM BID |
| ibm -- rational_doors | IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2017-02-08 | not yet calculated | CVE-2017-1128 CONFIRM BID |
| ibm -- rational_doors | IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system. | 2017-02-08 | not yet calculated | CVE-2016-9748 CONFIRM BID |
| ibm -- rational_team_concert | IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2017-02-08 | not yet calculated | CVE-2016-6032 CONFIRM |
| ibm -- security_access_manager | IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content. | 2017-02-07 | not yet calculated | CVE-2016-3020 CONFIRM |
| ibm -- security_access_manager | The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access. | 2017-02-08 | not yet calculated | CVE-2015-5013 CONFIRM BID |
| ibm -- security_directory_server | IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash. | 2017-02-08 | not yet calculated | CVE-2015-1976 CONFIRM BID |
| ibm -- sterling_b2b_integrator | IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to a vulnerable server running to cause the server to disclose sensitive information in the HTTP response. | 2017-02-08 | not yet calculated | CVE-2016-0210 CONFIRM BID |
| ibm -- system_storage | IBM System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to the company network, to change a user's password and gain remote access to the system. | 2017-02-08 | not yet calculated | CVE-2016-9005 CONFIRM BID |
| ibm -- tealeaf_customer_experience | IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the TLS certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | 2017-02-08 | not yet calculated | CVE-2016-5900 CONFIRM |
| ibm -- tivoli | IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivoli Storage Manager password in application trace output if the password access option is prompt and the password is changed. | 2017-02-08 | not yet calculated | CVE-2016-5918 CONFIRM BID |
| ibm -- tivoli | IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick an unsuspecting victim to execute the file. | 2017-02-08 | not yet calculated | CVE-2016-0214 CONFIRM BID |
| ibm -- tivoli | IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim's path, an attacker could exploit this vulnerability when the installer is executed to run arbitrary code on the system with privileges of the victim. | 2017-02-08 | not yet calculated | CVE-2016-5934 CONFIRM BID |
| ibm -- tivoli | IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system. | 2017-02-07 | not yet calculated | CVE-2016-6104 CONFIRM BID |
| ibm -- websphere | IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator privileges to obtain sensitive information. | 2017-02-08 | not yet calculated | CVE-2015-7418 CONFIRM BID |
| it_items_database -- it_items_database | An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The vulnerability exists due to insufficient filtration of user-supplied data in the "value" HTTP POST parameter passed to the "itdb-1.23/js/DataTables-1.8.2/examples/examples_support/editable_ajax.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-02-10 | not yet calculated | CVE-2016-10216 MISC |
| jenkins -- jenkins | Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields. | 2017-02-09 | not yet calculated | CVE-2016-4987 CONFIRM |
| jenkins -- jenkins | Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. | 2017-02-09 | not yet calculated | CVE-2016-4988 CONFIRM |
| jenkins -- jenkins | The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations. | 2017-02-09 | not yet calculated | CVE-2016-3102 CONFIRM |
| jenkins -- jenkins | Directory traversal vulnerability in the TAP plugin before 1.25 in Jenkins allows remote attackers to read arbitrary files via an unspecified parameter. | 2017-02-09 | not yet calculated | CVE-2016-4986 CONFIRM |
| jenkins -- jenkins | Cross-site scripting (XSS) vulnerability in the Extra Columns plugin before 1.17 in Jenkins allows remote attackers to inject arbitrary web script or HTML by leveraging failure to filter tool tips through the configured markup formatter. | 2017-02-09 | not yet calculated | CVE-2016-3101 CONFIRM |
| knot_dns -- knot_dns | Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR. | 2017-02-09 | not yet calculated | CVE-2016-6171 MLIST MLIST BID MISC CONFIRM CONFIRM MLIST |
| libtorrent -- libtorrent | The construct function in puff.cpp in Libtorrent 1.1.0 allows remote torrent trackers to cause a denial of service (segmentation fault and crash) via a crafted GZIP response. | 2017-02-07 | not yet calculated | CVE-2016-7164 MLIST MLIST BID CONFIRM CONFIRM |
| linux -- runuser | runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. | 2017-02-07 | not yet calculated | CVE-2016-2779 MLIST MLIST MISC |
| moodle -- moodle | An issue was discovered in the PoodLL Filter plugin through 3.0.20 for Moodle. The vulnerability exists due to insufficient filtration of user-supplied data in the "poodll_audio_url" HTTP GET parameter passed to the "filter_poodll_moodle32_2016112802/poodll/mp3recorderskins/brazil/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-02-10 | not yet calculated | CVE-2017-5945 MISC |
| netapp -- oncommand_system_manager | NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors. | 2017-02-07 | not yet calculated | CVE-2015-8322 CONFIRM |
| netapp -- oncommand_system_manager | Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors. | 2017-02-07 | not yet calculated | CVE-2016-3063 CONFIRM |
| netapp -- oncommand_unified_manager | NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors. | 2017-02-07 | not yet calculated | CVE-2016-6667 CONFIRM |
| netapp -- oncommand_workflow | NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors. | 2017-02-07 | not yet calculated | CVE-2016-1894 CONFIRM |
| netapp -- ontap | NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors. | 2017-02-07 | not yet calculated | CVE-2016-4341 CONFIRM |
| netapp -- ontap | NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access. | 2017-02-07 | not yet calculated | CVE-2016-6495 CONFIRM |
| netapp -- snap_center_server | NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors. | 2017-02-07 | not yet calculated | CVE-2016-1502 CONFIRM |
| netapp -- snapdrive | NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors. | 2017-02-07 | not yet calculated | CVE-2015-8544 CONFIRM |
| netapp -- virtual_storage_console | NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors. | 2017-02-07 | not yet calculated | CVE-2016-5711 CONFIRM |
| netcomm_wireless -- hspa_router | ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands. | 2017-02-09 | not yet calculated | CVE-2015-6023 MISC FULLDISC FULLDISC BUGTRAQ BUGTRAQ EXPLOIT-DB |
| netcomm_wireless -- hspa_router | ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the DIA_IPADDRESS parameter. | 2017-02-09 | not yet calculated | CVE-2015-6024 MISC FULLDISC FULLDISC BUGTRAQ BUGTRAQ EXPLOIT-DB |
| nitro_pro -- nitro_pro | A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this vulnerability. | 2017-02-10 | not yet calculated | CVE-2016-8711 MISC |
| nitro_pro -- nitro_pro | A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability. | 2017-02-10 | not yet calculated | CVE-2016-8713 MISC |
| nitro_pro -- nitro_pro | A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability. | 2017-02-10 | not yet calculated | CVE-2016-8709 MISC |
| nlnet_labs -- nsd | NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data. | 2017-02-09 | not yet calculated | CVE-2016-6173 CONFIRM MLIST MLIST BID MISC MLIST MLIST CONFIRM |
| oracle -- java | An issue was discovered in the serialize-to-js package 0.5.0 for Node.js. Untrusted data passed into the deserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE). | 2017-02-10 | not yet calculated | CVE-2017-5954 MISC MISC |
| oracle -- java | An issue was discovered in ionize through 1.0.8. The vulnerability exists due to insufficient filtration of user-supplied data in the "path" HTTP GET parameter passed to the "ionize-master/themes/admin/javascript/tinymce/jscripts/tiny_mce/plugins/codemirror/dialog.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-02-11 | not yet calculated | CVE-2017-5961 MISC |
| oracle -- java | An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE). | 2017-02-09 | not yet calculated | CVE-2017-5941 MISC MISC |
| oracle -- mysql | Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3. | 2017-02-11 | not yet calculated | CVE-2017-3302 MISC |
| pear_project -- pear_html_ajax | PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression. | 2017-02-06 | not yet calculated | CVE-2017-5677 MISC MISC MISC BID MISC MISC |
| perl -- perl | The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument. | 2017-02-07 | not yet calculated | CVE-2015-8608 MISC CONFIRM |
| phalcon_eye -- phalcon_eye | An issue was discovered in Phalcon Eye through 0.4.1. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "phalconeye-master/public/external/pydio/plugins/editor.webodf/frame.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-02-11 | not yet calculated | CVE-2017-5960 MISC |
| puppet -- puppet_communications_protocol | The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2. | 2017-02-08 | not yet calculated | CVE-2016-9686 CONFIRM |
| radware -- radware | A10 AX1030 and possibly other devices with software before 2.7.2-P8 uses random GCM nonce generations, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270. | 2017-02-08 | not yet calculated | CVE-2016-10213 MISC CONFIRM |
| radware -- radware | Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a "forbidden attack," a similar issue to CVE-2016-0270. NOTE: this issue may be due to the use of a third-party Cavium product. | 2017-02-08 | not yet calculated | CVE-2016-10212 MISC CONFIRM |
| simple_machines -- simple_machines_forum | Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter. | 2017-02-09 | not yet calculated | CVE-2016-5726 MLIST MLIST |
| simple_machines -- simple_machines_forum | LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop. | 2017-02-09 | not yet calculated | CVE-2016-5727 MLIST MLIST CONFIRM CONFIRM |
| squid -- squidguard | Cross-site scripting (XSS) vulnerability in squidGuard.cgi in squidGuard before 1.5 allows remote attackers to inject arbitrary web script or HTML via a blocked site link. | 2017-02-09 | not yet calculated | CVE-2015-8936 MLIST MLIST BID CONFIRM CONFIRM |
| symfony -- symfony | Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. | 2017-02-07 | not yet calculated | CVE-2016-2403 CONFIRM BID |
| tor_project -- torbrowser-launcher | Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signature. | 2017-02-07 | not yet calculated | CVE-2016-3180 BID CONFIRM |
| typo3 -- typo3 | An issue was discovered in caddy (for TYPO3) before 7.2.10. The vulnerability exists due to insufficient filtration of user-supplied data in the "paymillToken" HTTP POST parameter passed to the "caddy/Resources/Public/JavaScript/e-payment/paymill/api/php/payment.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-02-11 | not yet calculated | CVE-2017-5963 MISC |
| typo3 -- typo3 | An issue was discovered in contexts_wurfl (for TYPO3) before 0.4.2. The vulnerability exists due to insufficient filtration of user-supplied data in the "force_ua" HTTP GET parameter passed to the "/contexts_wurfl/Library/wurfl-dbapi-1.4.4.0/check_wurfl.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-02-11 | not yet calculated | CVE-2017-5962 MISC |
| unninett -- simplesamlphp | The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors. | 2017-02-07 | not yet calculated | CVE-2016-3124 BID CONFIRM |
| vim -- vim | vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. | 2017-02-10 | not yet calculated | CVE-2017-5953 CONFIRM CONFIRM |
| webui -- webui | Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme. | 2017-02-09 | not yet calculated | CVE-2016-8494 CONFIRM |
| wind_river -- vxworks | Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a username and password. | 2017-02-07 | not yet calculated | CVE-2015-7599 CONFIRM BID CONFIRM MISC |
| windows -- windows_os | The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog. | 2017-02-09 | not yet calculated | CVE-2017-5634 MISC MISC MISC |
| wordpress -- wordpress | An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail. | 2017-02-10 | not yet calculated | CVE-2017-5942 MISC |
| xmpp -- xmpp | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Jitsi 2.5.5061 - 2.9.5544. | 2017-02-09 | not yet calculated | CVE-2017-5603 MISC MISC MISC MISC |
| xmpp -- xmpp | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Psi+ (0.16.563.580 - 0.16.571.627). | 2017-02-09 | not yet calculated | CVE-2017-5593 MISC MISC MISC MISC |
| xmpp -- xmpp | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for profanity (0.4.7 - 0.5.0). | 2017-02-09 | not yet calculated | CVE-2017-5592 MISC MISC MISC MISC |
| xmpp -- xmpp | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and Slixmpp all versions up to 1.2.3, as bundled in poezio (0.8 - 0.10) and other products. | 2017-02-09 | not yet calculated | CVE-2017-5591 MISC MISC MISC MISC |
| xmpp -- xmpp | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for ChatSecure (3.2.0 - 4.0.0; only iOS) and Zom (all versions up to 1.0.11; only iOS). | 2017-02-09 | not yet calculated | CVE-2017-5590 MISC MISC MISC MISC MISC |
| xmpp -- xmpp | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Converse.js (0.8.0 - 1.0.6, 2.0.0 - 2.0.4). | 2017-02-09 | not yet calculated | CVE-2017-5858 MISC MISC MISC MISC |
| xmpp -- xmpp | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for jappix 1.0.0 to 1.1.6. | 2017-02-09 | not yet calculated | CVE-2017-5602 MISC MISC MISC MISC |
| xmpp -- xmpp | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Xabber (only if manually enabled: 1.0.30, 1.0.30 VIP, beta 1.0.3 - 1.0.74; Android). | 2017-02-09 | not yet calculated | CVE-2017-5606 MISC MISC MISC |
| xmpp -- xmpp | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Movim 0.8 - 0.10. | 2017-02-09 | not yet calculated | CVE-2017-5605 MISC MISC MISC MISC |
| xmpp -- xmpp | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for mcabber 1.0.0 - 1.0.4. | 2017-02-09 | not yet calculated | CVE-2017-5604 MISC MISC MISC MISC |
| xmpp -- xmpp | An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for yaxim and Bruno (0.8.6 - 0.8.8; Android). | 2017-02-09 | not yet calculated | CVE-2017-5589 MISC MISC MISC MISC |
| zoneminder -- zoneminder | A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the web server user (www-data). The attack vector is a .. (dot dot) in the path parameter within a zm/index.php?view=file&path= request. | 2017-02-06 | not yet calculated | CVE-2017-5595 MISC MISC BID MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System http://ift.tt/2l0HM1m