SB17-051: Vulnerability Summary for the Week of February 13, 2017
Original release date: February 20, 2017 | Last revised: February 22, 2017
Back to top
Back to top
Back to top
Back to top
from US-CERT National Cyber Alert System http://ift.tt/2lDjHQY
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- campaign | Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability. | 2017-02-15 | 7.5 | CVE-2017-2968 CONFIRM CONFIRM |
| adobe -- digital_editions | Adobe Digital Editions versions 4.5.3 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | 2017-02-15 | 10.0 | CVE-2017-2973 CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in a routine related to player shutdown. Successful exploitation could lead to arbitrary code execution. | 2017-02-15 | 10.0 | CVE-2017-2982 CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the h264 decoder routine. Successful exploitation could lead to arbitrary code execution. | 2017-02-15 | 10.0 | CVE-2017-2984 CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in the ActionScript 3 BitmapData class. Successful exploitation could lead to arbitrary code execution. | 2017-02-15 | 10.0 | CVE-2017-2985 CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution. | 2017-02-15 | 10.0 | CVE-2017-2986 CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution. | 2017-02-15 | 10.0 | CVE-2017-2987 CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Successful exploitation could lead to arbitrary code execution. | 2017-02-15 | 10.0 | CVE-2017-2988 CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Successful exploitation could lead to arbitrary code execution. | 2017-02-15 | 10.0 | CVE-2017-2990 CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Successful exploitation could lead to arbitrary code execution. | 2017-02-15 | 10.0 | CVE-2017-2991 CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution. | 2017-02-15 | 10.0 | CVE-2017-2992 CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability related to event handlers. Successful exploitation could lead to arbitrary code execution. | 2017-02-15 | 10.0 | CVE-2017-2993 CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in Primetime SDK. Successful exploitation could lead to arbitrary code execution. | 2017-02-15 | 10.0 | CVE-2017-2996 CONFIRM |
| advantech -- susiaccess | An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could reverse the admin account password for use. | 2017-02-13 | 7.2 | CVE-2016-9353 BID MISC |
| advantech -- webaccess | An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files. | 2017-02-13 | 7.5 | CVE-2017-5154 BID MISC |
| binom3 -- universal_multifunctional_electric_power_quality_meter_firmware | An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration. | 2017-02-13 | 10.0 | CVE-2017-5162 BID MISC |
| binom3 -- universal_multifunctional_electric_power_quality_meter_firmware | An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Users do not have any option to change their own passwords. | 2017-02-13 | 7.5 | CVE-2017-5167 BID MISC |
| dotcms -- dotcms | An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a new class, SQLUtil (main/java/com/dotmarketing/common/util/SQLUtil.java), as part of the remediation of CVE-2016-8902; however, these can be overcome in the case of the q and inode parameters to the /categoriesServlet path. Overcoming these controls permits a number of blind boolean SQL injection vectors in either parameter. The /categoriesServlet web path can be accessed remotely and without authentication in a default dotCMS deployment. | 2017-02-17 | 7.5 | CVE-2017-5344 MISC MISC MISC |
| exponentcms -- exponent_cms | install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter. | 2017-02-13 | 7.5 | CVE-2016-7565 MLIST CONFIRM CONFIRM |
| freebsd -- freebsd | The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to read portions of kernel memory and potentially gain privilege via unspecified vectors, related to "handling of Linux futex robust lists." | 2017-02-15 | 7.2 | CVE-2016-1880 SECTRACK FREEBSD |
| freebsd -- freebsd | The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause a denial of service (crash) or potentially gain privilege via a crafted Linux compatibility layer setgroups system call. | 2017-02-15 | 7.2 | CVE-2016-1881 SECTRACK FREEBSD |
| freebsd -- freebsd | The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors. | 2017-02-15 | 7.2 | CVE-2016-1883 SECTRACK FREEBSD |
| freebsd -- freebsd | Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3, and 11.0 when configured with a large amount of guest memory, allows local users to gain privilege via a crafted device descriptor. | 2017-02-15 | 7.2 | CVE-2016-1889 SECTRACK FREEBSD |
| honeywell -- xl_web_ii_controller | An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL. | 2017-02-13 | 7.5 | CVE-2017-5143 BID MISC |
| ibm -- integration_bus | IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918. | 2017-02-15 | 8.5 | CVE-2016-9706 CONFIRM |
| ibm -- vios | IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053. | 2017-02-15 | 7.2 | CVE-2016-6079 CONFIRM BID |
| ibm -- vios | IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011. | 2017-02-15 | 7.2 | CVE-2016-8972 CONFIRM BID |
| lynxspring -- jenesys_bas_bridge | An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication. | 2017-02-13 | 7.5 | CVE-2016-8361 BID MISC |
| moxa -- dacenter | An issue was discovered in Moxa DACenter Versions 1.4 and older. A specially crafted project file may cause the program to crash because of Uncontrolled Resource Consumption. | 2017-02-13 | 7.1 | CVE-2016-9354 BID MISC |
| moxa -- nport_5100_series_firmware | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Administration passwords can be retried without authenticating. | 2017-02-13 | 7.5 | CVE-2016-9361 BID MISC |
| moxa -- nport_5100_series_firmware | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Buffer overflow vulnerability may allow an unauthenticated attacker to remotely execute arbitrary code. | 2017-02-13 | 7.5 | CVE-2016-9363 BID MISC |
| moxa -- nport_5100_series_firmware | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. The amount of resources requested by a malicious actor is not restricted, leading to a denial-of-service caused by resource exhaustion. | 2017-02-13 | 7.8 | CVE-2016-9367 BID MISC |
| moxa -- nport_5100_series_firmware | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Firmware can be updated over the network without authentication, which may allow remote code execution. | 2017-02-13 | 10.0 | CVE-2016-9369 BID MISC |
| moxa -- softcms | An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to crash or excessive consumption of resources could result in a denial-of-service condition. | 2017-02-13 | 7.8 | CVE-2016-9332 BID MISC |
| nagios -- nagios | Nagios 4.2.4 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. | 2017-02-15 | 7.2 | CVE-2016-10089 MLIST BID |
| schneider-electric -- powerlogic_pm8ecc_firmware | An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device. | 2017-02-13 | 7.5 | CVE-2016-5818 BID MISC |
| videoinsight -- web_client | An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. A SQL Injection vulnerability has been identified, which may allow remote code execution. | 2017-02-13 | 7.5 | CVE-2017-5151 BID MISC |
| vim -- vim | vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. | 2017-02-10 | 7.5 | CVE-2017-5953 CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory. | 2017-02-17 | 7.8 | CVE-2017-6014 CONFIRM |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adcon_telemetry -- a850_telemetry_gateway_base_station_firmware | An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base Station. The Web Interface does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output; this could allow for cross-site scripting. | 2017-02-13 | 4.3 | CVE-2016-2274 BID MISC |
| adobe -- campaign | Adobe Campaign versions 16.4 Build 8724 and earlier have a cross-site scripting (XSS) vulnerability. | 2017-02-15 | 4.3 | CVE-2017-2969 CONFIRM |
| adobe -- digital_editions | Adobe Digital Editions versions 4.5.3 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2017-02-15 | 5.0 | CVE-2017-2974 CONFIRM |
| adobe -- digital_editions | Adobe Digital Editions versions 4.5.3 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2017-02-15 | 5.0 | CVE-2017-2975 CONFIRM |
| adobe -- digital_editions | Adobe Digital Editions versions 4.5.3 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2017-02-15 | 5.0 | CVE-2017-2976 CONFIRM |
| adobe -- digital_editions | Adobe Digital Editions versions 4.5.3 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2017-02-15 | 5.0 | CVE-2017-2977 CONFIRM |
| adobe -- digital_editions | Adobe Digital Editions versions 4.5.3 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2017-02-15 | 5.0 | CVE-2017-2978 CONFIRM |
| adobe -- digital_editions | Adobe Digital Editions versions 4.5.3 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2017-02-15 | 5.0 | CVE-2017-2979 CONFIRM |
| adobe -- digital_editions | Adobe Digital Editions versions 4.5.3 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2017-02-15 | 5.0 | CVE-2017-2980 CONFIRM |
| adobe -- digital_editions | Adobe Digital Editions versions 4.5.3 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2017-02-15 | 5.0 | CVE-2017-2981 CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution. | 2017-02-15 | 6.8 | CVE-2017-2994 CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation could lead to arbitrary code execution. | 2017-02-15 | 6.8 | CVE-2017-2995 CONFIRM |
| advantech -- susiaccess | An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. An attacker could traverse the file system and extract files that can result in information disclosure. | 2017-02-13 | 5.0 | CVE-2016-9349 BID MISC |
| advantech -- susiaccess | An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file. | 2017-02-13 | 6.0 | CVE-2016-9351 BID MISC |
| advantech -- webaccess | An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICATION BYPASS). | 2017-02-13 | 6.4 | CVE-2017-5152 BID MISC |
| artifex -- mupdf | The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file. | 2017-02-15 | 4.3 | CVE-2016-8674 CONFIRM MLIST BID MISC CONFIRM CONFIRM CONFIRM |
| artifex -- mupdf | Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image. | 2017-02-15 | 4.3 | CVE-2017-5896 CONFIRM MLIST MLIST BID CONFIRM |
| autotrace_project -- autotrace | Heap-based buffer overflow in the pstoedit_suffix_table_init function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted bmp image file. | 2017-02-15 | 4.3 | CVE-2016-7392 MLIST MLIST BID MISC CONFIRM |
| binom3 -- universal_multifunctional_electric_power_quality_meter_firmware | An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Input sent from a malicious client is not properly verified by the server. An attacker can execute arbitrary script code in another user's browser session (CROSS-SITE SCRIPTING). | 2017-02-13 | 4.3 | CVE-2017-5164 BID MISC |
| binom3 -- universal_multifunctional_electric_power_quality_meter_firmware | An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. There is no CSRF Token generated per page and/or per (sensitive) function. Successful exploitation of this vulnerability can allow silent execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration. | 2017-02-13 | 6.8 | CVE-2017-5165 BID MISC |
| binom3 -- universal_multifunctional_electric_power_quality_meter_firmware | An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. An INFORMATION EXPOSURE flaw can be used to gain privileged access to the device. | 2017-02-13 | 5.0 | CVE-2017-5166 BID MISC |
| bubblewrap_project -- bubblewrap | Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket. | 2017-02-13 | 6.9 | CVE-2016-8659 MLIST MLIST BID CONFIRM |
| fatek -- automation_pm_designer | An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. Sending additional valid packets could allow the attacker to cause a crash or to execute arbitrary code, because of Improper Restriction of Operations within the Bounds of a Memory Buffer. | 2017-02-13 | 6.8 | CVE-2016-5796 BID MISC |
| fatek -- automation_pm_designer | An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. By sending additional valid packets, an attacker could trigger a stack-based buffer overflow and cause a crash. Also, a malicious attacker can trigger a remote buffer overflow on the Fatek Communication Server. | 2017-02-13 | 5.0 | CVE-2016-5798 BID MISC |
| fedoraproject -- fedora | slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash. | 2017-02-15 | 5.0 | CVE-2016-6866 CONFIRM MISC MLIST MLIST BID FEDORA FEDORA |
| fedoraproject -- fedora | regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free. | 2017-02-16 | 5.0 | CVE-2017-5357 MLIST MLIST MLIST MLIST BID FEDORA MLIST |
| freebsd -- freebsd | The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows remote attackers to inject arguments to login and bypass authentication via vectors involving a "sequence of memory allocation failures." | 2017-02-15 | 5.0 | CVE-2016-1888 SECTRACK FREEBSD |
| gnu -- glibc | Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures. | 2017-02-16 | 5.0 | CVE-2016-5417 MLIST BID CONFIRM CONFIRM MLIST |
| google -- chrome | Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | 2017-02-17 | 4.3 | CVE-2017-5006 BID CONFIRM CONFIRM |
| google -- chrome | Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | 2017-02-17 | 4.3 | CVE-2017-5007 BID CONFIRM CONFIRM |
| google -- chrome | Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | 2017-02-17 | 4.3 | CVE-2017-5008 BID CONFIRM CONFIRM |
| google -- chrome | WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2017-02-17 | 6.8 | CVE-2017-5009 BID CONFIRM CONFIRM |
| google -- chrome | Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | 2017-02-17 | 4.3 | CVE-2017-5010 BID CONFIRM CONFIRM |
| google -- chrome | Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem contents via a crafted HTML page. | 2017-02-17 | 4.3 | CVE-2017-5011 BID CONFIRM CONFIRM |
| google -- chrome | A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2017-02-17 | 6.8 | CVE-2017-5012 BID CONFIRM CONFIRM |
| google -- chrome | Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2017-02-17 | 4.3 | CVE-2017-5013 BID CONFIRM CONFIRM |
| google -- chrome | Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 2017-02-17 | 6.8 | CVE-2017-5014 BID CONFIRM CONFIRM |
| google -- chrome | Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | 2017-02-17 | 4.3 | CVE-2017-5015 BID CONFIRM CONFIRM |
| google -- chrome | Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a remote attacker to show certain UI elements on a page they don't control via a crafted HTML page. | 2017-02-17 | 4.3 | CVE-2017-5016 BID CONFIRM CONFIRM |
| google -- chrome | A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2017-02-17 | 6.8 | CVE-2017-5019 BID CONFIRM CONFIRM |
| google -- chrome | Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page. | 2017-02-17 | 4.3 | CVE-2017-5020 BID CONFIRM CONFIRM |
| google -- chrome | Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page. | 2017-02-17 | 4.3 | CVE-2017-5022 BID CONFIRM CONFIRM |
| google -- chrome | Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit a near null dereference via a crafted HTML page. | 2017-02-17 | 4.3 | CVE-2017-5023 BID CONFIRM CONFIRM |
| google -- chrome | FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file. | 2017-02-17 | 4.3 | CVE-2017-5025 BID CONFIRM CONFIRM |
| google -- chrome | Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don't control via a crafted HTML page. | 2017-02-17 | 4.3 | CVE-2017-5026 BID CONFIRM CONFIRM |
| google -- chrome | Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page. | 2017-02-17 | 4.3 | CVE-2017-5027 CONFIRM CONFIRM |
| gosa_project -- gosa_plugin | Cross-site scripting (XSS) vulnerability in the displayLogin function in html/index.php in GOsa allows remote attackers to inject arbitrary web script or HTML via the username. | 2017-02-13 | 4.3 | CVE-2014-9760 MLIST CONFIRM |
| graphicsmagick -- graphicsmagick | The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header. | 2017-02-15 | 5.0 | CVE-2016-8682 CONFIRM SUSE DEBIAN MLIST BID MISC CONFIRM |
| graphicsmagick -- graphicsmagick | The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file." | 2017-02-15 | 6.8 | CVE-2016-8683 CONFIRM SUSE DEBIAN MLIST BID MISC CONFIRM |
| graphicsmagick -- graphicsmagick | The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file." | 2017-02-15 | 6.8 | CVE-2016-8684 CONFIRM SUSE DEBIAN MLIST BID MISC CONFIRM |
| honeywell -- xl_web_ii_controller | An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password. | 2017-02-13 | 5.0 | CVE-2017-5139 BID MISC |
| honeywell -- xl_web_ii_controller | An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text. | 2017-02-13 | 5.0 | CVE-2017-5140 BID MISC |
| honeywell -- xl_web_ii_controller | An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated sessions (SESSION FIXATION). | 2017-02-13 | 6.5 | CVE-2017-5141 BID MISC |
| honeywell -- xl_web_ii_controller | An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management. | 2017-02-13 | 6.5 | CVE-2017-5142 BID MISC |
| ibm -- aix | IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system. IBM APARs: IV91488, IV91487, IV91456, IV90234. | 2017-02-15 | 4.9 | CVE-2016-8944 CONFIRM BID |
| ibm -- cognos_disclosure_management | IBM Cognos Disclosure Management 10.2 could allow a malicious attacker to execute commands as a lower privileged user that opens a malicious document. IBM Reference #: 1991584. | 2017-02-15 | 6.8 | CVE-2016-6077 CONFIRM BID |
| ibm -- integration_bus | IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM Reference #: 1997906. | 2017-02-15 | 4.3 | CVE-2016-9010 CONFIRM |
| ibm -- rational_requirements_composer | An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 could allow a JazzGuest user to see project names. IBM Reference #: 1995547. | 2017-02-15 | 4.0 | CVE-2016-6060 CONFIRM |
| kabona_ab -- webdatorcentral | An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. The web server URL inputs are not sanitized correctly, which may allow cross-site scripting vulnerabilities. | 2017-02-13 | 4.3 | CVE-2016-8356 BID MISC |
| kabona_ab -- webdatorcentral | An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. This non-validated redirect/non-validated forward (OPEN REDIRECT) allows chaining with authenticated vulnerabilities. | 2017-02-13 | 5.8 | CVE-2016-8376 BID MISC |
| libav -- libav | Heap-based buffer overflow in the ff_audio_resample function in resample.c in libav before 11.4 allows remote attackers to cause a denial of service (crash) via vectors related to buffer resizing. | 2017-02-15 | 4.3 | CVE-2016-6832 MLIST MLIST MISC CONFIRM CONFIRM |
| libav -- libav | Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | 2017-02-15 | 4.3 | CVE-2016-7393 MLIST BID MISC CONFIRM |
| libav -- libav | The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted mp3 file. NOTE: this issue was originally reported as involving a NULL pointer dereference. | 2017-02-15 | 4.3 | CVE-2016-7477 MLIST BID MISC |
| libav -- libav | The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file. | 2017-02-15 | 4.3 | CVE-2016-7499 MLIST BID MISC CONFIRM |
| libav -- libav | The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file, possibly related to startcode sequences during m4v detection. | 2017-02-15 | 4.3 | CVE-2016-8675 MLIST BID MISC CONFIRM |
| libav -- libav | The get_vlc2 function in get_bits.h in Libav 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file. NOTE: this issue exists due to an incomplete fix for CVE-2016-8675. | 2017-02-15 | 4.3 | CVE-2016-8676 MLIST MLIST BID MISC MISC |
| libdwarf_project -- libdwarf | libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file. | 2017-02-13 | 4.3 | CVE-2015-8750 MLIST CONFIRM CONFIRM |
| libming -- libming | The _iprintf function in outputtxt.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (buffer over-read) via a crafted SWF file. | 2017-02-16 | 4.3 | CVE-2016-9827 MLIST MLIST BID MISC |
| libming -- libming | The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SWF file. | 2017-02-16 | 4.3 | CVE-2016-9828 MLIST MLIST BID MISC |
| libming -- libming | Heap-based buffer overflow in the parseSWF_DEFINEFONT function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file. | 2017-02-16 | 6.8 | CVE-2016-9829 MLIST MLIST BID MISC |
| libming -- libming | Heap-based buffer overflow in the parseSWF_RGBA function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file. | 2017-02-16 | 6.8 | CVE-2016-9831 MLIST MLIST BID MISC |
| linux -- linux_kernel | The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options. | 2017-02-14 | 5.0 | CVE-2017-5970 CONFIRM MLIST CONFIRM CONFIRM CONFIRM |
| lynxspring -- jenesys_bas_bridge | An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. A user with read-only access can send commands to the software and the application will accept those commands. This would allow an attacker with read-only access to make changes within the application. | 2017-02-13 | 5.5 | CVE-2016-8357 BID MISC |
| lynxspring -- jenesys_bas_bridge | An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request (CROSS-SITE REQUEST FORGERY). | 2017-02-13 | 6.8 | CVE-2016-8369 BID MISC |
| lynxspring -- jenesys_bas_bridge | An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application's database lacks sufficient safeguards for protecting credentials. | 2017-02-13 | 5.0 | CVE-2016-8378 BID MISC |
| mariadb -- mariadb | Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3. | 2017-02-11 | 5.0 | CVE-2017-3302 MISC |
| moxa -- dacenter | An issue was discovered in Moxa DACenter Versions 1.4 and older. The application may suffer from an unquoted search path issue. | 2017-02-13 | 4.6 | CVE-2016-9356 BID MISC |
| moxa -- nport_5100_series_firmware | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Requests are not verified to be intentionally submitted by the proper user (CROSS-SITE REQUEST FORGERY). | 2017-02-13 | 6.8 | CVE-2016-9365 BID MISC |
| moxa -- nport_5100_series_firmware | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. An attacker can freely use brute force to determine parameters needed to bypass authentication. | 2017-02-13 | 5.0 | CVE-2016-9366 BID MISC |
| moxa -- nport_5100_series_firmware | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. User-controlled input is not neutralized before being output to web page (CROSS-SITE SCRIPTING). | 2017-02-13 | 4.3 | CVE-2016-9371 BID MISC |
| moxa -- softcms | An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server allowing an attacker to modify memory locations and possibly cause a denial of service or the execution of arbitrary code. | 2017-02-13 | 6.8 | CVE-2016-8360 BID MISC |
| moxa -- softcms | An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. The SoftCMS Application does not properly sanitize input that may allow a remote attacker access to SoftCMS with administrator's privilege through specially crafted input (SQL INJECTION). | 2017-02-13 | 6.5 | CVE-2016-9333 BID MISC |
| nitro_software -- nitro_pro | A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability. | 2017-02-10 | 6.8 | CVE-2016-8709 MISC |
| nitro_software -- nitro_pro | A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this vulnerability. | 2017-02-10 | 6.8 | CVE-2016-8711 MISC |
| omnimetrix -- omniview | An issue was discovered in OmniMetrix OmniView, Version 1.2. The OmniView web application transmits credentials with the HTTP protocol, which could be sniffed by an attacker that may result in the compromise of account credentials. | 2017-02-13 | 5.0 | CVE-2016-5786 BID MISC |
| omnimetrix -- omniview | An issue was discovered in OmniMetrix OmniView, Version 1.2. Insufficient password requirements for the OmniView web application may allow an attacker to gain access by brute forcing account passwords. | 2017-02-13 | 5.0 | CVE-2016-5801 BID MISC |
| opensuse_project -- leap | Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename. | 2017-02-15 | 5.0 | CVE-2016-8687 SUSE MLIST BID MISC CONFIRM MISC GENTOO |
| opensuse_project -- leap | The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c. | 2017-02-15 | 4.3 | CVE-2016-8688 SUSE MLIST BID MISC MISC MISC MISC MISC CONFIRM CONFIRM GENTOO |
| opensuse_project -- leap | The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive. | 2017-02-15 | 5.0 | CVE-2016-8689 SUSE MLIST BID MISC CONFIRM CONFIRM GENTOO |
| otrs -- otrs | Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment. | 2017-02-16 | 4.3 | CVE-2016-9139 BID CONFIRM |
| python -- openpyxl | Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document. | 2017-02-15 | 5.8 | CVE-2017-5992 CONFIRM CONFIRM CONFIRM CONFIRM |
| samsung -- samsung_mobile | Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C. | 2017-02-13 | 5.0 | CVE-2016-4547 CONFIRM MLIST |
| schneider_electric -- homelynk_controller_lss100100_firmware | An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of JavaScript code. | 2017-02-13 | 4.3 | CVE-2017-5157 BID MISC |
| visonic -- powerlink2_firmware | An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. User controlled input is not neutralized prior to being placed in web page output (CROSS-SITE SCRIPTING). | 2017-02-13 | 4.3 | CVE-2016-5811 BID MISC |
| wordpress -- mail_plugin | An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail. | 2017-02-10 | 4.3 | CVE-2017-5942 MISC |
| wso2 -- carbon | Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to downloadgz-ajaxprocessor.jsp. | 2017-02-16 | 4.0 | CVE-2016-4314 MISC MISC BUGTRAQ BID CONFIRM EXPLOIT-DB |
| wso2 -- carbon | Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) setName parameter to identity-mgt/challenges-mgt.jsp; the (2) webappType or (3) httpPort parameter to webapp-list/webapp_info.jsp; the (4) dsName or (5) description parameter to ndatasource/newdatasource.jsp; the (6) phase parameter to viewflows/handlers.jsp; or the (7) url parameter to ndatasource/validateconnection-ajaxprocessor.jsp. | 2017-02-16 | 4.3 | CVE-2016-4316 MISC MISC BUGTRAQ BID EXPLOIT-DB |
| wso2 -- enablement_server_for_java | Cross-site scripting (XSS) vulnerability in WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 2017-02-16 | 4.3 | CVE-2016-4327 MISC BUGTRAQ BID |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| bigtreecms -- bigtree_cms | An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-02-14 | 3.5 | CVE-2016-10223 CONFIRM CONFIRM |
| ibm -- rational_collaborative_lifecycle_management | IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998515. | 2017-02-15 | 3.5 | CVE-2016-8968 CONFIRM |
| ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997743 | 2017-02-13 | 3.5 | CVE-2017-1121 CONFIRM |
| linux -- linux_kernel | The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c. | 2017-02-14 | 2.1 | CVE-2017-5967 CONFIRM MISC |
| mcafee -- epolicy_orchestrator | Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation. | 2017-02-13 | 3.5 | CVE-2017-3902 CONFIRM |
| moxa -- nport_5100_series_firmware | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. A configuration file contains parameters that represent passwords in plaintext. | 2017-02-13 | 2.1 | CVE-2016-9348 BID MISC |
| samsung -- samsung_mobile | Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call. | 2017-02-13 | 2.1 | CVE-2016-4546 CONFIRM MLIST |
| wso2 -- carbon | Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action to server-admin/proxy_ajaxprocessor.jsp. | 2017-02-16 | 3.5 | CVE-2016-4315 MISC MISC BUGTRAQ BID CONFIRM EXPLOIT-DB |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache_software_foundation -- apache_tomcat | It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu. | 2017-02-17 | not yet calculated | CVE-2017-6056 CONFIRM CONFIRM CONFIRM CONFIRM |
| artifex_software -- mupdf | An issue was discovered in Artifex Software, Inc. MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. | 2017-02-15 | not yet calculated | CVE-2017-5991 CONFIRM CONFIRM |
| bd -- alaris | An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit. An unauthorized user with physical access to an affected Alaris PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling the PC unit and accessing the device's flash memory. The Alaris 8015 PC unit, Version 9.7, and the 8000 PC unit store wireless network authentication credentials and other sensitive technical data on internal flash memory. Accessing the internal flash memory of the affected device would require special tools to extract data and carrying out this attack at a healthcare facility would increase the likelihood of detection. | 2017-02-13 | not yet calculated | CVE-2016-8375 BID MISC MISC |
| bd -- alaris | An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7. An unauthorized user with physical access to an Alaris 8015 PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling an Alaris 8015 PC unit and accessing the device's flash memory. Older software versions of the Alaris 8015 PC unit, Version 9.5 and prior versions, store wireless network authentication credentials and other sensitive technical data on the affected device's removable flash memory. Being able to remove the flash memory from the affected device reduces the risk of detection, allowing an attacker to extract stored data at the attacker's convenience. | 2017-02-13 | not yet calculated | CVE-2016-9355 BID MISC |
| ca_technologies -- infrastructure_management | An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. | 2017-02-13 | not yet calculated | CVE-2016-5803 BID MISC |
| carlo_gavazzi -- vmu-c_em | An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. The access control flaw allows access to most application functions without authentication. | 2017-02-13 | not yet calculated | CVE-2017-5144 BID MISC |
| carlo_gavazzi -- vmu-c_em | An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Sensitive information is stored in clear-text. | 2017-02-13 | not yet calculated | CVE-2017-5146 BID MISC |
| carlo_gavazzi -- vmu-c_em | An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vulnerability can allow execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration. | 2017-02-13 | not yet calculated | CVE-2017-5145 BID MISC |
| cisco -- cisco_ucs | A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control (RBAC) after the Developer Menu is enabled in Cisco UCS Director. An attacker could exploit this vulnerability by enabling Developer Mode for his/her user profile with an end-user profile and then adding new catalogs with arbitrary workflow items to his/her profile. An exploit could allow an attacker to perform any actions defined by these workflow items, including actions affecting other tenants. Cisco Bug IDs: CSCvb64765. | 2017-02-15 | not yet calculated | CVE-2017-3801 CONFIRM |
| cisco -- jasper | The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command. | 2017-02-15 | not yet calculated | CVE-2016-8692 DEBIAN MLIST MLIST BID MISC CONFIRM CONFIRM FEDORA |
| cisco -- jasper | Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image. | 2017-02-15 | not yet calculated | CVE-2016-9560 MLIST MLIST BID MISC CONFIRM |
| cisco -- jasper | Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command. | 2017-02-15 | not yet calculated | CVE-2016-8693 SUSE MLIST MLIST BID MISC CONFIRM CONFIRM FEDORA |
| cisco -- jasper | The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command. | 2017-02-15 | not yet calculated | CVE-2016-8691 DEBIAN MLIST MLIST BID MISC CONFIRM CONFIRM FEDORA |
| cisco -- jasper | The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command. | 2017-02-15 | not yet calculated | CVE-2016-8690 MLIST MLIST BID MISC CONFIRM CONFIRM FEDORA |
| crypto++ -- crypto++ | The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5.6.4 may be optimized out by the compiler, which allows attackers to conduct timing attacks. | 2017-02-13 | not yet calculated | CVE-2016-3995 MLIST BID CONFIRM |
| delta_electronics -- delta-electronics | An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to 2.10.10. Multiple instances of out-of-bounds write conditions may allow malicious files to be read and executed by the affected software. | 2017-02-13 | not yet calculated | CVE-2016-5802 BID MISC |
| delta_electronics -- delta-electronics | An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. There are multiple instances of heap-based buffer overflows that may allow malicious files to cause the execution of arbitrary code or a denial of service. | 2017-02-13 | not yet calculated | CVE-2016-5805 BID MISC |
| dovecot -- dovecot | The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username. | 2017-02-16 | not yet calculated | CVE-2016-8652 MLIST MLIST MLIST BID |
| eaton -- epdu | An issue was discovered in certain legacy Eaton ePDUs -- the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAMAxx prior to January 31, 2014, EMAAxx prior to January 31, 2014, and ESWAxx prior to January 31, 2014. An unauthenticated attacker may be able to access configuration files with a specially crafted URL (Path Traversal). | 2017-02-13 | not yet calculated | CVE-2016-9357 BID MISC |
| ecommerce_shopsoftware -- ecommerce_shopsoftware | Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands via the (1) orders_status or (2) customers_status parameter to api/easybill/easybillcsv.php. | 2017-02-15 | not yet calculated | CVE-2016-3694 MISC EXPLOIT-DB |
| emerson -- deltav | An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system. | 2017-02-13 | not yet calculated | CVE-2016-9345 BID MISC |
| emerson -- emerson | An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) running the firmware available in the DeltaV system, release v13.3, have the SSH (Secure Shell) functionality enabled unnecessarily. | 2017-02-13 | not yet calculated | CVE-2016-9347 BID MISC |
| emerson -- liebert_sitescan | An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network. | 2017-02-13 | not yet calculated | CVE-2016-8348 BID MISC |
| eparaksts -- eparaksts | XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3.9 and eParaksts Java lib before 2.5.13 allows remote attackers to read arbitrary files or possibly have unspecified other impact via a crafted edoc file. | 2017-02-17 | not yet calculated | CVE-2017-6055 MISC MISC |
| facebook -- hhmv | Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | 2017-02-17 | not yet calculated | CVE-2016-6873 MLIST MLIST CONFIRM |
| facebook -- hhmv | Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow. | 2017-02-17 | not yet calculated | CVE-2016-6871 MLIST MLIST CONFIRM |
| facebook -- hhmv | The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion. | 2017-02-17 | not yet calculated | CVE-2016-6874 MLIST MLIST CONFIRM |
| facebook -- hhmv | Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | 2017-02-17 | not yet calculated | CVE-2016-6875 MLIST MLIST CONFIRM |
| facebook -- hhmv | Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | 2017-02-17 | not yet calculated | CVE-2016-6870 MLIST MLIST CONFIRM |
| facebook -- hhmv | Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | 2017-02-17 | not yet calculated | CVE-2016-6872 MLIST MLIST CONFIRM |
| fatek -- winproloader | An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. A stack-based buffer overflow vulnerability exists when the software application connects to a malicious server, resulting in a stack buffer overflow. This causes an exploitable Structured Exception Handler (SEH) overwrite condition that may allow remote code execution. | 2017-02-13 | not yet calculated | CVE-2016-8377 BID MISC |
| fidelix -- fidelix_fx-20 | An issue was discovered in Fidelix FX-20 series controllers, versions prior to 11.50.19. Arbitrary file reading via path traversal allows an attacker to access arbitrary files and directories on the server. | 2017-02-13 | not yet calculated | CVE-2016-9364 BID MISC |
| fortinet -- fortimanager | An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature. | 2017-02-13 | not yet calculated | CVE-2016-8495 CONFIRM |
| froxlor -- froxlor | Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value. | 2017-02-13 | not yet calculated | CVE-2016-5100 CONFIRM |
| ge -- proficy_hmi/scada | An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session. | 2017-02-13 | not yet calculated | CVE-2016-9360 BID MISC |
| genixcms -- genixcms | SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter. | 2017-02-17 | not yet calculated | CVE-2017-6065 MISC |
| google -- chrome | FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file. | 2017-02-17 | not yet calculated | CVE-2017-5024 BID CONFIRM CONFIRM |
| google -- chrome | Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, had an insufficiently strict content security policy on the Chrome app launcher page, which allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. | 2017-02-17 | not yet calculated | CVE-2017-5018 BID CONFIRM CONFIRM |
| google -- chrome | Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with GeForce 8600M graphics chips via a crafted HTML page. | 2017-02-17 | not yet calculated | CVE-2017-5017 BID CONFIRM CONFIRM |
| google -- chrome | A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 2017-02-17 | not yet calculated | CVE-2017-5021 BID CONFIRM CONFIRM |
| gosa -- gosa | The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password. | 2017-02-13 | not yet calculated | CVE-2015-8771 MLIST CONFIRM |
| graphicsmagick -- graphicsmagick | The AcquireMagickMemory function in MagickCore/memory.c in GraphicsMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. | 2017-02-15 | not yet calculated | CVE-2016-8862 DEBIAN MLIST MLIST BID MISC CONFIRM CONFIRM |
| graphicsmagick -- graphicsmagick | The AcquireMagickMemory function in MagickCore/memory.c in GraphicsMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862. | 2017-02-15 | not yet calculated | CVE-2016-8866 SUSE SUSE SUSE MLIST MLIST MISC CONFIRM CONFIRM |
| hanwha_techwin -- smart_security_manager | An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and Apache Felix Gogo servers that are installed as part of this product. By issuing specific HTTP Post requests, an attacker can gain system level access to a remote shell session. Smart Security Manager Versions 1.5 and prior are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. | 2017-02-13 | not yet calculated | CVE-2017-5169 MISC |
| hanwha_techwin -- smart_security_manager | An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server. Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. | 2017-02-13 | not yet calculated | CVE-2017-5168 MISC |
| hirschmann -- geko_lite_managed_switch | An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, which includes hashes of user passwords, is saved to a location that is accessible without authentication by path traversal. | 2017-02-13 | not yet calculated | CVE-2017-5163 BID MISC |
| honeywell -- experion_pks_platform | An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does not properly validate input. By sending a specially crafted packet, an attacker could cause the process to terminate. A successful exploit would prevent firmware uploads to the Series-C devices. | 2017-02-13 | not yet calculated | CVE-2016-8344 BID MISC |
| ibhsoftec -- softplc | An issue was discovered in IBHsoftec S7-SoftPLC prior to 4.12b. Object memory can read a network packet that is larger than the space that is available, a Heap-based Buffer Overflow. | 2017-02-13 | not yet calculated | CVE-2016-8364 BID MISC |
| ibm -- resilient | IBM Resilient v26.0, v26.1, and v26.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference#: 213457065. | 2017-02-16 | not yet calculated | CVE-2016-6062 BID CONFIRM |
| ibm -- security_access_manager | IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868. | 2017-02-16 | not yet calculated | CVE-2016-5919 CONFIRM |
| ibm -- tivoli | IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1995545. | 2017-02-15 | not yet calculated | CVE-2016-6033 CONFIRM BID |
| ibm -- websphere | IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. IBM Reference #: 1983457. | 2017-02-15 | not yet calculated | CVE-2016-0360 CONFIRM BID |
| icoutils -- icoutils | An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool. | 2017-02-16 | not yet calculated | CVE-2017-6009 MISC |
| icoutils -- icoutils | An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash. | 2017-02-16 | not yet calculated | CVE-2017-6010 MISC |
| icoutils -- icoutils | An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool. | 2017-02-16 | not yet calculated | CVE-2017-6011 MISC |
| ikiwiki -- ikiwiki | ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made. | 2017-02-13 | not yet calculated | CVE-2016-10026 CONFIRM MLIST MLIST CONFIRM |
| imagemagick -- imagemagick | Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556. | 2017-02-16 | not yet calculated | CVE-2016-9773 MLIST MLIST MLIST MISC |
| imagemagick -- imagemagick | The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64." | 2017-02-15 | not yet calculated | CVE-2016-8678 MLIST MLIST BID CONFIRM MISC |
| imagemagick -- imagemagick | The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure. | 2017-02-15 | not yet calculated | CVE-2016-8677 SUSE DEBIAN MLIST BID MISC CONFIRM CONFIRM CONFIRM |
| integraxor -- ecava | An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands. | 2017-02-13 | not yet calculated | CVE-2016-8341 BID MISC |
| interschalt -- vdr | An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. External input is used to construct paths to files and directories without properly neutralizing special elements within the pathname that could allow an attacker to read files on the system, a Path Traversal. | 2017-02-13 | not yet calculated | CVE-2016-9339 BID MISC |
| kabona -- webdatorcentral | An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. WDC does not limit authentication attempts that may allow a brute force attack method. | 2017-02-13 | not yet calculated | CVE-2016-8347 BID MISC |
| libdwarf -- libdwarf | The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | 2017-02-17 | not yet calculated | CVE-2016-5035 MLIST MLIST CONFIRM |
| libdwarf -- libdwarf | The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | 2017-02-17 | not yet calculated | CVE-2016-5033 MLIST MLIST CONFIRM |
| libdwarf -- libdwarf | The _dwarf_calculate_info_section_end_ptr function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | 2017-02-17 | not yet calculated | CVE-2016-5030 MLIST MLIST CONFIRM |
| libdwarf -- libdwarf | The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted DWARF section. | 2017-02-17 | not yet calculated | CVE-2016-5044 MLIST MLIST CONFIRM |
| libdwarf -- libdwarf | dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file, related to relocation records. | 2017-02-17 | not yet calculated | CVE-2016-5034 MLIST MLIST CONFIRM |
| libdwarf -- libdwarf | The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a denial of service (crash) via a crafted file. | 2017-02-17 | not yet calculated | CVE-2016-5032 MLIST MLIST CONFIRM |
| libdwarf -- libdwarf | The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | 2017-02-17 | not yet calculated | CVE-2016-5031 MLIST MLIST CONFIRM |
| libdwarf -- libdwarf | The _dwarf_load_section function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | 2017-02-17 | not yet calculated | CVE-2016-5037 MLIST MLIST CONFIRM |
| libdwarf -- libdwarf | The dump_block function in print_sections.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted frame data. | 2017-02-17 | not yet calculated | CVE-2016-5036 MLIST MLIST CONFIRM |
| libdwarf -- libdwarf | The read_line_table_program function in dwarf_line_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted input. | 2017-02-17 | not yet calculated | CVE-2016-7510 MISC CONFIRM |
| libdwarf -- libdwarf | The get_attr_value function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted object with all-bits on. | 2017-02-17 | not yet calculated | CVE-2016-5039 MLIST MLIST CONFIRM |
| libdwarf -- libdwarf | The dwarf_get_macro_startend_file function in dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted string offset for .debug_str. | 2017-02-17 | not yet calculated | CVE-2016-5038 MLIST MLIST CONFIRM |
| libdwarf -- libdwarf | Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows remote attackers to cause a denial of service (crash) via a crafted file. | 2017-02-17 | not yet calculated | CVE-2016-7511 CONFIRM CONFIRM |
| libdwarf -- libdwarf | The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted dwarf file. | 2017-02-17 | not yet calculated | CVE-2016-5029 MLIST MLIST CONFIRM |
| libdwarf -- libdwarf | The dwarf_dealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted DWARF section. | 2017-02-17 | not yet calculated | CVE-2016-5043 MLIST MLIST CONFIRM |
| libdwarf -- libdwarf | The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file. | 2017-02-15 | not yet calculated | CVE-2016-8679 MLIST BID MISC CONFIRM |
| libdwarf -- libdwarf | The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via an object file with empty bss-like sections. | 2017-02-17 | not yet calculated | CVE-2016-5028 MLIST MLIST CONFIRM |
| libdwarf -- libdwarf | The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file. | 2017-02-15 | not yet calculated | CVE-2016-8680 MLIST BID MISC CONFIRM CONFIRM |
| libdwarf -- libdwarf | libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a large length value in a compilation unit header. | 2017-02-17 | not yet calculated | CVE-2016-5040 MLIST MLIST CONFIRM |
| libdwarf -- libdwarf | The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file. | 2017-02-15 | not yet calculated | CVE-2016-8681 MLIST BID MISC CONFIRM |
| libdwarf -- libdwarf | The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and crash) via a crafted DWARF section. | 2017-02-17 | not yet calculated | CVE-2016-5042 MLIST MLIST CONFIRM CONFIRM |
| libjpeg -- libjpeg | The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. | 2017-02-13 | not yet calculated | CVE-2016-3616 CONFIRM CONFIRM |
| libtomcrypt -- libtomcrypt | The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack. | 2017-02-13 | not yet calculated | CVE-2016-6129 CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. | 2017-02-14 | not yet calculated | CVE-2017-5972 MISC MISC |
| linux -- linux_kernel | Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786. | 2017-02-18 | not yet calculated | CVE-2017-6001 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux -- linux_kernel | Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state. | 2017-02-18 | not yet calculated | CVE-2017-5986 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux -- linux_kernel | The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to cause a denial of service (invalid free) or possibly have unspecified other impact via an application that makes an IPV6_RECVPKTINFO setsockopt system call. | 2017-02-18 | not yet calculated | CVE-2017-6074 CONFIRM |
| locus_energy -- l_gate | An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for voltage monitoring and network configuration. The PHP code does not properly validate information that is sent in the POST request. | 2017-02-13 | not yet calculated | CVE-2016-5782 BID BID MISC |
| mantisbt -- mantisbt | MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | 2017-02-17 | not yet calculated | CVE-2016-7111 MLIST MLIST CONFIRM CONFIRM |
| mantisbt -- mantisbt | Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter. | 2017-02-17 | not yet calculated | CVE-2016-5364 MLIST CONFIRM CONFIRM CONFIRM |
| mcafee -- intel_security_mcafee_agent | Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters via a URL that was not completely validated. | 2017-02-13 | not yet calculated | CVE-2017-3896 BID CONFIRM |
| mitsubishi -- melsec-q | An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock. | 2017-02-13 | not yet calculated | CVE-2016-8368 BID MISC |
| mitsubishi -- melsec-q | An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC. | 2017-02-13 | not yet calculated | CVE-2016-8370 BID MISC |
| moxa -- edr_810 | An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION). | 2017-02-13 | not yet calculated | CVE-2016-8346 BID MISC |
| moxa -- iologik | An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. A password is transmitted in a format that is not sufficiently secure. | 2017-02-13 | not yet calculated | CVE-2016-8372 BID MISC |
| moxa -- iologik | An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. The web application fails to sanitize user input, which may allow an attacker to inject script or execute arbitrary code (CROSS-SITE SCRIPTING). | 2017-02-13 | not yet calculated | CVE-2016-8359 BID MISC |
| moxa -- iologik | An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. Users are restricted to using short passwords. | 2017-02-13 | not yet calculated | CVE-2016-8379 BID MISC |
| moxa -- iologik | An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. The web application may not sufficiently verify whether a request was provided by a valid user (CROSS-SITE REQUEST FORGERY). | 2017-02-13 | not yet calculated | CVE-2016-8350 BID MISC |
| moxa -- moxa | An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files. | 2017-02-13 | not yet calculated | CVE-2016-9344 BID MISC |
| moxa -- moxa | An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted. | 2017-02-13 | not yet calculated | CVE-2016-9346 BID MISC |
| moxa -- oncell | An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. User is able to execute arbitrary OS commands on the server. | 2017-02-13 | not yet calculated | CVE-2016-8363 BID MISC |
| moxa -- oncell | An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. Any user is able to download log files by accessing a specific URL. | 2017-02-13 | not yet calculated | CVE-2016-8362 BID MISC |
| nvidia -- nvidia | All versions of NVIDIA GPU and GeForce Experience installer contain a vulnerability where it fails to set proper permissions on the package extraction path thus allowing a non-privileged user to tamper with the extracted files, potentially leading to escalation of privileges via code execution. | 2017-02-15 | not yet calculated | CVE-2017-0317 CONFIRM |
| nvidia -- nvidia | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system. | 2017-02-15 | not yet calculated | CVE-2017-0319 CONFIRM |
| nvidia -- nvidia | NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges. | 2017-02-15 | not yet calculated | CVE-2017-0311 CONFIRM |
| nvidia -- nvidia | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where untrusted input is used for buffer size calculation leading to denial of service or escalation of privileges. | 2017-02-15 | not yet calculated | CVE-2017-0308 CONFIRM |
| nvidia -- nvidia | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges. | 2017-02-15 | not yet calculated | CVE-2017-0323 CONFIRM |
| nvidia -- nvidia | All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges. | 2017-02-15 | not yet calculated | CVE-2017-0321 CONFIRM |
| nvidia -- nvidia | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system. | 2017-02-15 | not yet calculated | CVE-2017-0320 CONFIRM |
| nvidia -- nvidia | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscapeID 0x100008b where user provided input is used as the limit for a loop may lead to denial of service or potential escalation of privileges | 2017-02-15 | not yet calculated | CVE-2017-0312 CONFIRM |
| nvidia -- nvidia | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges. | 2017-02-15 | not yet calculated | CVE-2017-0324 CONFIRM |
| nvidia -- nvidia | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a value passed from a user to the driver is not correctly validated and used as the index to an array, leading to denial of service or potential escalation of privileges. | 2017-02-15 | not yet calculated | CVE-2017-0322 CONFIRM |
| nvidia -- nvidia | All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service or potential escalation of privileges. | 2017-02-15 | not yet calculated | CVE-2017-0309 CONFIRM |
| nvidia -- nvidia | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside of the intended boundary of the buffer leading to denial of service or escalation of privileges. | 2017-02-15 | not yet calculated | CVE-2017-0313 CONFIRM |
| nvidia -- nvidia | All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper access controls allowing unprivileged user to cause a denial of service. | 2017-02-15 | not yet calculated | CVE-2017-0310 CONFIRM |
| nvidia -- nvidia | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an attempt to access an invalid object pointer may lead to denial of service or potential escalation of privileges. | 2017-02-15 | not yet calculated | CVE-2017-0315 CONFIRM |
| nvidia -- nvidia | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside of the intended boundary of the buffer leading to denial of service or escalation of privileges. | 2017-02-15 | not yet calculated | CVE-2017-0314 CONFIRM |
| nvidia -- nvidia | All versions of NVIDIA Linux GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper validation of an input parameter may cause a denial of service on the system. | 2017-02-15 | not yet calculated | CVE-2017-0318 CONFIRM |
| offis -- dicom_dcmtk | Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long string sent to TCP port 4242. | 2017-02-15 | not yet calculated | CVE-2015-8979 MISC DEBIAN MLIST BID MISC CONFIRM |
| openssh -- sshd | sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided. | 2017-02-13 | not yet calculated | CVE-2016-6210 FULLDISC BID CONFIRM |
| osisoft -- pi_coresight | An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords to become exposed for the affected services, potentially leading to unauthorized shutdown of the affected PI services as well as potential reuse of domain credentials. | 2017-02-13 | not yet calculated | CVE-2017-5153 BID MISC |
| osisoft -- pi_web | An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). There is a weakness in this product that may allow an attacker to access the PI system without the proper permissions. | 2017-02-13 | not yet calculated | CVE-2016-8353 BID MISC |
| perl -- pcre | The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression. | 2017-02-16 | not yet calculated | CVE-2017-6004 CONFIRM CONFIRM |
| perl -- perl | The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression. | 2017-02-16 | not yet calculated | CVE-2016-1249 CONFIRM MLIST BID CONFIRM |
| phoenix_contact -- mguard | An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. When updating an mGuard device to Version 8.4.0 via the update-upload facility, the update will succeed, but it will reset the password of the admin user to its default value. | 2017-02-13 | not yet calculated | CVE-2017-5159 BID MISC |
| phreesoft -- phreebookserp | An issue was discovered in PhreeBooksERP before 2017-02-13. The vulnerability exists due to insufficient filtration of user-supplied data in the "form" HTTP GET parameter passed to the "PhreeBooksERP-master/extensions/ShippingMethods/ups/label_mgr/js_include.php" and "PhreeBooksERP-master/extensions/ShippingMethods/yrc/label_mgr/js_include.php" URLs. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. NOTE: these js_include.php files do not exist in the SourceForge "stable release" (aka R37RC1). | 2017-02-15 | not yet calculated | CVE-2017-5990 CONFIRM CONFIRM |
| pkexec -- pkexec | pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. | 2017-02-13 | not yet calculated | CVE-2016-2568 MLIST CONFIRM |
| puppet_enterprise -- mcollective | MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command. | 2017-02-13 | not yet calculated | CVE-2016-2788 CONFIRM |
| puppet_enterprise -- puppet_communications_protocol | The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors. | 2017-02-13 | not yet calculated | CVE-2016-2787 CONFIRM |
| python -- pycrypto | Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. | 2017-02-15 | not yet calculated | CVE-2013-7459 MLIST BID CONFIRM CONFIRM CONFIRM FEDORA FEDORA MISC |
| python -- python | install.py in click allows remote attackers to gain privileges via a data tarball containing a file with a crafted path. | 2017-02-13 | not yet calculated | CVE-2015-8768 UBUNTU MLIST CONFIRM CONFIRM |
| rockwell_automation -- logix5000 | An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service. | 2017-02-13 | not yet calculated | CVE-2016-9343 BID MISC |
| rockwell_automation -- micrologix | An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. Because of an Incorrect Permission Assignment for Critical Resource, users with administrator privileges may be able to remove all administrative users requiring a factory reset to restore ancillary web server function. Exploitation of this vulnerability will still allow the affected device to function in its capacity as a controller. | 2017-02-13 | not yet calculated | CVE-2016-9338 BID MISC |
| rockwell_automation -- micrologix | An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. User credentials are sent to the web server in clear text, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server. | 2017-02-13 | not yet calculated | CVE-2016-9334 BID MISC |
| sap -- sap | The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972. | 2017-02-15 | not yet calculated | CVE-2017-5997 MISC |
| sauter -- novaweb | An issue was discovered in Sauter NovaWeb web HMI. The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user. | 2017-02-13 | not yet calculated | CVE-2016-10224 MISC |
| schneider_electric -- connexium_firewalls | An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP login authentication process that may allow an attacker to remotely execute code. | 2017-02-13 | not yet calculated | CVE-2016-8352 BID MISC |
| schneider_electric -- ionxxxx | An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes. | 2017-02-13 | not yet calculated | CVE-2016-5815 BID MISC |
| schneider_electric -- ionxxxx | An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved. | 2017-02-13 | not yet calculated | CVE-2016-5809 BID MISC |
| schneider_electric -- magelis | An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION. | 2017-02-13 | not yet calculated | CVE-2016-8374 BID MISC |
| schneider_electric -- magelis | An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker can open multiple connections to a targeted web server and keep connections open preventing new connections from being made, rendering the web server unavailable during an attack. | 2017-02-13 | not yet calculated | CVE-2016-8367 BID MISC |
| schneider_electric -- unity_pro | An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity project file can make the simulator execute malicious code by redirecting the control flow of these instructions. | 2017-02-13 | not yet calculated | CVE-2016-8354 BID MISC |
| schnieder_electric -- wonderware_historian | An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by Wonderware Historian may be compromised as well. | 2017-02-13 | not yet calculated | CVE-2017-5155 BID MISC |
| shadow -- shadow | Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. | 2017-02-17 | not yet calculated | CVE-2016-6252 MLIST MLIST MLIST MLIST CONFIRM CONFIRM |
| sieclo_sistemi -- sieclo_sistemi | An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, versions prior to Version 3.02.01, and Winlog Pro SCADA Software, versions prior to Version 3.02.01. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL. | 2017-02-13 | not yet calculated | CVE-2017-5161 BID MISC |
| siemans -- eta4 | An issue was discovered in Siemens ETA4 firmware (all versions prior to Revision 08) of the SM-2558 extension module for: SICAM AK, SICAM TM 1703, SICAM BC 1703, and SICAM AK 3. Specially crafted packets sent to Port 2404/TCP could cause the affected device to go into defect mode. A cold start might be required to recover the system, a Denial-of-Service Vulnerability. | 2017-02-13 | not yet calculated | CVE-2016-7987 BID MISC |
| siemens -- sicam_pas | An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP. | 2017-02-13 | not yet calculated | CVE-2016-8567 BID MISC |
| siemens -- sicam_pas | An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recoverable Format, an authenticated local attacker with certain privileges could possibly reconstruct the passwords of users for accessing the database. | 2017-02-13 | not yet calculated | CVE-2016-8566 BID MISC |
| simplesamlphp -- simplesamlphp | The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean. | 2017-02-16 | not yet calculated | CVE-2016-9814 BID CONFIRM |
| simplesamlphp -- simplesamlphp | The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean. | 2017-02-16 | not yet calculated | CVE-2016-9955 BID CONFIRM |
| smiths-medical -- cadd-solis_medication_safety_software | An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. CADD-Solis Medication Safety Software grants an authenticated user elevated privileges on the SQL database, which would allow an authenticated user to modify drug libraries, add and delete users, and change user permissions. According to Smiths-Medical, physical access to the pump is required to install drug library updates. | 2017-02-13 | not yet calculated | CVE-2016-8355 BID MISC |
| smiths-medical -- cadd-solis_medication_safety_software | An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which may allow a man-in-the-middle attacker to gain access to the communication channel between endpoints. | 2017-02-13 | not yet calculated | CVE-2016-8358 BID MISC |
| sogo -- sogo | Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) contact fields. | 2017-02-17 | not yet calculated | CVE-2014-9905 MLIST CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| sogo -- sogo | Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Description, (2) Location, (3) URL, or (4) Title field. | 2017-02-17 | not yet calculated | CVE-2016-6191 MLIST CONFIRM CONFIRM |
| sogo -- sogo | SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users. | 2017-02-17 | not yet calculated | CVE-2016-6190 MLIST CONFIRM CONFIRM CONFIRM |
| sogo -- sogo | Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds. | 2017-02-17 | not yet calculated | CVE-2016-6189 MLIST CONFIRM CONFIRM CONFIRM |
| st_jude_medical -- merlin@home | An issue was discovered in St. Jude Medical Merlin@home, versions prior to Version 8.2.2 (RF models: EX1150; Inductive models: EX1100; and Inductive models: EX1100 with MerlinOnDemand capability). The identities of the endpoints for the communication channel between the transmitter and St. Jude Medical's web site, Merlin.net, are not verified. This may allow a man-in-the-middle attacker to access or influence communications between the identified endpoints. | 2017-02-13 | not yet calculated | CVE-2017-5149 BID MISC |
| tesla -- model_s | An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. The vehicle's Gateway ECU is susceptible to commands that may allow an attacker to install malicious software allowing the attacker to send messages to the vehicle's CAN bus, a Command Injection. | 2017-02-13 | not yet calculated | CVE-2016-9337 BID MISC |
| tre_library_musl_libc -- tre_library_musl_libc | Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write. | 2017-02-13 | not yet calculated | CVE-2016-8859 MLIST MLIST BID |
| unix -- intersect_alliance_snare_epilog | Cross-site scripting (XSS) vulnerability in InterSect Alliance SNARE Epilog for UNIX version 1.5 allows remote authenticated users to inject arbitrary web script or HTML via the str_log_name parameter in a "Web Admin Portal > Log Configuration > Add" action. | 2017-02-17 | not yet calculated | CVE-2017-5998 MISC |
| visonic -- powerlink2 | An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. When a specific URL to an image is accessed, the downloaded image carries with it source code used in the web server (INFORMATION EXPOSURE). | 2017-02-13 | not yet calculated | CVE-2016-5813 BID MISC |
| wago -- wago | An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to edit and to view settings without authenticating. | 2017-02-13 | not yet calculated | CVE-2016-9362 BID MISC |
| wso2 -- wso2_identity_server | Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that process XACML requests via an entitlement/eval-policy-submit.jsp request. | 2017-02-16 | not yet calculated | CVE-2016-4311 MISC MISC BUGTRAQ BID EXPLOIT-DB |
| wso2 -- wso2_identity_server | XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery (SSRF) attacks, or have unspecified other impact via a crafted XACML request to entitlement/eval-policy-submit.jsp. NOTE: this issue can be combined with CVE-2016-4311 to exploit the vulnerability without credentials. | 2017-02-16 | not yet calculated | CVE-2016-4312 MISC MISC BUGTRAQ BID CONFIRM EXPLOIT-DB |
| xen -- xen | The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access. | 2017-02-16 | not yet calculated | CVE-2016-9637 BID SECTRACK CONFIRM CONFIRM |
| zabbix -- zabbix | SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php. | 2017-02-16 | not yet calculated | CVE-2016-10134 MLIST MLIST BID CONFIRM CONFIRM |
| zend_framework -- zend_framework | The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression. | 2017-02-16 | not yet calculated | CVE-2016-6233 BID CONFIRM FEDORA FEDORA FEDORA |
| zend_framework -- zend_framework | The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation. | 2017-02-16 | not yet calculated | CVE-2016-4861 JVN JVNDB CONFIRM FEDORA FEDORA FEDORA |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System http://ift.tt/2lDjHQY