Vulnerability Summary for the Week of December 19, 2016
Released
Dec 26, 2016
Document ID
SB16-361
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| blackberry -- good_enterprise_mobility_server | A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS server via commands executed on the Karaf command shell. | 2016-12-16 | 8.5 | CVE-2016-3129 CONFIRM BID |
| bundler -- bundler | Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334. | 2016-12-22 | 7.5 | CVE-2016-7954 MISC MLIST MLIST MLIST BID CONFIRM CONFIRM CONFIRM |
| canonical -- ubuntu_linux | An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code. | 2016-12-16 | 9.3 | CVE-2016-9949 BID MISC MISC MISC |
| canonical -- ubuntu_linux | An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system. | 2016-12-16 | 9.3 | CVE-2016-9950 BID MISC MISC MISC |
| dotcms -- dotcms | SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1. | 2016-12-19 | 7.5 | CVE-2016-2355 CONFIRM BID CONFIRM |
| microsoft -- edge | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability." | 2016-12-20 | 7.6 | CVE-2016-7181 MS BID SECTRACK |
| microsoft -- windows_server_2008 | The Graphics Component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | 2016-12-20 | 7.2 | CVE-2016-7259 MISC MS BUGTRAQ BID |
| microsoft -- windows_server_2008 | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | 2016-12-20 | 7.2 | CVE-2016-7260 MS BID |
| microsoft -- excel_for_mac | Microsoft Excel for Mac 2011 and Excel 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | 2016-12-20 | 9.3 | CVE-2016-7263 MS BID SECTRACK |
| microsoft -- windows_server_2008 | The Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Remote Code Execution Vulnerability." | 2016-12-20 | 9.3 | CVE-2016-7272 MS BID SECTRACK MISC |
| microsoft -- windows_10 | The Graphics component in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Remote Code Execution Vulnerability." | 2016-12-20 | 9.3 | CVE-2016-7273 MS BID SECTRACK |
| microsoft -- windows_server_2008 | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability." | 2016-12-20 | 9.3 | CVE-2016-7274 MS BID |
| microsoft -- office | Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability." | 2016-12-20 | 7.2 | CVE-2016-7275 MS BID SECTRACK |
| microsoft -- office | Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | 2016-12-20 | 9.3 | CVE-2016-7277 MS BID SECTRACK |
| microsoft -- internet_explorer | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." | 2016-12-20 | 7.6 | CVE-2016-7279 MS MS BID SECTRACK |
| microsoft -- internet_explorer | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | 2016-12-20 | 9.3 | CVE-2016-7283 MS BID SECTRACK |
| microsoft -- edge | The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7288, CVE-2016-7296, and CVE-2016-7297. | 2016-12-20 | 7.6 | CVE-2016-7286 MS BID SECTRACK |
| microsoft -- edge | The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." | 2016-12-20 | 7.6 | CVE-2016-7287 MS MS BID SECTRACK |
| microsoft -- edge | The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7296, and CVE-2016-7297. | 2016-12-20 | 7.6 | CVE-2016-7288 MS BID SECTRACK |
| microsoft -- publisher | Microsoft Publisher 2010 SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | 2016-12-20 | 9.3 | CVE-2016-7289 MS BID SECTRACK |
| microsoft -- windows_server_2016 | The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Installer Elevation of Privilege Vulnerability." | 2016-12-20 | 7.2 | CVE-2016-7292 MS BID SECTRACK |
| microsoft -- edge | The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7288, and CVE-2016-7297. | 2016-12-20 | 7.6 | CVE-2016-7296 MS BID SECTRACK |
| microsoft -- edge | The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7288, and CVE-2016-7296. | 2016-12-20 | 7.6 | CVE-2016-7297 MS BID SECTRACK |
| microsoft -- word_viewer | Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | 2016-12-20 | 9.3 | CVE-2016-7298 MS BID SECTRACK |
| nvidia -- gpu_driver | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where multiple pointers are used without checking for NULL, leading to denial of service or potential escalation of privileges. | 2016-12-16 | 7.2 | CVE-2016-8813 CONFIRM BID |
| nvidia -- gpu_driver | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where multiple pointers are used without checking for NULL, leading to denial of service or potential escalation of privileges. | 2016-12-16 | 7.2 | CVE-2016-8814 CONFIRM BID |
| nvidia -- gpu_driver | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the index to an array, leading to denial of service or potential escalation of privileges. | 2016-12-16 | 7.2 | CVE-2016-8815 CONFIRM BID |
| nvidia -- gpu_driver | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the index to an array, leading to denial of service or potential escalation of privileges. | 2016-12-16 | 7.2 | CVE-2016-8816 CONFIRM BID |
| nvidia -- gpu_driver | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the size input to memcpy(), causing a buffer overflow, leading to denial of service or potential escalation of privileges. | 2016-12-16 | 7.2 | CVE-2016-8817 CONFIRM BID |
| nvidia -- gpu_driver | All versions of NVIDIA Windows GPU Display contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a pointer passed from a user to the driver is used without validation, leading to denial of service or potential escalation of privileges. | 2016-12-16 | 7.2 | CVE-2016-8818 CONFIRM BID |
| nvidia -- gpu_driver | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a handle to a kernel object may be returned to the user, leading to possible denial of service or escalation of privileges. | 2016-12-16 | 7.2 | CVE-2016-8819 CONFIRM BID |
| nvidia -- gpu_driver | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where improper access controls may allow a user to access arbitrary physical memory, leading to an escalation of privileges. | 2016-12-16 | 7.2 | CVE-2016-8821 CONFIRM BID |
| nvidia -- gpu_driver | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000E, 0x600000F, and 0x6000010 where a value passed from a user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges. | 2016-12-16 | 7.2 | CVE-2016-8822 CONFIRM BID |
| nvidia -- gpu_driver | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where the size of an input buffer is not validated leading to a denial of service or possible escalation of privileges | 2016-12-16 | 7.2 | CVE-2016-8823 CONFIRM BID MISC |
| nvidia -- gpu_driver | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where improper access controls allow a regular user to write a part of the registry intended for privileged users only, leading to escalation of privileges. | 2016-12-16 | 7.2 | CVE-2016-8824 CONFIRM BID |
| nvidia -- gpu_driver | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges. | 2016-12-16 | 7.2 | CVE-2016-8825 CONFIRM BID |
| samsung -- samsung_mobile | Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7119. | 2016-12-16 | 10.0 | CVE-2016-9965 CONFIRM BID |
| samsung -- samsung_mobile | Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7120. | 2016-12-16 | 10.0 | CVE-2016-9966 CONFIRM BID |
| samsung -- samsung_mobile | Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7121. | 2016-12-16 | 10.0 | CVE-2016-9967 CONFIRM BID |
| siemens -- simatic_s7-300_cpu_firmware | A vulnerability in SIEMENS SIMATIC S7-300 PN CPUs (all versions including V3.2.12) and SIMATIC S7-400 PN CPUs (V6 and V7) could allow a remote attacker to cause a Denial of Service condition by sending specially crafted packets to port 80/TCP. | 2016-12-16 | 7.8 | CVE-2016-9158 BID CONFIRM MISC |
| technicolor -- xfinity_gateway_router_dpc3941t_firmware | CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco dpc3941T) devices with firmware dpc3941-P20-18-v303r20421733-160413a-CMCST allows an attacker to change the Wi-Fi password, open the remote management interface, or reset the router. | 2016-12-16 | 7.9 | CVE-2016-7454 BID MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apport_project -- apport | An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK. | 2016-12-16 | 4.3 | CVE-2016-9951 BID MISC MISC MISC |
| bmc -- remedy_action_request_system | Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password. | 2016-12-21 | 5.0 | CVE-2016-2349 BID CONFIRM |
| bottlepy -- bottle | redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call. | 2016-12-16 | 4.3 | CVE-2016-9964 BID CONFIRM CONFIRM |
| debian -- debian_linux | An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key. | 2016-12-16 | 5.0 | CVE-2013-1430 BID CONFIRM CONFIRM |
| ffmpeg -- ffmpeg | The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file. | 2016-12-23 | 6.8 | CVE-2016-6671 MLIST BID |
| ffmpeg -- ffmpeg | The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file. | 2016-12-23 | 4.3 | CVE-2016-6881 MLIST BID |
| ffmpeg -- ffmpeg | The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure. | 2016-12-23 | 4.3 | CVE-2016-7122 MLIST BID |
| ffmpeg -- ffmpeg | The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file. | 2016-12-23 | 6.8 | CVE-2016-7450 MLIST BID |
| ffmpeg -- ffmpeg | The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode. | 2016-12-23 | 6.8 | CVE-2016-7502 MLIST BID |
| ffmpeg -- ffmpeg | The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure. | 2016-12-23 | 4.3 | CVE-2016-7555 MLIST BID |
| ffmpeg -- ffmpeg | The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file. | 2016-12-23 | 4.3 | CVE-2016-7562 MLIST BID |
| ffmpeg -- ffmpeg | The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. | 2016-12-23 | 4.3 | CVE-2016-7785 MLIST BID |
| ffmpeg -- ffmpeg | The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file. | 2016-12-23 | 4.3 | CVE-2016-7905 MLIST BID |
| ffmpeg -- ffmpeg | The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. | 2016-12-23 | 4.3 | CVE-2016-8595 MLIST BID |
| ffmpeg -- ffmpeg | The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file. | 2016-12-23 | 4.3 | CVE-2016-9561 MLIST BID |
| google -- chrome | Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages. | 2016-12-17 | 4.3 | CVE-2016-5181 BID CONFIRM CONFIRM CONFIRM |
| google -- chrome | Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages. | 2016-12-17 | 6.8 | CVE-2016-5182 BID CONFIRM CONFIRM |
| google -- chrome | A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files. | 2016-12-17 | 6.8 | CVE-2016-5183 BID CONFIRM CONFIRM CONFIRM |
| google -- chrome | PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files. | 2016-12-17 | 6.8 | CVE-2016-5184 BID CONFIRM CONFIRM |
| google -- chrome | Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages. | 2016-12-17 | 6.8 | CVE-2016-5185 BID CONFIRM CONFIRM |
| google -- chrome | Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files. | 2016-12-17 | 6.8 | CVE-2016-5186 BID CONFIRM CONFIRM |
| google -- chrome | Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages. | 2016-12-17 | 4.3 | CVE-2016-5187 BID CONFIRM CONFIRM |
| google -- chrome | Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages. | 2016-12-17 | 4.3 | CVE-2016-5188 BID CONFIRM CONFIRM |
| google -- chrome | Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages. | 2016-12-17 | 4.3 | CVE-2016-5189 BID CONFIRM CONFIRM |
| google -- chrome | Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages. | 2016-12-17 | 6.8 | CVE-2016-5190 BID CONFIRM CONFIRM |
| google -- chrome | Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:payload@example.com URL. | 2016-12-17 | 4.3 | CVE-2016-5191 BID CONFIRM CONFIRM CONFIRM |
| google -- chrome | Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages. | 2016-12-17 | 4.3 | CVE-2016-5192 BID CONFIRM CONFIRM |
| google -- chrome | Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages. | 2016-12-17 | 4.3 | CVE-2016-5193 BID CONFIRM CONFIRM |
| google -- android | The non-existent notification listener vulnerability was introduced in the initial Android 5.0.2 builds for the Samsung Galaxy S6 Edge devices, but the vulnerability can persist on the device even after the device has been upgraded to an Android 5.1.1 or 6.0.1 build. The vulnerable system app gives a non-existent app the ability to read the notifications from the device, which a third-party app can utilize if it uses a package name of com.samsung.android.app.portalservicewidget. This vulnerability allows an unprivileged third-party app to obtain the text of the user's notifications, which tend to contain personal data. | 2016-12-23 | 4.3 | CVE-2016-6910 MISC |
| horde -- groupware | Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink attribute. | 2016-12-20 | 4.3 | CVE-2016-5303 MLIST MLIST BID CONFIRM CONFIRM |
| image-info_project -- image-info_for_perl | perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or, potentially, information disclosure. | 2016-12-22 | 5.8 | CVE-2016-9181 MLIST BID miscellaneous |
| joomla -- joomla! | An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view allow users to view articles that should not be publicly accessible, as demonstrated by an index.php?option=com_content&view=article&id=1&template=beez3 request. | 2016-12-16 | 5.0 | CVE-2016-9837 BID CONFIRM |
| joomla -- joomla! | An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group mappings, username, and password, as demonstrated by submitting a form that targets the `registration.register` task. | 2016-12-16 | 5.0 | CVE-2016-9838 BID CONFIRM |
| lynx -- lynx | lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host. | 2016-12-22 | 5.0 | CVE-2016-9179 MLIST BID |
| microsoft -- edge | Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7280. | 2016-12-20 | 4.3 | CVE-2016-7206 MS BID SECTRACK |
| microsoft -- windows_server_2008 | The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability." | 2016-12-20 | 4.3 | CVE-2016-7257 MS MS BID SECTRACK SECTRACK |
| microsoft -- excel | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka "Microsoft Office Security Feature Bypass Vulnerability." | 2016-12-20 | 6.8 | CVE-2016-7262 MS BID SECTRACK |
| microsoft -- excel_for_mac | Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability." | 2016-12-20 | 5.8 | CVE-2016-7264 MS BID SECTRACK |
| microsoft -- excel | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability." | 2016-12-20 | 5.8 | CVE-2016-7265 MS BID SECTRACK |
| microsoft -- excel | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka "Microsoft Office Security Feature Bypass Vulnerability." | 2016-12-20 | 6.8 | CVE-2016-7266 MS BID SECTRACK |
| microsoft -- excel | Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses file formats, which makes it easier for remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability." | 2016-12-20 | 4.3 | CVE-2016-7267 MS BID SECTRACK |
| microsoft -- word_for_mac | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability." | 2016-12-20 | 5.8 | CVE-2016-7268 MS BID SECTRACK |
| microsoft -- .net_framework | The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure Vulnerability." | 2016-12-20 | 5.0 | CVE-2016-7270 MS BID SECTRACK |
| microsoft -- windows_10 | The Secure Kernel Mode implementation in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to bypass the virtual trust level (VTL) protection mechanism via a crafted application, aka "Secure Kernel Mode Elevation of Privilege Vulnerability." | 2016-12-20 | 4.6 | CVE-2016-7271 MS BID |
| microsoft -- office | Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability." | 2016-12-20 | 5.8 | CVE-2016-7276 MS BID SECTRACK |
| microsoft -- edge | Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7206. | 2016-12-20 | 4.3 | CVE-2016-7280 MS BID SECTRACK |
| microsoft -- internet_explorer | Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability." | 2016-12-20 | 4.3 | CVE-2016-7282 MS MS BID SECTRACK |
| microsoft -- internet_explorer | Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." | 2016-12-20 | 4.3 | CVE-2016-7284 MS BID SECTRACK |
| microsoft -- word_for_mac | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7291. | 2016-12-20 | 5.8 | CVE-2016-7290 MS BID SECTRACK |
| microsoft -- word_for_mac | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7290. | 2016-12-20 | 5.8 | CVE-2016-7291 MS BID SECTRACK |
| microsoft -- auto_updater_for_mac | Untrusted search path vulnerability in Microsoft Auto Updater for Mac allows local users to gain privileges via a Trojan horse executable file, aka "Microsoft (MAU) Office Elevation of Privilege Vulnerability." | 2016-12-20 | 4.6 | CVE-2016-7300 MS BID SECTRACK |
| netapp -- snap_creator_framework | NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user. | 2016-12-21 | 5.0 | CVE-2016-7172 BID CONFIRM |
| nvidia -- gpu_driver | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a check on a function return value is missing, potentially allowing an uninitialized value to be used as the source of a strcpy() call, leading to denial of service or information disclosure. | 2016-12-16 | 5.6 | CVE-2016-8820 CONFIRM BID |
| nvidia -- gpu_driver | All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) where a user can cause a GPU interrupt storm, leading to a denial of service. | 2016-12-16 | 4.9 | CVE-2016-8826 CONFIRM BID |
| nvidia -- geforce_experience | NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack. | 2016-12-16 | 5.0 | CVE-2016-8827 CONFIRM BID |
| openjpeg -- openjpeg | openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code. | 2016-12-22 | 6.8 | CVE-2016-9675 MLIST BID |
| pivotal_software -- greenplum | An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation of external tables using GPHDFS protocol has a vulnerability whereby arbitrary commands can be injected into the system. In order to exploit this vulnerability the user must have superuser 'gpadmin' access to the system or have been granted GPHDFS protocol permissions in order to create a GPHDFS external table. | 2016-12-16 | 6.5 | CVE-2016-6656 BID CONFIRM |
| pivotal_software -- cloud_foundry_elastic_runtime | An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later. | 2016-12-16 | 5.8 | CVE-2016-6657 BID CONFIRM |
| python-openxml -- python-docx | python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted document. | 2016-12-21 | 6.8 | CVE-2016-5851 MLIST MLIST BID CONFIRM |
| redhat -- enterprise_linux_hpc_node | sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo. | 2016-12-22 | 4.9 | CVE-2016-7091 BID MLIST REDHAT |
| roundcube -- webmail | Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message. | 2016-12-20 | 4.3 | CVE-2016-4552 CONFIRM CONFIRM |
| sap -- solution_manager | Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd requests, aka SAP Security Note 2344524. | 2016-12-19 | 5.0 | CVE-2016-10005 BID MISC |
| siemens -- desigo_web_module_pxa40-w0_firmware | Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U (All firmware versions < V6.00.046) use a pseudo random number generator with insufficient entropy to generate certificates for HTTPS, potentially allowing remote attackers to reconstruct the corresponding private key. | 2016-12-23 | 5.0 | CVE-2016-9154 BID CONFIRM |
| siemens -- simatic_s7-300_cpu_firmware | A vulnerability in SIEMENS SIMATIC S7-300 PN CPUs (all versions including V3.2.12) and SIMATIC S7-400 PN CPUs (all versions including V7) could allow a remote attacker to obtain credentials from the PLC if protection-level 2 is configured on the affected devices. | 2016-12-16 | 4.3 | CVE-2016-9159 BID CONFIRM MISC |
| siemens -- simatic_wincc | A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions. | 2016-12-16 | 5.8 | CVE-2016-9160 BID CONFIRM MISC |
| spip -- spip | SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL. | 2016-12-16 | 4.3 | CVE-2016-9997 BID CONFIRM |
| spip -- spip | SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL. | 2016-12-16 | 4.3 | CVE-2016-9998 BID CONFIRM |
| tiki -- tikiwiki_cms/groupware | Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don't have the input sanitized, related to tiki-setup.php and article_image.php. The impact is XSS. | 2016-12-23 | 4.3 | CVE-2016-9889 CONFIRM |
| xmltwig -- xml-twig_for_perl | perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting. | 2016-12-22 | 6.4 | CVE-2016-9180 MLIST BID miscellaneous |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| microsoft -- windows_server_2008 | The Crypto driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Windows Crypto Driver Information Disclosure Vulnerability." | 2016-12-20 | 2.1 | CVE-2016-7219 MS BID SECTRACK |
| microsoft -- windows_10 | The kernel in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 mishandles page-fault system calls, which allows local users to obtain sensitive information from arbitrary processes via a crafted application, aka "Windows Kernel Memory Address Information Disclosure Vulnerability." | 2016-12-20 | 2.1 | CVE-2016-7258 MS BID |
| microsoft -- internet_explorer | Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Hyperlink Object Library Information Disclosure Vulnerability." | 2016-12-20 | 2.6 | CVE-2016-7278 MS BID SECTRACK |
| microsoft -- internet_explorer | The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Security Feature Bypass Vulnerability." | 2016-12-20 | 2.6 | CVE-2016-7281 MS MS BID SECTRACK |
| microsoft -- windows_server_2016 | The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information from process memory via a crafted application, aka "Windows Common Log File System Driver Information Disclosure Vulnerability." | 2016-12-20 | 2.1 | CVE-2016-7295 MS BID |
| pivotal_software -- cloud_foundry | Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3 allow attackers to gain privileges by accessing UAA logs and subsequently running a specially crafted application that interacts with a configured SAML provider. | 2016-12-23 | 2.6 | CVE-2016-6659 CONFIRM |
| rapid7 -- nexpose | In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag name field. Once this tag is viewed in the Tag Detail page of the Rapid7 Nexpose 6.4.12 UI by another authenticated user, the script is run in that user's browser context. | 2016-12-20 | 3.5 | CVE-2016-9757 BID CONFIRM |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| fedora_project -- kscreenlocker | Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again. | 2016-12-23 | not yet calculated | CVE-2016-2312 FEDORA FEDORA MISC MISC CONFIRM |
| imagemagick_studio -- imagemagick | An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality. | 2016-12-23 | not yet calculated | CVE-2016-8707 MISC |
| kde -- kdesu | A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. | 2016-12-23 | not yet calculated | CVE-2016-7787 SUSE SUSE MLIST BID |
| kde -- kmail | KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed. | 2016-12-23 | not yet calculated | CVE-2016-7968 MLIST BID |
| kde -- kmail | KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled. | 2016-12-23 | not yet calculated | CVE-2016-7967 MLIST BID |
| kde -- kmail | Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content. | 2016-12-23 | not yet calculated | CVE-2016-7966 SUSE DEBIAN MLIST BID FEDORA |
| modx -- revolution | Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/getfiles. | 2016-12-24 | not yet calculated | CVE-2016-10039 CONFIRM CONFIRM |
| modx -- revolution | Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/remove. | 2016-12-24 | not yet calculated | CVE-2016-10038 CONFIRM CONFIRM |
| modx -- revolution | Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist. | 2016-12-24 | not yet calculated | CVE-2016-10037 CONFIRM CONFIRM |
| owasp -- antisamy | In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS. | 2016-12-24 | not yet calculated | CVE-2016-10006 CONFIRM |
| qemu -- chardev_backend_support | Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS. | 2016-12-23 | not yet calculated | CVE-2016-9923 MLIST BID |
| qemu -- cirrus_CLGD_VGA_Emulator | Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. | 2016-12-23 | not yet calculated | CVE-2016-9921 MLIST BID |
| qemu -- USB_EHCI_emulation_support | Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. | 2016-12-23 | not yet calculated | CVE-2016-9911 MLIST BID |
| qemu -- USB_redirector | Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. | 2016-12-23 | not yet calculated | CVE-2016-9907 MLIST BID |
| qemu -- virtio_gpu_device_emulator_support | Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in 'virtio_gpu_resource_destroy'. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host. | 2016-12-23 | not yet calculated | CVE-2016-9912 MLIST BID |
| qemu -- virtio_GPU_device_emulator_support | Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could use this flaw to leak contents of the host memory bytes. | 2016-12-23 | not yet calculated | CVE-2016-9908 MLIST BID |
| tarantool -- msgpuck | An exploitable incorrect return value vulnerability exists in the mp_check function of Tarantool's Msgpuck library 1.0.3. A specially crafted packet can cause the mp_check function to incorrectly return success when trying to check if decoding a map16 packet will read outside the bounds of a buffer, resulting in a denial of service vulnerability. | 2016-12-23 | not yet calculated | CVE-2016-9036 MISC |
| tarantool -- xrow_header_decode_function | An exploitable out-of-bounds array access vulnerability exists in the xrow_header_decode function of Tarantool 1.7.2.0-g8e92715. A specially crafted packet can cause the function to access an element outside the bounds of a global array that is used to determine the type of the specified key's value. This can lead to an out of bounds read within the context of the server. An attacker who exploits this vulnerability can cause a denial of service vulnerability on the server. | 2016-12-23 | not yet calculated | CVE-2016-9037 MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.