Fwd: SB17-051: Vulnerability Summary for the Week of February 13, 2017
RICHARD BARTH
w3hwn at comcast.net
Mon Feb 20 20:41:59 CST 2017
-------- Original Message ----------
From: US-CERT <US-CERT at ncas.us-cert.gov>
To: w3hwn at arrl.net
Date: February 20, 2017 at 2:43 PM
Subject: SB17-051: Vulnerability Summary for the Week of February 13, 2017
[U.S. Department of Homeland Security US-CERT]
National Cyber Awareness System:
SB17-051: Vulnerability Summary for the Week of February 13, 2017 https://www.us-cert.gov/ncas/bulletins/SB17-051
02/20/2017 08:28 AM EST
Original release date: February 20, 2017
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology http://www.nist.gov (NIST) National Vulnerability Database http://nvd.nist.gov (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security http://www.dhs.gov (DHS) National Cybersecurity and Communications Integration Center https://www.us-cert.gov/nccic (NCCIC) / United States Computer Emergency Readiness Team https://www.us-cert.gov (US-CERT). For modified or updated entries, please visit the NVD http://nvd.nist.gov , which contains historical vulnerability information.
The vulnerabilities are based on the CVE http://cve.mitre.org/ vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System http://nvd.nist.gov/cvss.cfm (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
* High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
* Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
* Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info
adobe -- campaign Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability. 2017-02-15 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2968&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2017-2968 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2968
CONFIRM https://helpx.adobe.com/security/products/campaign/apsb17-03.html
CONFIRM https://helpx.adobe.com/security/products/campaign/apsb17-06.html
adobe -- digital_editions Adobe Digital Editions versions 4.5.3 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2017-02-15 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2973&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2017-2973 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2973
CONFIRM https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html
adobe -- flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in a routine related to player shutdown. Successful exploitation could lead to arbitrary code execution. 2017-02-15 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2982&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2017-2982 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2982
CONFIRM https://helpx.adobe.com/security/products/flash-player/apsb17-04.html
adobe -- flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the h264 decoder routine. Successful exploitation could lead to arbitrary code execution. 2017-02-15 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2984&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2017-2984 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2984
CONFIRM https://helpx.adobe.com/security/products/flash-player/apsb17-04.html
adobe -- flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in the ActionScript 3 BitmapData class. Successful exploitation could lead to arbitrary code execution. 2017-02-15 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2985&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2017-2985 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2985
CONFIRM https://helpx.adobe.com/security/products/flash-player/apsb17-04.html
adobe -- flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution. 2017-02-15 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2986&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2017-2986 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2986
CONFIRM https://helpx.adobe.com/security/products/flash-player/apsb17-04.html
adobe -- flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution. 2017-02-15 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2987&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2017-2987 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2987
CONFIRM https://helpx.adobe.com/security/products/flash-player/apsb17-04.html
adobe -- flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Successful exploitation could lead to arbitrary code execution. 2017-02-15 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2988&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2017-2988 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2988
CONFIRM https://helpx.adobe.com/security/products/flash-player/apsb17-04.html
adobe -- flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Successful exploitation could lead to arbitrary code execution. 2017-02-15 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2990&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2017-2990 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2990
CONFIRM https://helpx.adobe.com/security/products/flash-player/apsb17-04.html
adobe -- flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Successful exploitation could lead to arbitrary code execution. 2017-02-15 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2991&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2017-2991 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2991
CONFIRM https://helpx.adobe.com/security/products/flash-player/apsb17-04.html
adobe -- flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution. 2017-02-15 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2992&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2017-2992 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2992
CONFIRM https://helpx.adobe.com/security/products/flash-player/apsb17-04.html
adobe -- flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability related to event handlers. Successful exploitation could lead to arbitrary code execution. 2017-02-15 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2993&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2017-2993 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2993
CONFIRM https://helpx.adobe.com/security/products/flash-player/apsb17-04.html
adobe -- flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in Primetime SDK. Successful exploitation could lead to arbitrary code execution. 2017-02-15 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2996&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2017-2996 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2996
CONFIRM https://helpx.adobe.com/security/products/flash-player/apsb17-04.html
advantech -- susiaccess An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could reverse the admin account password for use. 2017-02-13 7.2 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9353&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-9353 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9353
BID http://www.securityfocus.com/bid/94631
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-336-04
advantech -- webaccess An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files. 2017-02-13 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5154&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2017-5154 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5154
BID http://www.securityfocus.com/bid/95410
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01
binom3 -- universal_multifunctional_electric_power_quality_meter_firmware An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration. 2017-02-13 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5162&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2017-5162 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5162
BID http://www.securityfocus.com/bid/93028
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A
binom3 -- universal_multifunctional_electric_power_quality_meter_firmware An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Users do not have any option to change their own passwords. 2017-02-13 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5167&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2017-5167 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5167
BID http://www.securityfocus.com/bid/93028
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A
dotcms -- dotcms An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a new class, SQLUtil (main/java/com/dotmarketing/common/util/SQLUtil.java), as part of the remediation of CVE-2016-8902; however, these can be overcome in the case of the q and inode parameters to the /categoriesServlet path. Overcoming these controls permits a number of blind boolean SQL injection vectors in either parameter. The /categoriesServlet web path can be accessed remotely and without authentication in a default dotCMS deployment. 2017-02-17 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5344&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2017-5344 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5344
MISC http://dotcms.com/security/SI-39
MISC http://seclists.org/fulldisclosure/2017/Feb/34
MISC https://github.com/xdrr/webapp-exploits/blob/master/vendors/dotcms/2017.01.blind-sqli/dotcms-dump.sh
exponentcms -- exponent_cms install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter. 2017-02-13 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7565&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-7565 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7565
MLIST http://www.openwall.com/lists/oss-security/2016/09/22/6
CONFIRM https://exponentcms.lighthouseapp.com/projects/61783/changesets/4ae457ff1bf80e8b61286cd125ca794b25564e86
CONFIRM https://github.com/exponentcms/exponent-cms/commit/4ae457ff1bf80e8b61286cd125ca794b25564e86
freebsd -- freebsd The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to read portions of kernel memory and potentially gain privilege via unspecified vectors, related to "handling of Linux futex robust lists." 2017-02-15 7.2 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-1880&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-1880 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1880
SECTRACK http://www.securitytracker.com/id/1034675
FREEBSD https://www.freebsd.org/security/advisories/FreeBSD-SA-16:03.linux.asc
freebsd -- freebsd The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause a denial of service (crash) or potentially gain privilege via a crafted Linux compatibility layer setgroups system call. 2017-02-15 7.2 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-1881&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-1881 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1881
SECTRACK http://www.securitytracker.com/id/1034676
FREEBSD https://www.freebsd.org/security/advisories/FreeBSD-SA-16:04.linux.asc
freebsd -- freebsd The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors. 2017-02-15 7.2 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-1883&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-1883 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1883
SECTRACK http://www.securitytracker.com/id/1034872
FREEBSD https://www.freebsd.org/security/advisories/FreeBSD-SA-16:10.linux.asc
freebsd -- freebsd Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3, and 11.0 when configured with a large amount of guest memory, allows local users to gain privilege via a crafted device descriptor. 2017-02-15 7.2 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-1889&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-1889 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1889
SECTRACK http://www.securitytracker.com/id/1037400
FREEBSD https://www.freebsd.org/security/advisories/FreeBSD-SA-16:38.bhyve.asc
honeywell -- xl_web_ii_controller An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL. 2017-02-13 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5143&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2017-5143 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5143
BID http://www.securityfocus.com/bid/95971
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01
ibm -- integration_bus IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918. 2017-02-15 8.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9706&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:C) CVE-2016-9706 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9706
CONFIRM http://www.ibm.com/support/docview.wss?uid=swg21997918
ibm -- vios IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053. 2017-02-15 7.2 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-6079&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-6079 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6079
CONFIRM http://aix.software.ibm.com/aix/efixes/security/lquerylv_advisory.asc
BID http://www.securityfocus.com/bid/94090
ibm -- vios IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011. 2017-02-15 7.2 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8972&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-8972 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8972
CONFIRM http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory.asc
BID http://www.securityfocus.com/bid/94979
lynxspring -- jenesys_bas_bridge An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication. 2017-02-13 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8361&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-8361 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8361
BID http://www.securityfocus.com/bid/94344
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01
moxa -- dacenter An issue was discovered in Moxa DACenter Versions 1.4 and older. A specially crafted project file may cause the program to crash because of Uncontrolled Resource Consumption. 2017-02-13 7.1 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9354&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:C) CVE-2016-9354 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9354
BID http://www.securityfocus.com/bid/94891
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-348-02
moxa -- nport_5100_series_firmware An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Administration passwords can be retried without authenticating. 2017-02-13 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9361&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-9361 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9361
BID http://www.securityfocus.com/bid/85965
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02
moxa -- nport_5100_series_firmware An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Buffer overflow vulnerability may allow an unauthenticated attacker to remotely execute arbitrary code. 2017-02-13 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9363&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-9363 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9363
BID http://www.securityfocus.com/bid/85965
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02
moxa -- nport_5100_series_firmware An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. The amount of resources requested by a malicious actor is not restricted, leading to a denial-of-service caused by resource exhaustion. 2017-02-13 7.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9367&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE-2016-9367 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9367
BID http://www.securityfocus.com/bid/85965
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02
moxa -- nport_5100_series_firmware An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Firmware can be updated over the network without authentication, which may allow remote code execution. 2017-02-13 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9369&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-9369 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9369
BID http://www.securityfocus.com/bid/85965
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02
moxa -- softcms An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to crash or excessive consumption of resources could result in a denial-of-service condition. 2017-02-13 7.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9332&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE-2016-9332 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9332
BID http://www.securityfocus.com/bid/94394
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-322-02
nagios -- nagios Nagios 4.2.4 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. 2017-02-15 7.2 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10089&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-10089 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10089
MLIST http://www.openwall.com/lists/oss-security/2016/12/30/6
BID http://www.securityfocus.com/bid/95171
schneider-electric -- powerlogic_pm8ecc_firmware An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device. 2017-02-13 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5818&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-5818 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5818
BID http://www.securityfocus.com/bid/93602
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-292-01
videoinsight -- web_client An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. A SQL Injection vulnerability has been identified, which may allow remote code execution. 2017-02-13 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5151&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2017-5151 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5151
BID http://www.securityfocus.com/bid/95416
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-012-02
vim -- vim vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. 2017-02-10 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5953&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2017-5953 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5953
CONFIRM https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d
CONFIRM https://groups.google.com/forum/#%21topic/vim_dev/t-3RSdEnrHY
wireshark -- wireshark In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory. 2017-02-17 7.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-6014&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE-2017-6014 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6014
CONFIRM https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13416
Back to top https://www.us-cert.gov#top
Medium Vulnerabilities
Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info
adcon_telemetry -- a850_telemetry_gateway_base_station_firmware An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base Station. The Web Interface does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output; this could allow for cross-site scripting. 2017-02-13 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-2274&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-2274 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2274
BID http://www.securityfocus.com/bid/94781
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-343-03
adobe -- campaign Adobe Campaign versions 16.4 Build 8724 and earlier have a cross-site scripting (XSS) vulnerability. 2017-02-15 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2969&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-2969 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2969
CONFIRM https://helpx.adobe.com/security/products/campaign/apsb17-03.html
adobe -- digital_editions Adobe Digital Editions versions 4.5.3 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2017-02-15 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2974&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2017-2974 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2974
CONFIRM https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html
adobe -- digital_editions Adobe Digital Editions versions 4.5.3 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2017-02-15 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2975&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2017-2975 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2975
CONFIRM https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html
adobe -- digital_editions Adobe Digital Editions versions 4.5.3 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2017-02-15 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2976&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2017-2976 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2976
CONFIRM https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html
adobe -- digital_editions Adobe Digital Editions versions 4.5.3 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2017-02-15 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2977&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2017-2977 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2977
CONFIRM https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html
adobe -- digital_editions Adobe Digital Editions versions 4.5.3 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2017-02-15 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2978&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2017-2978 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2978
CONFIRM https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html
adobe -- digital_editions Adobe Digital Editions versions 4.5.3 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2017-02-15 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2979&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2017-2979 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2979
CONFIRM https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html
adobe -- digital_editions Adobe Digital Editions versions 4.5.3 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2017-02-15 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2980&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2017-2980 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2980
CONFIRM https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html
adobe -- digital_editions Adobe Digital Editions versions 4.5.3 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2017-02-15 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2981&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2017-2981 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2981
CONFIRM https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html
adobe -- flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution. 2017-02-15 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2994&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-2994 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2994
CONFIRM https://helpx.adobe.com/security/products/flash-player/apsb17-04.html
adobe -- flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation could lead to arbitrary code execution. 2017-02-15 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2995&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-2995 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2995
CONFIRM https://helpx.adobe.com/security/products/flash-player/apsb17-04.html
advantech -- susiaccess An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. An attacker could traverse the file system and extract files that can result in information disclosure. 2017-02-13 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9349&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2016-9349 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9349
BID http://www.securityfocus.com/bid/94629
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-336-04
advantech -- susiaccess An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file. 2017-02-13 6.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9351&vector=(AV:N/AC:M/Au:S/C:P/I:P/A:P) CVE-2016-9351 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9351
BID http://www.securityfocus.com/bid/94629
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-336-04
advantech -- webaccess An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICATION BYPASS). 2017-02-13 6.4 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5152&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:N) CVE-2017-5152 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5152
BID http://www.securityfocus.com/bid/95410
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01
artifex -- mupdf The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file. 2017-02-15 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8674&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-8674 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8674
CONFIRM http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=1e03c06456d997435019fb3526fa2d4be7dbc6ec
MLIST http://www.openwall.com/lists/oss-security/2016/10/16/8
BID http://www.securityfocus.com/bid/93127
MISC https://blogs.gentoo.org/ago/2016/09/22/mupdf-use-after-free-in-pdf_to_num-pdf-object-c/
CONFIRM https://bugs.ghostscript.com/show_bug.cgi?id=697015
CONFIRM https://bugs.ghostscript.com/show_bug.cgi?id=697019
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1385685
artifex -- mupdf Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image. 2017-02-15 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5896&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2017-5896 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5896
CONFIRM http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27
MLIST http://www.openwall.com/lists/oss-security/2017/02/06/3
MLIST http://www.openwall.com/lists/oss-security/2017/02/07/1
BID http://www.securityfocus.com/bid/96139
CONFIRM https://bugs.ghostscript.com/show_bug.cgi?id=697515
autotrace_project -- autotrace Heap-based buffer overflow in the pstoedit_suffix_table_init function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted bmp image file. 2017-02-15 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7392&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-7392 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7392
MLIST http://www.openwall.com/lists/oss-security/2016/09/10/3
MLIST http://www.openwall.com/lists/oss-security/2016/09/12/7
BID http://www.securityfocus.com/bid/92907
MISC https://blogs.gentoo.org/ago/2016/09/10/autotrace-heap-based-buffer-overflow-in-pstoedit_suffix_table_init-output-pstoedit-c/
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1375255
binom3 -- universal_multifunctional_electric_power_quality_meter_firmware An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Input sent from a malicious client is not properly verified by the server. An attacker can execute arbitrary script code in another user's browser session (CROSS-SITE SCRIPTING). 2017-02-13 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5164&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-5164 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5164
BID http://www.securityfocus.com/bid/93028
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A
binom3 -- universal_multifunctional_electric_power_quality_meter_firmware An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. There is no CSRF Token generated per page and/or per (sensitive) function. Successful exploitation of this vulnerability can allow silent execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration. 2017-02-13 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5165&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-5165 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5165
BID http://www.securityfocus.com/bid/93028
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A
binom3 -- universal_multifunctional_electric_power_quality_meter_firmware An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. An INFORMATION EXPOSURE flaw can be used to gain privileged access to the device. 2017-02-13 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5166&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2017-5166 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5166
BID http://www.securityfocus.com/bid/93028
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A
bubblewrap_project -- bubblewrap Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket. 2017-02-13 6.9 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8659&vector=(AV:L/AC:M/Au:N/C:C/I:C/A:C) CVE-2016-8659 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8659
MLIST http://www.openwall.com/lists/oss-security/2016/10/12/5
MLIST http://www.openwall.com/lists/oss-security/2016/10/13/4
BID http://www.securityfocus.com/bid/93542
CONFIRM https://github.com/projectatomic/bubblewrap/issues/107
fatek -- automation_pm_designer An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. Sending additional valid packets could allow the attacker to cause a crash or to execute arbitrary code, because of Improper Restriction of Operations within the Bounds of a Memory Buffer. 2017-02-13 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5796&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-5796 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5796
BID http://www.securityfocus.com/bid/93105
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-287-06
fatek -- automation_pm_designer An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. By sending additional valid packets, an attacker could trigger a stack-based buffer overflow and cause a crash. Also, a malicious attacker can trigger a remote buffer overflow on the Fatek Communication Server. 2017-02-13 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5798&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-5798 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5798
BID http://www.securityfocus.com/bid/93105
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-287-06
fedoraproject -- fedora slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash. 2017-02-15 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-6866&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-6866 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6866
CONFIRM http://git.suckless.org/slock/commit/?id=d8bec0f6fdc8a246d78cb488a0068954b46fcb29
MISC http://s1m0n.dft-labs.eu/files/slock/slock.txt
MLIST http://www.openwall.com/lists/oss-security/2016/08/18/22
MLIST http://www.openwall.com/lists/oss-security/2016/08/18/24
BID http://www.securityfocus.com/bid/92546
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FYPV6QQPPYBL3Z2BYNYEJB67FSC55OR/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZPEJQNVODYSI4WQXM5GQKXRO7TPK2VG/
fedoraproject -- fedora regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free. 2017-02-16 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5357&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2017-5357 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5357
MLIST http://www.openwall.com/lists/oss-security/2017/01/12/5
MLIST http://www.openwall.com/lists/oss-security/2017/01/12/6
MLIST http://www.openwall.com/lists/oss-security/2017/01/12/7
MLIST http://www.openwall.com/lists/oss-security/2017/01/13/3
BID http://www.securityfocus.com/bid/95422
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVH54XNZ77ICNBJTPI2DLJYQTA3SYSFC/
MLIST https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html
freebsd -- freebsd The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows remote attackers to inject arguments to login and bypass authentication via vectors involving a "sequence of memory allocation failures." 2017-02-15 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-1888&vector=(AV:N/AC:L/Au:N/C:N/I:P/A:N) CVE-2016-1888 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1888
SECTRACK http://www.securitytracker.com/id/1037399
FREEBSD https://www.freebsd.org/security/advisories/FreeBSD-SA-16:36.telnetd.asc
gnu -- glibc Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures. 2017-02-16 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5417&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-5417 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5417
MLIST http://www.openwall.com/lists/oss-security/2016/08/02/5
BID http://www.securityfocus.com/bid/92257
CONFIRM https://sourceware.org/bugzilla/show_bug.cgi?id=19257
CONFIRM https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2212c1420c92a33b0e0bd9a34938c9814a56c0f7
MLIST https://www.sourceware.org/ml/libc-alpha/2016-08/msg00212.html
google -- chrome Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. 2017-02-17 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5006&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-5006 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5006
BID http://www.securityfocus.com/bid/95792
CONFIRM https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/673170
google -- chrome Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. 2017-02-17 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5007&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-5007 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5007
BID http://www.securityfocus.com/bid/95792
CONFIRM https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/671102
google -- chrome Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. 2017-02-17 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5008&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-5008 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5008
BID http://www.securityfocus.com/bid/95792
CONFIRM https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/668552
google -- chrome WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2017-02-17 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5009&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-5009 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5009
BID http://www.securityfocus.com/bid/95792
CONFIRM https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/667504
google -- chrome Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. 2017-02-17 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5010&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-5010 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5010
BID http://www.securityfocus.com/bid/95792
CONFIRM https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/663476
google -- chrome Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem contents via a crafted HTML page. 2017-02-17 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5011&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2017-5011 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5011
BID http://www.securityfocus.com/bid/95792
CONFIRM https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/662859
google -- chrome A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2017-02-17 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5012&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-5012 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5012
BID http://www.securityfocus.com/bid/95792
CONFIRM https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/681843
google -- chrome Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2017-02-17 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5013&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-5013 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5013
BID http://www.securityfocus.com/bid/95792
CONFIRM https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/677716
google -- chrome Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. 2017-02-17 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5014&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-5014 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5014
BID http://www.securityfocus.com/bid/95792
CONFIRM https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/675332
google -- chrome Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. 2017-02-17 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5015&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-5015 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5015
BID http://www.securityfocus.com/bid/95792
CONFIRM https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/673971
google -- chrome Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a remote attacker to show certain UI elements on a page they don't control via a crafted HTML page. 2017-02-17 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5016&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-5016 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5016
BID http://www.securityfocus.com/bid/95792
CONFIRM https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/673163
google -- chrome A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2017-02-17 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5019&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-5019 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5019
BID http://www.securityfocus.com/bid/95792
CONFIRM https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/666714
google -- chrome Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page. 2017-02-17 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5020&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-5020 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5020
BID http://www.securityfocus.com/bid/95792
CONFIRM https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/668653
google -- chrome Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page. 2017-02-17 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5022&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-5022 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5022
BID http://www.securityfocus.com/bid/95792
CONFIRM https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/663620
google -- chrome Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit a near null dereference via a crafted HTML page. 2017-02-17 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5023&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2017-5023 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5023
BID http://www.securityfocus.com/bid/95792
CONFIRM https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/651443
google -- chrome FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file. 2017-02-17 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5025&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2017-5025 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5025
BID http://www.securityfocus.com/bid/95792
CONFIRM https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/643950
google -- chrome Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don't control via a crafted HTML page. 2017-02-17 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5026&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-5026 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5026
BID http://www.securityfocus.com/bid/95792
CONFIRM https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/634108
google -- chrome Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page. 2017-02-17 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5027&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-5027 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5027
CONFIRM https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/661126
gosa_project -- gosa_plugin Cross-site scripting (XSS) vulnerability in the displayLogin function in html/index.php in GOsa allows remote attackers to inject arbitrary web script or HTML via the username. 2017-02-13 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9760&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2014-9760 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9760
MLIST http://www.openwall.com/lists/oss-security/2016/01/15/11
CONFIRM https://github.com/gosa-project/gosa-core/commit/e35b990464a2c2cf64d6833a217ed944876e7732
graphicsmagick -- graphicsmagick The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header. 2017-02-15 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8682&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-8682 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8682
CONFIRM http://hg.code.sf.net/p/graphicsmagick/code/rev/0a0dfa81906d
SUSE http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html
DEBIAN http://www.debian.org/security/2016/dsa-3746
MLIST http://www.openwall.com/lists/oss-security/2016/10/16/6
BID http://www.securityfocus.com/bid/93597
MISC https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-stack-based-buffer-overflow-in-readsctimage-sct-c/
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1385583
graphicsmagick -- graphicsmagick The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file." 2017-02-15 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8683&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-8683 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8683
CONFIRM http://hg.code.sf.net/p/graphicsmagick/code/rev/b9edafd479b9
SUSE http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html
DEBIAN http://www.debian.org/security/2016/dsa-3746
MLIST http://www.openwall.com/lists/oss-security/2016/10/16/7
BID http://www.securityfocus.com/bid/93600
MISC https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-memory-allocation-failure-in-readpcximage-pcx-c/
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1385583
graphicsmagick -- graphicsmagick The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file." 2017-02-15 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8684&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-8684 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8684
CONFIRM http://hg.code.sf.net/p/graphicsmagick/code/rev/c53725cb5449
SUSE http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html
DEBIAN http://www.debian.org/security/2016/dsa-3746
MLIST http://www.openwall.com/lists/oss-security/2016/10/16/15
BID http://www.securityfocus.com/bid/93779
MISC https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-memory-allocation-failure-in-magickmalloc-memory-c/
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1385583
honeywell -- xl_web_ii_controller An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password. 2017-02-13 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5139&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2017-5139 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5139
BID http://www.securityfocus.com/bid/95971
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01
honeywell -- xl_web_ii_controller An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text. 2017-02-13 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5140&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2017-5140 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5140
BID http://www.securityfocus.com/bid/95971
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01
honeywell -- xl_web_ii_controller An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated sessions (SESSION FIXATION). 2017-02-13 6.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5141&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P) CVE-2017-5141 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5141
BID http://www.securityfocus.com/bid/95971
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01
honeywell -- xl_web_ii_controller An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management. 2017-02-13 6.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5142&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P) CVE-2017-5142 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5142
BID http://www.securityfocus.com/bid/95971
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01
ibm -- aix IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system. IBM APARs: IV91488, IV91487, IV91456, IV90234. 2017-02-15 4.9 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8944&vector=(AV:L/AC:L/Au:N/C:N/I:N/A:C) CVE-2016-8944 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8944
CONFIRM http://aix.software.ibm.com/aix/efixes/security/sysproc_advisory.asc
BID http://www.securityfocus.com/bid/95888
ibm -- cognos_disclosure_management IBM Cognos Disclosure Management 10.2 could allow a malicious attacker to execute commands as a lower privileged user that opens a malicious document. IBM Reference #: 1991584. 2017-02-15 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-6077&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-6077 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6077
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21991584
BID http://www.securityfocus.com/bid/93829
ibm -- integration_bus IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM Reference #: 1997906. 2017-02-15 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9010&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-9010 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9010
CONFIRM http://www.ibm.com/support/docview.wss?uid=swg21997906
ibm -- rational_requirements_composer An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 could allow a JazzGuest user to see project names. IBM Reference #: 1995547. 2017-02-15 4.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-6060&vector=(AV:N/AC:L/Au:S/C:P/I:N/A:N) CVE-2016-6060 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6060
CONFIRM http://www.ibm.com/support/docview.wss?uid=swg21995547
kabona_ab -- webdatorcentral An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. The web server URL inputs are not sanitized correctly, which may allow cross-site scripting vulnerabilities. 2017-02-13 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8356&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-8356 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8356
BID http://www.securityfocus.com/bid/93547
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-287-07
kabona_ab -- webdatorcentral An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. This non-validated redirect/non-validated forward (OPEN REDIRECT) allows chaining with authenticated vulnerabilities. 2017-02-13 5.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8376&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N) CVE-2016-8376 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8376
BID http://www.securityfocus.com/bid/93547
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-287-07
libav -- libav Heap-based buffer overflow in the ff_audio_resample function in resample.c in libav before 11.4 allows remote attackers to cause a denial of service (crash) via vectors related to buffer resizing. 2017-02-15 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-6832&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-6832 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6832
MLIST http://www.openwall.com/lists/oss-security/2016/08/13/1
MLIST http://www.openwall.com/lists/oss-security/2016/08/18/1
MISC https://blogs.gentoo.org/ago/2016/08/07/libav-heap-based-buffer-overflow-in-ff_audio_resample-resample-c/
CONFIRM https://bugzilla.libav.org/show_bug.cgi?id=825
CONFIRM https://git.libav.org/?p=libav.git;a=commit;h=0ac8ff618c5e6d878c547a8877e714ed728950ce
libav -- libav Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. 2017-02-15 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7393&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-7393 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7393
MLIST http://www.openwall.com/lists/oss-security/2016/09/10/5
BID http://www.securityfocus.com/bid/92902
MISC https://blogs.gentoo.org/ago/2016/08/20/libav-stack-based-buffer-overflow-in-aac_sync-aac_parser-c/
CONFIRM https://git.libav.org/?p=libav.git;a=commit;h=fb1473080223a634b8ac2cca48a632d037a0a69d
libav -- libav The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted mp3 file. NOTE: this issue was originally reported as involving a NULL pointer dereference. 2017-02-15 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7477&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-7477 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7477
MLIST http://www.openwall.com/lists/oss-security/2016/09/21/6
BID http://www.securityfocus.com/bid/93042
MISC https://blogs.gentoo.org/ago/2016/09/20/libav-null-pointer-dereference-in-ff_put_pixels8_xy2_mmx-rnd_template-c/
libav -- libav The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file. 2017-02-15 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7499&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-7499 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7499
MLIST http://www.openwall.com/lists/oss-security/2016/09/21/9
BID http://www.securityfocus.com/bid/93102
MISC https://blogs.gentoo.org/ago/2016/09/21/libav-divide-by-zero-in-sbr_make_f_master-aacsbr-c/
CONFIRM https://git.libav.org/?p=libav.git;a=blobdiff;f=libavcodec/aacsbr.c;h=7d156e525b40b197c38db17acf16730845b91e56;hp=dbfb1677813ce6c531e4362d0be7ccf9fdfdd28e;hb=a50a5ff29ec5a8243499769e2bb9b5509ce9fd52;hpb=f55e3ff5891daf3d538b4d9176371960200d68fa
libav -- libav The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file, possibly related to startcode sequences during m4v detection. 2017-02-15 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8675&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-8675 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8675
MLIST http://www.openwall.com/lists/oss-security/2016/10/16/13
BID http://www.securityfocus.com/bid/93468
MISC https://blogs.gentoo.org/ago/2016/09/07/libav-null-pointer-dereference-in-get_vlc2_get_bits_h/
CONFIRM https://github.com/libav/libav/commit/e5b019725f53b79159931d3a7317107cbbfd0860
libav -- libav The get_vlc2 function in get_bits.h in Libav 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file. NOTE: this issue exists due to an incomplete fix for CVE-2016-8675. 2017-02-15 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8676&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-8676 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8676
MLIST http://www.openwall.com/lists/oss-security/2016/10/16/13
MLIST http://www.openwall.com/lists/oss-security/2016/12/04/3
BID http://www.securityfocus.com/bid/93468
MISC https://blogs.gentoo.org/ago/2016/09/07/libav-null-pointer-dereference-in-get_vlc2_get_bits_h/
MISC https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/
libdwarf_project -- libdwarf libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file. 2017-02-13 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-8750&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2015-8750 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8750
MLIST http://www.openwall.com/lists/oss-security/2016/01/07/11
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1294264
CONFIRM https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697
libming -- libming The _iprintf function in outputtxt.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (buffer over-read) via a crafted SWF file. 2017-02-16 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9827&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-9827 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9827
MLIST http://www.openwall.com/lists/oss-security/2016/12/01/7
MLIST http://www.openwall.com/lists/oss-security/2016/12/05/2
BID http://www.securityfocus.com/bid/95086
MISC https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-_iprintf-outputtxt-c/
libming -- libming The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SWF file. 2017-02-16 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9828&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-9828 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9828
MLIST http://www.openwall.com/lists/oss-security/2016/12/01/8
MLIST http://www.openwall.com/lists/oss-security/2016/12/05/3
BID http://www.securityfocus.com/bid/94627
MISC https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-null-pointer-dereference-in-dumpbuffer-read-c/
libming -- libming Heap-based buffer overflow in the parseSWF_DEFINEFONT function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file. 2017-02-16 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9829&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-9829 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9829
MLIST http://www.openwall.com/lists/oss-security/2016/12/01/5
MLIST http://www.openwall.com/lists/oss-security/2016/12/05/4
BID http://www.securityfocus.com/bid/95133
MISC https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_definefont-parser-c/
libming -- libming Heap-based buffer overflow in the parseSWF_RGBA function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file. 2017-02-16 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9831&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-9831 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9831
MLIST http://www.openwall.com/lists/oss-security/2016/12/01/6
MLIST http://www.openwall.com/lists/oss-security/2016/12/05/6
BID http://www.securityfocus.com/bid/94767
MISC https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_rgba-parser-c/
linux -- linux_kernel The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options. 2017-02-14 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5970&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2017-5970 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5970
CONFIRM http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b2cef20f19c87999fff3da4071e66937db9644
MLIST http://www.openwall.com/lists/oss-security/2017/02/12/3
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1421638
CONFIRM https://github.com/torvalds/linux/commit/34b2cef20f19c87999fff3da4071e66937db9644
CONFIRM https://patchwork.ozlabs.org/patch/724136/
lynxspring -- jenesys_bas_bridge An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. A user with read-only access can send commands to the software and the application will accept those commands. This would allow an attacker with read-only access to make changes within the application. 2017-02-13 5.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8357&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:N) CVE-2016-8357 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8357
BID http://www.securityfocus.com/bid/94344
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01
lynxspring -- jenesys_bas_bridge An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request (CROSS-SITE REQUEST FORGERY). 2017-02-13 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8369&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-8369 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8369
BID http://www.securityfocus.com/bid/94344
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01
lynxspring -- jenesys_bas_bridge An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application's database lacks sufficient safeguards for protecting credentials. 2017-02-13 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8378&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2016-8378 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8378
BID http://www.securityfocus.com/bid/94344
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01
mariadb -- mariadb Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3. 2017-02-11 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-3302&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2017-3302 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3302
MISC http://www.openwall.com/lists/oss-security/2017/02/11/11
moxa -- dacenter An issue was discovered in Moxa DACenter Versions 1.4 and older. The application may suffer from an unquoted search path issue. 2017-02-13 4.6 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9356&vector=(AV:L/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-9356 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9356
BID http://www.securityfocus.com/bid/94891
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-348-02
moxa -- nport_5100_series_firmware An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Requests are not verified to be intentionally submitted by the proper user (CROSS-SITE REQUEST FORGERY). 2017-02-13 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9365&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-9365 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9365
BID http://www.securityfocus.com/bid/85965
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02
moxa -- nport_5100_series_firmware An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. An attacker can freely use brute force to determine parameters needed to bypass authentication. 2017-02-13 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9366&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2016-9366 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9366
BID http://www.securityfocus.com/bid/85965
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02
moxa -- nport_5100_series_firmware An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. User-controlled input is not neutralized before being output to web page (CROSS-SITE SCRIPTING). 2017-02-13 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9371&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-9371 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9371
BID http://www.securityfocus.com/bid/85965
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02
moxa -- softcms An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server allowing an attacker to modify memory locations and possibly cause a denial of service or the execution of arbitrary code. 2017-02-13 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8360&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-8360 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8360
BID http://www.securityfocus.com/bid/94394
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-322-02
moxa -- softcms An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. The SoftCMS Application does not properly sanitize input that may allow a remote attacker access to SoftCMS with administrator's privilege through specially crafted input (SQL INJECTION). 2017-02-13 6.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9333&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P) CVE-2016-9333 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9333
BID http://www.securityfocus.com/bid/94394
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-322-02
nitro_software -- nitro_pro A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability. 2017-02-10 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8709&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-8709 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8709
MISC http://www.talosintelligence.com/reports/TALOS-2016-0218/
nitro_software -- nitro_pro A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this vulnerability. 2017-02-10 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8711&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-8711 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8711
MISC http://www.talosintelligence.com/reports/TALOS-2016-0224/
omnimetrix -- omniview An issue was discovered in OmniMetrix OmniView, Version 1.2. The OmniView web application transmits credentials with the HTTP protocol, which could be sniffed by an attacker that may result in the compromise of account credentials. 2017-02-13 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5786&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2016-5786 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5786
BID http://www.securityfocus.com/bid/94937
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-350-02
omnimetrix -- omniview An issue was discovered in OmniMetrix OmniView, Version 1.2. Insufficient password requirements for the OmniView web application may allow an attacker to gain access by brute forcing account passwords. 2017-02-13 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5801&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2016-5801 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5801
BID http://www.securityfocus.com/bid/94937
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-350-02
opensuse_project -- leap Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename. 2017-02-15 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8687&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-8687 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8687
SUSE http://lists.opensuse.org/opensuse-updates/2016-12/msg00027.html
MLIST http://www.openwall.com/lists/oss-security/2016/10/16/11
BID http://www.securityfocus.com/bid/93781
MISC https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-stack-based-buffer-overflow-in-bsdtar_expand_char-util-c/
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1377926
MISC https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a
GENTOO https://security.gentoo.org/glsa/201701-03
opensuse_project -- leap The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c. 2017-02-15 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8688&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-8688 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8688
SUSE http://lists.opensuse.org/opensuse-updates/2016-12/msg00027.html
MLIST http://www.openwall.com/lists/oss-security/2016/10/16/11
BID http://www.securityfocus.com/bid/93781
MISC https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-bid_entry-archive_read_support_format_mtree-c/
MISC https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-detect_form-archive_read_support_format_mtree-c/
MISC https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-memory-corruptionunknown-crash-in-bid_entry-archive_read_support_format_mtree-c/
MISC https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-use-after-free-in-bid_entry-archive_read_support_format_mtree-c/
MISC https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-use-after-free-in-detect_form-archive_read_support_format_mtree-c/
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1377923
CONFIRM https://github.com/libarchive/libarchive/commit/eec077f52bfa2d3f7103b4b74d52572ba8a15aca
GENTOO https://security.gentoo.org/glsa/201701-03
opensuse_project -- leap The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive. 2017-02-15 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8689&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-8689 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8689
SUSE http://lists.opensuse.org/opensuse-updates/2016-12/msg00027.html
MLIST http://www.openwall.com/lists/oss-security/2016/10/16/11
BID http://www.securityfocus.com/bid/93781
MISC https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-read_header-archive_read_support_format_7zip-c/
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1377925
CONFIRM https://github.com/libarchive/libarchive/commit/7f17c791dcfd8c0416e2cd2485b19410e47ef126
GENTOO https://security.gentoo.org/glsa/201701-03
otrs -- otrs Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment. 2017-02-16 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9139&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-9139 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9139
BID http://www.securityfocus.com/bid/94141
CONFIRM https://www.otrs.com/security-advisory-2016-02-security-update-otrs/
python -- openpyxl Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document. 2017-02-15 5.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5992&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:P) CVE-2017-5992 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5992
CONFIRM http://www.openwall.com/lists/oss-security/2017/02/07/5
CONFIRM https://bitbucket.org/openpyxl/openpyxl/commits/3b4905f428e1
CONFIRM https://bitbucket.org/openpyxl/openpyxl/issues/749
CONFIRM https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854442
samsung -- samsung_mobile Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C. 2017-02-13 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-4547&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-4547 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4547
CONFIRM http://security.samsungmobile.com/smrupdate.html#SMR-FEB-2016
MLIST http://www.openwall.com/lists/oss-security/2016/05/06/2
schneider_electric -- homelynk_controller_lss100100_firmware An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of JavaScript code. 2017-02-13 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5157&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-5157 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5157
BID http://www.securityfocus.com/bid/95665
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-019-01
visonic -- powerlink2_firmware An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. User controlled input is not neutralized prior to being placed in web page output (CROSS-SITE SCRIPTING). 2017-02-13 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5811&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-5811 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5811
BID http://www.securityfocus.com/bid/94894
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-348-01
wordpress -- mail_plugin An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail. 2017-02-10 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5942&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-5942 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5942
MISC https://cjc.im/advisories/0006/
wso2 -- carbon Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to downloadgz-ajaxprocessor.jsp. 2017-02-16 4.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-4314&vector=(AV:N/AC:L/Au:S/C:P/I:N/A:N) CVE-2016-4314 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4314
MISC http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-LOCAL-FILE-INCLUSION.txt
MISC http://packetstormsecurity.com/files/138330/WSO2-Carbon-4.4.5-Local-File-Inclusion.html
BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/539200/100/0/threaded
BID http://www.securityfocus.com/bid/92473
CONFIRM https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2016-0098
EXPLOIT-DB https://www.exploit-db.com/exploits/40240/
wso2 -- carbon Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) setName parameter to identity-mgt/challenges-mgt.jsp; the (2) webappType or (3) httpPort parameter to webapp-list/webapp_info.jsp; the (4) dsName or (5) description parameter to ndatasource/newdatasource.jsp; the (6) phase parameter to viewflows/handlers.jsp; or the (7) url parameter to ndatasource/validateconnection-ajaxprocessor.jsp. 2017-02-16 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-4316&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-4316 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4316
MISC http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-PERSISTENT-XSS-COOKIE-THEFT.txt
MISC http://packetstormsecurity.com/files/138331/WSO2-Carbon-4.4.5-Cross-Site-Scripting.html
BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/539201/100/0/threaded
BID http://www.securityfocus.com/bid/92473
EXPLOIT-DB https://www.exploit-db.com/exploits/40241/
wso2 -- enablement_server_for_java Cross-site scripting (XSS) vulnerability in WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. 2017-02-16 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-4327&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-4327 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4327
MISC http://packetstormsecurity.com/files/137073/WSO2-SOA-Enablement-Server-Cross-Site-Scripting.html
BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/538413/100/0/threaded
BID http://www.securityfocus.com/bid/85893
Back to top https://www.us-cert.gov#top
Low Vulnerabilities
Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info
bigtreecms -- bigtree_cms An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. 2017-02-14 3.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10223&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) CVE-2016-10223 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10223
CONFIRM https://github.com/bigtreecms/BigTree-CMS/blob/master/README.md
CONFIRM https://github.com/bigtreecms/BigTree-CMS/commit/59ebef5978f80e2fdc7b4db4a28b668c5a39fbc3
ibm -- rational_collaborative_lifecycle_management IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998515. 2017-02-15 3.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8968&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) CVE-2016-8968 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8968
CONFIRM http://www.ibm.com/support/docview.wss?uid=swg21998515
ibm -- websphere_application_server IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997743 2017-02-13 3.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-1121&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) CVE-2017-1121 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1121
CONFIRM http://www.ibm.com/support/docview.wss?uid=swg21997743
linux -- linux_kernel The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c. 2017-02-14 2.1 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5967&vector=(AV:L/AC:L/Au:N/C:P/I:N/A:N) CVE-2017-5967 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5967
CONFIRM http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=dfb4357da6ddbdf57d583ba64361c9d792b0e0b1
MISC https://bugzilla.kernel.org/show_bug.cgi?id=193921
mcafee -- epolicy_orchestrator Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation. 2017-02-13 3.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-3902&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) CVE-2017-3902 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3902
CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10184
moxa -- nport_5100_series_firmware An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. A configuration file contains parameters that represent passwords in plaintext. 2017-02-13 2.1 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9348&vector=(AV:L/AC:L/Au:N/C:P/I:N/A:N) CVE-2016-9348 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9348
BID http://www.securityfocus.com/bid/85965
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02
samsung -- samsung_mobile Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call. 2017-02-13 2.1 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-4546&vector=(AV:L/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-4546 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4546
CONFIRM http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016
MLIST http://www.openwall.com/lists/oss-security/2016/05/06/1
wso2 -- carbon Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action to server-admin/proxy_ajaxprocessor.jsp. 2017-02-16 3.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-4315&vector=(AV:N/AC:M/Au:S/C:N/I:N/A:P) CVE-2016-4315 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4315
MISC http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-CSRF-DOS.txt
MISC http://packetstormsecurity.com/files/138332/WSO2-Carbon-4.4.5-Cross-Site-Request-Forgery-Denial-Of-Service.html
BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/539202/100/0/threaded
BID http://www.securityfocus.com/bid/92473
CONFIRM https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2016-0101
EXPLOIT-DB https://www.exploit-db.com/exploits/40242/
Back to top https://www.us-cert.gov#top
Severity Not Yet Assigned
Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info
apache_software_foundation -- apache_tomcat
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu. 2017-02-17 not yet calculated CVE-2017-6056 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6056
CONFIRM https://bugs.debian.org/851304
CONFIRM https://bz.apache.org/bugzilla/show_bug.cgi?id=60578
CONFIRM https://lists.debian.org/debian-security-announce/2017/msg00038.html
CONFIRM https://lists.debian.org/debian-security-announce/2017/msg00039.html
artifex_software -- mupdf
An issue was discovered in Artifex Software, Inc. MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. 2017-02-15 not yet calculated CVE-2017-5991 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5991
CONFIRM http://git.ghostscript.com/?p=mupdf.git;h=1912de5f08e90af1d9d0a9791f58ba3afdb9d465
CONFIRM https://bugs.ghostscript.com/show_bug.cgi?id=697500
bd -- alaris
An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit. An unauthorized user with physical access to an affected Alaris PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling the PC unit and accessing the device's flash memory. The Alaris 8015 PC unit, Version 9.7, and the 8000 PC unit store wireless network authentication credentials and other sensitive technical data on internal flash memory. Accessing the internal flash memory of the affected device would require special tools to extract data and carrying out this attack at a healthcare facility would increase the likelihood of detection. 2017-02-13 not yet calculated CVE-2016-8375 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8375
BID http://www.securityfocus.com/bid/96113
MISC https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-01
MISC https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-02
bd -- alaris
An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7. An unauthorized user with physical access to an Alaris 8015 PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling an Alaris 8015 PC unit and accessing the device's flash memory. Older software versions of the Alaris 8015 PC unit, Version 9.5 and prior versions, store wireless network authentication credentials and other sensitive technical data on the affected device's removable flash memory. Being able to remove the flash memory from the affected device reduces the risk of detection, allowing an attacker to extract stored data at the attacker's convenience. 2017-02-13 not yet calculated CVE-2016-9355 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9355
BID http://www.securityfocus.com/bid/96116
MISC https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-02
ca_technologies -- infrastructure_management
An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. 2017-02-13 not yet calculated CVE-2016-5803 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5803
BID http://www.securityfocus.com/bid/94243
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-315-01
carlo_gavazzi -- vmu-c_em
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. The access control flaw allows access to most application functions without authentication. 2017-02-13 not yet calculated CVE-2017-5144 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5144
BID http://www.securityfocus.com/bid/95411
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-012-03
carlo_gavazzi -- vmu-c_em
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Sensitive information is stored in clear-text. 2017-02-13 not yet calculated CVE-2017-5146 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5146
BID http://www.securityfocus.com/bid/95411
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-012-03
carlo_gavazzi -- vmu-c_em
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vulnerability can allow execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration. 2017-02-13 not yet calculated CVE-2017-5145 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5145
BID http://www.securityfocus.com/bid/95411
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-012-03
cisco -- cisco_ucs
A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control (RBAC) after the Developer Menu is enabled in Cisco UCS Director. An attacker could exploit this vulnerability by enabling Developer Mode for his/her user profile with an end-user profile and then adding new catalogs with arbitrary workflow items to his/her profile. An exploit could allow an attacker to perform any actions defined by these workflow items, including actions affecting other tenants. Cisco Bug IDs: CSCvb64765. 2017-02-15 not yet calculated CVE-2017-3801 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3801
CONFIRM https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ucs
cisco -- jasper
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command. 2017-02-15 not yet calculated CVE-2016-8692 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8692
DEBIAN http://www.debian.org/security/2017/dsa-3785
MLIST http://www.openwall.com/lists/oss-security/2016/08/23/6
MLIST http://www.openwall.com/lists/oss-security/2016/10/16/14
BID http://www.securityfocus.com/bid/93588
MISC https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1385502
CONFIRM https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THLEZURI4D24PRM7SMASC5I25IAWXXTM/
cisco -- jasper
Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image. 2017-02-15 not yet calculated CVE-2016-9560 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9560
MLIST http://www.openwall.com/lists/oss-security/2016/11/20/1
MLIST http://www.openwall.com/lists/oss-security/2016/11/23/5
BID http://www.securityfocus.com/bid/94428
MISC https://blogs.gentoo.org/ago/2016/11/20/jasper-stack-based-buffer-overflow-in-jpc_tsfb_getbands2-jpc_tsfb-c/
CONFIRM https://github.com/mdadams/jasper/commit/1abc2e5a401a4bf1d5ca4df91358ce5df111f495
cisco -- jasper
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command. 2017-02-15 not yet calculated CVE-2016-8693 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8693
SUSE http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html
MLIST http://www.openwall.com/lists/oss-security/2016/08/23/6
MLIST http://www.openwall.com/lists/oss-security/2016/10/16/14
BID http://www.securityfocus.com/bid/93587
MISC https://blogs.gentoo.org/ago/2016/10/16/jasper-double-free-in-mem_close-jas_stream-c/
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1385507
CONFIRM https://github.com/mdadams/jasper/commit/44a524e367597af58d6265ae2014468b334d0309
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/
cisco -- jasper
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command. 2017-02-15 not yet calculated CVE-2016-8691 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8691
DEBIAN http://www.debian.org/security/2017/dsa-3785
MLIST http://www.openwall.com/lists/oss-security/2016/08/23/6
MLIST http://www.openwall.com/lists/oss-security/2016/10/16/14
BID http://www.securityfocus.com/bid/93593
MISC https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1385502
CONFIRM https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THLEZURI4D24PRM7SMASC5I25IAWXXTM/
cisco -- jasper
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command. 2017-02-15 not yet calculated CVE-2016-8690 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8690
MLIST http://www.openwall.com/lists/oss-security/2016/08/23/6
MLIST http://www.openwall.com/lists/oss-security/2016/10/16/14
BID http://www.securityfocus.com/bid/93590
MISC https://blogs.gentoo.org/ago/2016/10/16/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c/
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1385499
CONFIRM https://github.com/mdadams/jasper/commit/8f62b4761711d036fd8964df256b938c809b7fca
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/
crypto++ -- crypto++
The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5.6.4 may be optimized out by the compiler, which allows attackers to conduct timing attacks. 2017-02-13 not yet calculated CVE-2016-3995 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3995
MLIST http://www.openwall.com/lists/oss-security/2016/04/11/2
BID http://www.securityfocus.com/bid/85975
CONFIRM https://github.com/weidai11/cryptopp/issues/146
delta_electronics -- delta-electronics
An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to 2.10.10. Multiple instances of out-of-bounds write conditions may allow malicious files to be read and executed by the affected software. 2017-02-13 not yet calculated CVE-2016-5802 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5802
BID http://www.securityfocus.com/bid/94887
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-348-03
delta_electronics -- delta-electronics
An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. There are multiple instances of heap-based buffer overflows that may allow malicious files to cause the execution of arbitrary code or a denial of service. 2017-02-13 not yet calculated CVE-2016-5805 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5805
BID http://www.securityfocus.com/bid/94887
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-348-03
dovecot -- dovecot
The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username. 2017-02-16 not yet calculated CVE-2016-8652 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8652
MLIST http://dovecot.org/pipermail/dovecot-news/2016-December/000333.html
MLIST http://www.openwall.com/lists/oss-security/2016/12/02/4
MLIST http://www.openwall.com/lists/oss-security/2016/12/05/12
BID http://www.securityfocus.com/bid/94639
eaton -- epdu
An issue was discovered in certain legacy Eaton ePDUs -- the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAMAxx prior to January 31, 2014, EMAAxx prior to January 31, 2014, and ESWAxx prior to January 31, 2014. An unauthenticated attacker may be able to access configuration files with a specially crafted URL (Path Traversal). 2017-02-13 not yet calculated CVE-2016-9357 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9357
BID http://www.securityfocus.com/bid/95817
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-026-01
ecommerce_shopsoftware -- ecommerce_shopsoftware
Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands via the (1) orders_status or (2) customers_status parameter to api/easybill/easybillcsv.php. 2017-02-15 not yet calculated CVE-2016-3694 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3694
MISC http://packetstormsecurity.com/files/136734/modified-eCommerce-2.0.0.0-Rev-9678-SQL-Injection.html
EXPLOIT-DB https://www.exploit-db.com/exploits/39710/
emerson -- deltav
An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system. 2017-02-13 not yet calculated CVE-2016-9345 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9345
BID http://www.securityfocus.com/bid/94584
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-334-02
emerson -- emerson
An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) running the firmware available in the DeltaV system, release v13.3, have the SSH (Secure Shell) functionality enabled unnecessarily. 2017-02-13 not yet calculated CVE-2016-9347 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9347
BID http://www.securityfocus.com/bid/94586
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-334-03
emerson -- liebert_sitescan
An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network. 2017-02-13 not yet calculated CVE-2016-8348 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8348
BID http://www.securityfocus.com/bid/94587
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-334-01
eparaksts -- eparaksts
XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3.9 and eParaksts Java lib before 2.5.13 allows remote attackers to read arbitrary files or possibly have unspecified other impact via a crafted edoc file. 2017-02-17 not yet calculated CVE-2017-6055 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6055
MISC https://cert.lv/lv/2017/02/iznakusas-nedelas-zinas-par-drosibas-incidentiem-nr-4-2017
MISC https://www.eparaksts.lv/en/Assistance/downloads/eparakstitajs-3-0/previous-versions-of-eparakstitajs-3-0/
facebook -- hhmv
Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. 2017-02-17 not yet calculated CVE-2016-6873 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6873
MLIST http://www.openwall.com/lists/oss-security/2016/08/11/1
MLIST http://www.openwall.com/lists/oss-security/2016/08/19/1
CONFIRM https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e
facebook -- hhmv
Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow. 2017-02-17 not yet calculated CVE-2016-6871 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6871
MLIST http://www.openwall.com/lists/oss-security/2016/08/11/1
MLIST http://www.openwall.com/lists/oss-security/2016/08/19/1
CONFIRM https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475
facebook -- hhmv
The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion. 2017-02-17 not yet calculated CVE-2016-6874 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6874
MLIST http://www.openwall.com/lists/oss-security/2016/08/11/1
MLIST http://www.openwall.com/lists/oss-security/2016/08/19/1
CONFIRM https://github.com/facebook/hhvm/commit/05e706d98f748f609b19d8697e490eaab5007d69
facebook -- hhmv
Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. 2017-02-17 not yet calculated CVE-2016-6875 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6875
MLIST http://www.openwall.com/lists/oss-security/2016/08/11/1
MLIST http://www.openwall.com/lists/oss-security/2016/08/19/1
CONFIRM https://github.com/facebook/hhvm/commit/1888810e77b446a79a7674784d5f139fcfa605e2
facebook -- hhmv
Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. 2017-02-17 not yet calculated CVE-2016-6870 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6870
MLIST http://www.openwall.com/lists/oss-security/2016/08/11/1
MLIST http://www.openwall.com/lists/oss-security/2016/08/19/1
CONFIRM https://github.com/facebook/hhvm/commit/365abe807cab2d60dc9ec307292a06181f77a9c2
facebook -- hhmv
Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. 2017-02-17 not yet calculated CVE-2016-6872 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6872
MLIST http://www.openwall.com/lists/oss-security/2016/08/11/1
MLIST http://www.openwall.com/lists/oss-security/2016/08/19/1
CONFIRM https://github.com/facebook/hhvm/commit/2c9a8fcc73a151608634d3e712973d192027c271
fatek -- winproloader
An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. A stack-based buffer overflow vulnerability exists when the software application connects to a malicious server, resulting in a stack buffer overflow. This causes an exploitable Structured Exception Handler (SEH) overwrite condition that may allow remote code execution. 2017-02-13 not yet calculated CVE-2016-8377 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8377
BID http://www.securityfocus.com/bid/94938
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-350-01
fidelix -- fidelix_fx-20
An issue was discovered in Fidelix FX-20 series controllers, versions prior to 11.50.19. Arbitrary file reading via path traversal allows an attacker to access arbitrary files and directories on the server. 2017-02-13 not yet calculated CVE-2016-9364 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9364
BID http://www.securityfocus.com/bid/95073
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-357-01
fortinet -- fortimanager
An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature. 2017-02-13 not yet calculated CVE-2016-8495 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8495
CONFIRM https://fortiguard.com/advisory/FG-IR-16-055
froxlor -- froxlor
Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value. 2017-02-13 not yet calculated CVE-2016-5100 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5100
CONFIRM https://github.com/Froxlor/Froxlor/commit/da4ec3e1b591de96675817a009e26e05e848a6ba
ge -- proficy_hmi/scada
An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session. 2017-02-13 not yet calculated CVE-2016-9360 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9360
BID http://www.securityfocus.com/bid/95630
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A
genixcms -- genixcms
SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter. 2017-02-17 not yet calculated CVE-2017-6065 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6065
MISC https://github.com/semplon/GeniXCMS/issues/71
google -- chrome
FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file. 2017-02-17 not yet calculated CVE-2017-5024 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5024
BID http://www.securityfocus.com/bid/95792
CONFIRM https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/643951
google -- chrome
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, had an insufficiently strict content security policy on the Chrome app launcher page, which allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. 2017-02-17 not yet calculated CVE-2017-5018 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5018
BID http://www.securityfocus.com/bid/95792
CONFIRM https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/668665
google -- chrome
Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with GeForce 8600M graphics chips via a crafted HTML page. 2017-02-17 not yet calculated CVE-2017-5017 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5017
BID http://www.securityfocus.com/bid/95792
CONFIRM https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/676975
google -- chrome
A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. 2017-02-17 not yet calculated CVE-2017-5021 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5021
BID http://www.securityfocus.com/bid/95792
CONFIRM https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/663726
gosa -- gosa
The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password. 2017-02-13 not yet calculated CVE-2015-8771 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8771
MLIST http://www.openwall.com/lists/oss-security/2016/01/15/11
CONFIRM https://github.com/gosa-project/gosa-core/commit/a67a047cba2cdae8bccb0f0e2bc6d3eb45cfcbc8
graphicsmagick -- graphicsmagick
The AcquireMagickMemory function in MagickCore/memory.c in GraphicsMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. 2017-02-15 not yet calculated CVE-2016-8862 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8862
DEBIAN http://www.debian.org/security/2016/dsa-3726
MLIST http://www.openwall.com/lists/oss-security/2016/10/20/2
MLIST http://www.openwall.com/lists/oss-security/2016/10/20/3
BID http://www.securityfocus.com/bid/93794
MISC https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1387135
CONFIRM https://github.com/ImageMagick/ImageMagick/issues/271
graphicsmagick -- graphicsmagick
The AcquireMagickMemory function in MagickCore/memory.c in GraphicsMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862. 2017-02-15 not yet calculated CVE-2016-8866 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8866
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00085.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00006.html
SUSE http://lists.opensuse.org/opensuse-updates/2016-12/msg00141.html
MLIST http://www.openwall.com/lists/oss-security/2016/10/20/3
MLIST http://www.openwall.com/lists/oss-security/2016/10/21/5
MISC https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1388816
CONFIRM https://github.com/ImageMagick/ImageMagick/issues/271
hanwha_techwin -- smart_security_manager
An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and Apache Felix Gogo servers that are installed as part of this product. By issuing specific HTTP Post requests, an attacker can gain system level access to a remote shell session. Smart Security Manager Versions 1.5 and prior are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. 2017-02-13 not yet calculated CVE-2017-5169 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5169
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-040-01
hanwha_techwin -- smart_security_manager
An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server. Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. 2017-02-13 not yet calculated CVE-2017-5168 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5168
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-040-01
hirschmann -- geko_lite_managed_switch
An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, which includes hashes of user passwords, is saved to a location that is accessible without authentication by path traversal. 2017-02-13 not yet calculated CVE-2017-5163 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5163
BID http://www.securityfocus.com/bid/95815
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02
honeywell -- experion_pks_platform
An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does not properly validate input. By sending a specially crafted packet, an attacker could cause the process to terminate. A successful exploit would prevent firmware uploads to the Series-C devices. 2017-02-13 not yet calculated CVE-2016-8344 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8344
BID http://www.securityfocus.com/bid/93950
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-301-01
ibhsoftec -- softplc
An issue was discovered in IBHsoftec S7-SoftPLC prior to 4.12b. Object memory can read a network packet that is larger than the space that is available, a Heap-based Buffer Overflow. 2017-02-13 not yet calculated CVE-2016-8364 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8364
BID http://www.securityfocus.com/bid/94054
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-306-02
ibm -- resilient
IBM Resilient v26.0, v26.1, and v26.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference#: 213457065. 2017-02-16 not yet calculated CVE-2016-6062 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6062
BID http://www.securityfocus.com/bid/94268
CONFIRM https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-resilient-cross-site-scripting-vulnerability-cve-2016-6062/
ibm -- security_access_manager
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868. 2017-02-16 not yet calculated CVE-2016-5919 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5919
CONFIRM http://www.ibm.com/support/docview.wss?uid=swg21996868
ibm -- tivoli
IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1995545. 2017-02-15 not yet calculated CVE-2016-6033 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6033
CONFIRM http://www.ibm.com/support/docview.wss?uid=swg21995545
BID http://www.securityfocus.com/bid/95102
ibm -- websphere
IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. IBM Reference #: 1983457. 2017-02-15 not yet calculated CVE-2016-0360 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0360
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21983457
BID http://www.securityfocus.com/bid/95317
icoutils -- icoutils
An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool. 2017-02-16 not yet calculated CVE-2017-6009 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6009
MISC https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854050
icoutils -- icoutils
An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash. 2017-02-16 not yet calculated CVE-2017-6010 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6010
MISC https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854054
icoutils -- icoutils
An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool. 2017-02-16 not yet calculated CVE-2017-6011 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6011
MISC https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854054
ikiwiki -- ikiwiki
ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made. 2017-02-13 not yet calculated CVE-2016-10026 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10026
CONFIRM http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/
MLIST http://www.openwall.com/lists/oss-security/2016/12/21/3
MLIST http://www.openwall.com/lists/oss-security/2016/12/29/3
CONFIRM https://ikiwiki.info/security/#index46h2
imagemagick -- imagemagick
Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556. 2017-02-16 not yet calculated CVE-2016-9773 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9773
MLIST http://www.openwall.com/lists/oss-security/2016/12/01/4
MLIST http://www.openwall.com/lists/oss-security/2016/12/02/11
MLIST http://www.openwall.com/lists/oss-security/2016/12/02/12
MISC https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556/
imagemagick -- imagemagick
The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64." 2017-02-15 not yet calculated CVE-2016-8678 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8678
MLIST http://www.openwall.com/lists/oss-security/2016/10/16/2
MLIST http://www.openwall.com/lists/oss-security/2016/12/08/18
BID http://www.securityfocus.com/bid/93599
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1385694
MISC https://github.com/ImageMagick/ImageMagick/issues/272
imagemagick -- imagemagick
The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure. 2017-02-15 not yet calculated CVE-2016-8677 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8677
SUSE http://lists.opensuse.org/opensuse-updates/2016-10/msg00107.html
DEBIAN http://www.debian.org/security/2016/dsa-3726
MLIST http://www.openwall.com/lists/oss-security/2016/10/16/1
BID http://www.securityfocus.com/bid/93598
MISC https://blogs.gentoo.org/ago/2016/10/07/imagemagick-memory-allocate-failure-in-acquirequantumpixels-quantum-c/
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1385698
CONFIRM https://github.com/ImageMagick/ImageMagick/commit/6e48aa92ff4e6e95424300ecd52a9ea453c19c60
CONFIRM https://github.com/ImageMagick/ImageMagick/issues/268
integraxor -- ecava
An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands. 2017-02-13 not yet calculated CVE-2016-8341 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8341
BID http://www.securityfocus.com/bid/95907
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-031-02
interschalt -- vdr
An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. External input is used to construct paths to files and directories without properly neutralizing special elements within the pathname that could allow an attacker to read files on the system, a Path Traversal. 2017-02-13 not yet calculated CVE-2016-9339 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9339
BID http://www.securityfocus.com/bid/94776
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-343-04
kabona -- webdatorcentral
An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. WDC does not limit authentication attempts that may allow a brute force attack method. 2017-02-13 not yet calculated CVE-2016-8347 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8347
BID http://www.securityfocus.com/bid/93547
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-287-07
libdwarf -- libdwarf
The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. 2017-02-17 not yet calculated CVE-2016-5035 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5035
MLIST http://www.openwall.com/lists/oss-security/2016/05/24/1
MLIST http://www.openwall.com/lists/oss-security/2016/05/25/1
CONFIRM https://www.prevanders.net/dwarfbug.html
libdwarf -- libdwarf
The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. 2017-02-17 not yet calculated CVE-2016-5033 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5033
MLIST http://www.openwall.com/lists/oss-security/2016/05/24/1
MLIST http://www.openwall.com/lists/oss-security/2016/05/25/1
CONFIRM https://www.prevanders.net/dwarfbug.html
libdwarf -- libdwarf
The _dwarf_calculate_info_section_end_ptr function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. 2017-02-17 not yet calculated CVE-2016-5030 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5030
MLIST http://www.openwall.com/lists/oss-security/2016/05/24/1
MLIST http://www.openwall.com/lists/oss-security/2016/05/25/1
CONFIRM https://www.prevanders.net/dwarfbug.html
libdwarf -- libdwarf
The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted DWARF section. 2017-02-17 not yet calculated CVE-2016-5044 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5044
MLIST http://www.openwall.com/lists/oss-security/2016/05/24/1
MLIST http://www.openwall.com/lists/oss-security/2016/05/25/1
CONFIRM https://www.prevanders.net/dwarfbug.html
libdwarf -- libdwarf
dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file, related to relocation records. 2017-02-17 not yet calculated CVE-2016-5034 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5034
MLIST http://www.openwall.com/lists/oss-security/2016/05/24/1
MLIST http://www.openwall.com/lists/oss-security/2016/05/25/1
CONFIRM https://www.prevanders.net/dwarfbug.html
libdwarf -- libdwarf
The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a denial of service (crash) via a crafted file. 2017-02-17 not yet calculated CVE-2016-5032 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5032
MLIST http://www.openwall.com/lists/oss-security/2016/05/24/1
MLIST http://www.openwall.com/lists/oss-security/2016/05/25/1
CONFIRM https://www.prevanders.net/dwarfbug.html
libdwarf -- libdwarf
The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. 2017-02-17 not yet calculated CVE-2016-5031 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5031
MLIST http://www.openwall.com/lists/oss-security/2016/05/24/1
MLIST http://www.openwall.com/lists/oss-security/2016/05/25/1
CONFIRM https://www.prevanders.net/dwarfbug.html
libdwarf -- libdwarf
The _dwarf_load_section function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. 2017-02-17 not yet calculated CVE-2016-5037 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5037
MLIST http://www.openwall.com/lists/oss-security/2016/05/24/1
MLIST http://www.openwall.com/lists/oss-security/2016/05/25/1
CONFIRM https://www.prevanders.net/dwarfbug.html
libdwarf -- libdwarf
The dump_block function in print_sections.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted frame data. 2017-02-17 not yet calculated CVE-2016-5036 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5036
MLIST http://www.openwall.com/lists/oss-security/2016/05/24/1
MLIST http://www.openwall.com/lists/oss-security/2016/05/25/1
CONFIRM https://www.prevanders.net/dwarfbug.html
libdwarf -- libdwarf
The read_line_table_program function in dwarf_line_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted input. 2017-02-17 not yet calculated CVE-2016-7510 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7510
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1377015
CONFIRM https://sourceforge.net/p/libdwarf/bugs/4/
libdwarf -- libdwarf
The get_attr_value function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted object with all-bits on. 2017-02-17 not yet calculated CVE-2016-5039 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5039
MLIST http://www.openwall.com/lists/oss-security/2016/05/24/1
MLIST http://www.openwall.com/lists/oss-security/2016/05/25/1
CONFIRM https://www.prevanders.net/dwarfbug.html
libdwarf -- libdwarf
The dwarf_get_macro_startend_file function in dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted string offset for .debug_str. 2017-02-17 not yet calculated CVE-2016-5038 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5038
MLIST http://www.openwall.com/lists/oss-security/2016/05/24/1
MLIST http://www.openwall.com/lists/oss-security/2016/05/25/1
CONFIRM https://www.prevanders.net/dwarfbug.html
libdwarf -- libdwarf
Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows remote attackers to cause a denial of service (crash) via a crafted file. 2017-02-17 not yet calculated CVE-2016-7511 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7511
CONFIRM https://sourceforge.net/p/libdwarf/bugs/3/
CONFIRM https://www.prevanders.net/dwarfbug.html#DW201609-002
libdwarf -- libdwarf
The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted dwarf file. 2017-02-17 not yet calculated CVE-2016-5029 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5029
MLIST http://www.openwall.com/lists/oss-security/2016/05/24/1
MLIST http://www.openwall.com/lists/oss-security/2016/05/25/1
CONFIRM https://www.prevanders.net/dwarfbug.html
libdwarf -- libdwarf
The dwarf_dealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted DWARF section. 2017-02-17 not yet calculated CVE-2016-5043 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5043
MLIST http://www.openwall.com/lists/oss-security/2016/05/24/1
MLIST http://www.openwall.com/lists/oss-security/2016/05/25/1
CONFIRM https://www.prevanders.net/dwarfbug.html
libdwarf -- libdwarf
The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file. 2017-02-15 not yet calculated CVE-2016-8679 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8679
MLIST http://www.openwall.com/lists/oss-security/2016/10/16/3
BID http://www.securityfocus.com/bid/93601
MISC https://blogs.gentoo.org/ago/2016/10/06/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_size_of_val-dwarf_util-c/
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1385689
libdwarf -- libdwarf
The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via an object file with empty bss-like sections. 2017-02-17 not yet calculated CVE-2016-5028 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5028
MLIST http://www.openwall.com/lists/oss-security/2016/05/24/1
MLIST http://www.openwall.com/lists/oss-security/2016/05/25/1
CONFIRM https://www.prevanders.net/dwarfbug.html
libdwarf -- libdwarf
The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file. 2017-02-15 not yet calculated CVE-2016-8680 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8680
MLIST http://www.openwall.com/lists/oss-security/2016/10/16/4
BID http://www.securityfocus.com/bid/93595
MISC https://blogs.gentoo.org/ago/2016/10/04/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c/
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1385686
CONFIRM https://sourceforge.net/p/libdwarf/code/ci/268c1f18d1d28612af3b72d7c670076b1b88e51c/tree/libdwarf/dwarf_util.c?diff=0b28b923c3bd9827d1d904feed2abadde4fa5de2
libdwarf -- libdwarf
libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a large length value in a compilation unit header. 2017-02-17 not yet calculated CVE-2016-5040 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5040
MLIST http://www.openwall.com/lists/oss-security/2016/05/24/1
MLIST http://www.openwall.com/lists/oss-security/2016/05/25/1
CONFIRM https://www.prevanders.net/dwarfbug.html
libdwarf -- libdwarf
The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file. 2017-02-15 not yet calculated CVE-2016-8681 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8681
MLIST http://www.openwall.com/lists/oss-security/2016/10/16/5
BID http://www.securityfocus.com/bid/93592
MISC https://blogs.gentoo.org/ago/2016/10/06/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c-2/
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1385690
libdwarf -- libdwarf
The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and crash) via a crafted DWARF section. 2017-02-17 not yet calculated CVE-2016-5042 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5042
MLIST http://www.openwall.com/lists/oss-security/2016/05/24/1
MLIST http://www.openwall.com/lists/oss-security/2016/05/25/1
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1332145
CONFIRM https://www.prevanders.net/dwarfbug.html
libjpeg -- libjpeg
The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. 2017-02-13 not yet calculated CVE-2016-3616 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3616
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1318509
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1319661
libtomcrypt -- libtomcrypt
The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack. 2017-02-13 not yet calculated CVE-2016-6129 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6129
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1370955
CONFIRM https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0
CONFIRM https://www.op-tee.org/advisories/
linux -- linux_kernel
The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. 2017-02-14 not yet calculated CVE-2017-5972 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5972
MISC https://cxsecurity.com/issue/WLB-2017020112
MISC https://githubengineering.com/syn-flood-mitigation-with-synsanity/
linux -- linux_kernel
Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786. 2017-02-18 not yet calculated CVE-2017-6001 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6001
CONFIRM http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=321027c1fe77f892f4ea07846aeae08cefbbb290
CONFIRM http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.7
MLIST http://www.openwall.com/lists/oss-security/2017/02/16/1
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1422825
CONFIRM https://github.com/torvalds/linux/commit/321027c1fe77f892f4ea07846aeae08cefbbb290
linux -- linux_kernel
Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state. 2017-02-18 not yet calculated CVE-2017-5986 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5986
CONFIRM http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2dcab598484185dea7ec22219c76dcdd59e3cb90
CONFIRM http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11
MLIST http://www.openwall.com/lists/oss-security/2017/02/14/6
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1420276
CONFIRM https://github.com/torvalds/linux/commit/2dcab598484185dea7ec22219c76dcdd59e3cb90
linux -- linux_kernel
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to cause a denial of service (invalid free) or possibly have unspecified other impact via an application that makes an IPV6_RECVPKTINFO setsockopt system call. 2017-02-18 not yet calculated CVE-2017-6074 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6074
CONFIRM https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
locus_energy -- l_gate
An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for voltage monitoring and network configuration. The PHP code does not properly validate information that is sent in the POST request. 2017-02-13 not yet calculated CVE-2016-5782 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5782
BID http://www.securityfocus.com/bid/94698
BID http://www.securityfocus.com/bid/94782
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-231-01-0
mantisbt -- mantisbt
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. 2017-02-17 not yet calculated CVE-2016-7111 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7111
MLIST http://www.openwall.com/lists/oss-security/2016/08/28/1
MLIST http://www.openwall.com/lists/oss-security/2016/08/29/2
CONFIRM https://github.com/mantisbt/mantisbt/commit/b3511d2f
CONFIRM https://mantisbt.org/bugs/view.php?id=21263
mantisbt -- mantisbt
Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter. 2017-02-17 not yet calculated CVE-2016-5364 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5364
MLIST http://www.openwall.com/lists/oss-security/2016/06/11/5
CONFIRM https://github.com/mantisbt/mantisbt/commit/11ab3d6c82a1d3a89b1024f77349fb60a83743c5
CONFIRM https://github.com/mantisbt/mantisbt/commit/5068df2dcf79c34741c746c9b27e0083f2a374da
CONFIRM https://mantisbt.org/bugs/view.php?id=20956
mcafee -- intel_security_mcafee_agent
Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters via a URL that was not completely validated. 2017-02-13 not yet calculated CVE-2017-3896 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3896
BID http://www.securityfocus.com/bid/95903
CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10183
mitsubishi -- melsec-q
An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock. 2017-02-13 not yet calculated CVE-2016-8368 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8368
BID http://www.securityfocus.com/bid/94632
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-336-03
mitsubishi -- melsec-q
An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC. 2017-02-13 not yet calculated CVE-2016-8370 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8370
BID http://www.securityfocus.com/bid/94632
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-336-03
moxa -- edr_810
An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION). 2017-02-13 not yet calculated CVE-2016-8346 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8346
BID http://www.securityfocus.com/bid/93800
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-294-01
moxa -- iologik
An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. A password is transmitted in a format that is not sufficiently secure. 2017-02-13 not yet calculated CVE-2016-8372 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8372
BID http://www.securityfocus.com/bid/93550
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-287-05
moxa -- iologik
An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. The web application fails to sanitize user input, which may allow an attacker to inject script or execute arbitrary code (CROSS-SITE SCRIPTING). 2017-02-13 not yet calculated CVE-2016-8359 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8359
BID http://www.securityfocus.com/bid/93550
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-287-05
moxa -- iologik
An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. Users are restricted to using short passwords. 2017-02-13 not yet calculated CVE-2016-8379 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8379
BID http://www.securityfocus.com/bid/93550
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-287-05
moxa -- iologik
An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. The web application may not sufficiently verify whether a request was provided by a valid user (CROSS-SITE REQUEST FORGERY). 2017-02-13 not yet calculated CVE-2016-8350 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8350
BID http://www.securityfocus.com/bid/93550
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-287-05
moxa -- moxa
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files. 2017-02-13 not yet calculated CVE-2016-9344 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9344
BID http://www.securityfocus.com/bid/94783
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01
moxa -- moxa
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted. 2017-02-13 not yet calculated CVE-2016-9346 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9346
BID http://www.securityfocus.com/bid/94783
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01
moxa -- oncell
An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. User is able to execute arbitrary OS commands on the server. 2017-02-13 not yet calculated CVE-2016-8363 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8363
BID http://www.securityfocus.com/bid/94092
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-308-01
moxa -- oncell
An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. Any user is able to download log files by accessing a specific URL. 2017-02-13 not yet calculated CVE-2016-8362 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8362
BID http://www.securityfocus.com/bid/94092
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-308-01
navidia -- navidia All versions of NVIDIA GPU and GeForce Experience installer contain a vulnerability where it fails to set proper permissions on the package extraction path thus allowing a non-privileged user to tamper with the extracted files, potentially leading to escalation of privileges via code execution. 2017-02-15 not yet calculated CVE-2017-0317 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0317
CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398
navidia -- navidia All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system. 2017-02-15 not yet calculated CVE-2017-0319 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0319
CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398
navidia -- navidia NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges. 2017-02-15 not yet calculated CVE-2017-0311 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0311
CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398
navidia -- navidia All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where untrusted input is used for buffer size calculation leading to denial of service or escalation of privileges. 2017-02-15 not yet calculated CVE-2017-0308 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0308
CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398
navidia -- navidia
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges. 2017-02-15 not yet calculated CVE-2017-0323 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0323
CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398
navidia -- navidia
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges. 2017-02-15 not yet calculated CVE-2017-0321 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0321
CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398
navidia -- navidia
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system. 2017-02-15 not yet calculated CVE-2017-0320 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0320
CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398
navidia -- navidia
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscapeID 0x100008b where user provided input is used as the limit for a loop may lead to denial of service or potential escalation of privileges 2017-02-15 not yet calculated CVE-2017-0312 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0312
CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398
navidia -- navidia
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges. 2017-02-15 not yet calculated CVE-2017-0324 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0324
CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398
navidia -- navidia
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a value passed from a user to the driver is not correctly validated and used as the index to an array, leading to denial of service or potential escalation of privileges. 2017-02-15 not yet calculated CVE-2017-0322 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0322
CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398
navidia -- navidia
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service or potential escalation of privileges. 2017-02-15 not yet calculated CVE-2017-0309 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0309
CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398
navidia -- navidia
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside of the intended boundary of the buffer leading to denial of service or escalation of privileges. 2017-02-15 not yet calculated CVE-2017-0313 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0313
CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398
navidia -- navidia
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper access controls allowing unprivileged user to cause a denial of service. 2017-02-15 not yet calculated CVE-2017-0310 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0310
CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398
navidia -- navidia
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an attempt to access an invalid object pointer may lead to denial of service or potential escalation of privileges. 2017-02-15 not yet calculated CVE-2017-0315 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0315
CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398
navidia -- navidia
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside of the intended boundary of the buffer leading to denial of service or escalation of privileges. 2017-02-15 not yet calculated CVE-2017-0314 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0314
CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398
navidia -- navidia
All versions of NVIDIA Linux GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper validation of an input parameter may cause a denial of service on the system. 2017-02-15 not yet calculated CVE-2017-0318 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0318
CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398
offis -- dicom_dcmtk
Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long string sent to TCP port 4242. 2017-02-15 not yet calculated CVE-2015-8979 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8979
MISC http://packetstormsecurity.com/files/140191/DCMTK-storescp-DICOM-storage-C-STORE-SCP-Remote-Stack-Buffer-Overflow.html
DEBIAN http://www.debian.org/security/2016/dsa-3749
MLIST http://www.openwall.com/lists/oss-security/2016/12/18/2
BID http://www.securityfocus.com/bid/94951
MISC http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5384.php
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1405919
openssh -- sshd
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided. 2017-02-13 not yet calculated CVE-2016-6210 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6210
FULLDISC http://seclists.org/fulldisclosure/2016/Jul/51
BID http://www.securityfocus.com/bid/91812
CONFIRM https://www.openssh.com/txt/release-7.3
osisoft -- pi_coresight
An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords to become exposed for the affected services, potentially leading to unauthorized shutdown of the affected PI services as well as potential reuse of domain credentials. 2017-02-13 not yet calculated CVE-2017-5153 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5153
BID http://www.securityfocus.com/bid/95355
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-010-01
osisoft -- pi_web
An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). There is a weakness in this product that may allow an attacker to access the PI system without the proper permissions. 2017-02-13 not yet calculated CVE-2016-8353 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8353
BID http://www.securityfocus.com/bid/93552
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-287-01
perl -- pcre
The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression. 2017-02-16 not yet calculated CVE-2017-6004 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6004
CONFIRM https://bugs.exim.org/show_bug.cgi?id=2035
CONFIRM https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676&r2=1680&view=patch
perl -- perl
The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression. 2017-02-16 not yet calculated CVE-2016-1249 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1249
CONFIRM http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.039/Changes
MLIST http://www.openwall.com/lists/oss-security/2016/11/16/1
BID http://www.securityfocus.com/bid/94350
CONFIRM https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe
phoenix_contact -- mguard
An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. When updating an mGuard device to Version 8.4.0 via the update-upload facility, the update will succeed, but it will reset the password of the admin user to its default value. 2017-02-13 not yet calculated CVE-2017-5159 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5159
BID http://www.securityfocus.com/bid/95648
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-017-01
phreesoft -- phreebookserp
An issue was discovered in PhreeBooksERP before 2017-02-13. The vulnerability exists due to insufficient filtration of user-supplied data in the "form" HTTP GET parameter passed to the "PhreeBooksERP-master/extensions/ShippingMethods/ups/label_mgr/js_include.php" and "PhreeBooksERP-master/extensions/ShippingMethods/yrc/label_mgr/js_include.php" URLs. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. NOTE: these js_include.php files do not exist in the SourceForge "stable release" (aka R37RC1). 2017-02-15 not yet calculated CVE-2017-5990 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5990
CONFIRM https://github.com/phreebooks/PhreeBooksERP/commit/f2a32dede7cc7f9ff59fe983c5e4abe2966d837c
CONFIRM https://github.com/phreebooks/PhreeBooksERP/issues/230
pkexec -- pkexec
pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. 2017-02-13 not yet calculated CVE-2016-2568 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2568
MLIST http://www.openwall.com/lists/oss-security/2016/02/26/3
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1300746
puppet_enterprise -- mcollective
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command. 2017-02-13 not yet calculated CVE-2016-2788 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2788
CONFIRM https://puppet.com/security/cve/cve-2016-2788
puppet_enterprise -- puppet_communications_protocol
The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors. 2017-02-13 not yet calculated CVE-2016-2787 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2787
CONFIRM https://puppet.com/security/cve/CVE-2016-2787
python -- pycrypto
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. 2017-02-15 not yet calculated CVE-2013-7459 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7459
MLIST http://www.openwall.com/lists/oss-security/2016/12/27/8
BID http://www.securityfocus.com/bid/95122
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1409754
CONFIRM https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
CONFIRM https://github.com/dlitz/pycrypto/issues/176
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/
MISC https://pony7.fr/ctf:public:32c3:cryptmsg
python -- python
install.py in click allows remote attackers to gain privileges via a data tarball containing a file with a crafted path. 2017-02-13 not yet calculated CVE-2015-8768 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8768
UBUNTU http://ubuntu.com/usn/usn-2771-1
MLIST http://www.openwall.com/lists/oss-security/2016/01/12/8
CONFIRM https://bugs.launchpad.net/ubuntu/+source/click/+bug/1506467
CONFIRM https://code.launchpad.net/~cjwatson/click/audit-missing-dot-slash/+merge/274554
rockwell_automation -- logix5000
An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service. 2017-02-13 not yet calculated CVE-2016-9343 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9343
BID http://www.securityfocus.com/bid/95304
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05
rockwell_automation -- micrologix
An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. Because of an Incorrect Permission Assignment for Critical Resource, users with administrator privileges may be able to remove all administrative users requiring a factory reset to restore ancillary web server function. Exploitation of this vulnerability will still allow the affected device to function in its capacity as a controller. 2017-02-13 not yet calculated CVE-2016-9338 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9338
BID http://www.securityfocus.com/bid/95302
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06
rockwell_automation -- micrologix
An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. User credentials are sent to the web server in clear text, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server. 2017-02-13 not yet calculated CVE-2016-9334 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9334
BID http://www.securityfocus.com/bid/95302
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06
sap -- sap
The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972. 2017-02-15 not yet calculated CVE-2017-5997 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5997
MISC https://erpscan.com/advisories/erpscan-16-038-sap-message-server-http-remote-dos/
sauter -- novaweb
An issue was discovered in Sauter NovaWeb web HMI. The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user. 2017-02-13 not yet calculated CVE-2016-10224 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10224
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-343-02
schneider_electric -- connexium_firewalls An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP login authentication process that may allow an attacker to remotely execute code. 2017-02-13 not yet calculated CVE-2016-8352 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8352
BID http://www.securityfocus.com/bid/94062
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-306-01
schneider_electric -- ionxxxx
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes. 2017-02-13 not yet calculated CVE-2016-5815 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5815
BID http://www.securityfocus.com/bid/94091
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03
schneider_electric -- ionxxxx
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved. 2017-02-13 not yet calculated CVE-2016-5809 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5809
BID http://www.securityfocus.com/bid/92916
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03
schneider_electric -- magelis
An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION. 2017-02-13 not yet calculated CVE-2016-8374 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8374
BID http://www.securityfocus.com/bid/94093
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02
schneider_electric -- magelis
An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker can open multiple connections to a targeted web server and keep connections open preventing new connections from being made, rendering the web server unavailable during an attack. 2017-02-13 not yet calculated CVE-2016-8367 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8367
BID http://www.securityfocus.com/bid/94093
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02
schneider_electric -- unity_pro
An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity project file can make the simulator execute malicious code by redirecting the control flow of these instructions. 2017-02-13 not yet calculated CVE-2016-8354 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8354
BID http://www.securityfocus.com/bid/93830
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-306-03
schnieder_electric -- wonderware_historian
An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by Wonderware Historian may be compromised as well. 2017-02-13 not yet calculated CVE-2017-5155 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5155
BID http://www.securityfocus.com/bid/95766
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-024-01
shadow -- shadow
Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. 2017-02-17 not yet calculated CVE-2016-6252 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6252
MLIST http://www.openwall.com/lists/oss-security/2016/07/19/6
MLIST http://www.openwall.com/lists/oss-security/2016/07/19/7
MLIST http://www.openwall.com/lists/oss-security/2016/07/20/2
MLIST http://www.openwall.com/lists/oss-security/2016/07/25/7
CONFIRM https://bugzilla.suse.com/show_bug.cgi?id=979282
CONFIRM https://github.com/shadow-maint/shadow/issues/27
sieclo_sistemi -- sieclo_sistemi
An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, versions prior to Version 3.02.01, and Winlog Pro SCADA Software, versions prior to Version 3.02.01. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL. 2017-02-13 not yet calculated CVE-2017-5161 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5161
BID http://www.securityfocus.com/bid/96119
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-038-01
siemans -- eta4
An issue was discovered in Siemens ETA4 firmware (all versions prior to Revision 08) of the SM-2558 extension module for: SICAM AK, SICAM TM 1703, SICAM BC 1703, and SICAM AK 3. Specially crafted packets sent to Port 2404/TCP could cause the affected device to go into defect mode. A cold start might be required to recover the system, a Denial-of-Service Vulnerability. 2017-02-13 not yet calculated CVE-2016-7987 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7987
BID http://www.securityfocus.com/bid/93832
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-299-01
siemens -- sicam_pas
An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP. 2017-02-13 not yet calculated CVE-2016-8567 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8567
BID http://www.securityfocus.com/bid/94549
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-336-01
siemens -- sicam_pas
An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recoverable Format, an authenticated local attacker with certain privileges could possibly reconstruct the passwords of users for accessing the database. 2017-02-13 not yet calculated CVE-2016-8566 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8566
BID http://www.securityfocus.com/bid/94552
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-336-01
simplesamlphp -- simplesamlphp
The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean. 2017-02-16 not yet calculated CVE-2016-9814 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9814
BID http://www.securityfocus.com/bid/94730
CONFIRM https://simplesamlphp.org/security/201612-01
simplesamlphp -- simplesamlphp
The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean. 2017-02-16 not yet calculated CVE-2016-9955 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9955
BID http://www.securityfocus.com/bid/94946
CONFIRM https://simplesamlphp.org/security/201612-02
smiths-medical -- cadd-solis_medication_safety_software
An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. CADD-Solis Medication Safety Software grants an authenticated user elevated privileges on the SQL database, which would allow an authenticated user to modify drug libraries, add and delete users, and change user permissions. According to Smiths-Medical, physical access to the pump is required to install drug library updates. 2017-02-13 not yet calculated CVE-2016-8355 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8355
BID http://www.securityfocus.com/bid/94630
MISC https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01
smiths-medical -- cadd-solis_medication_safety_software
An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which may allow a man-in-the-middle attacker to gain access to the communication channel between endpoints. 2017-02-13 not yet calculated CVE-2016-8358 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8358
BID http://www.securityfocus.com/bid/94630
MISC https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01
sogo -- sogo
Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) contact fields. 2017-02-17 not yet calculated CVE-2014-9905 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9905
MLIST http://www.openwall.com/lists/oss-security/2016/07/09/3
CONFIRM https://github.com/inverse-inc/sogo/commit/1a7fc2a0e90a19dfb1fce292ae5ff53aa513ade9
CONFIRM https://github.com/inverse-inc/sogo/commit/3a5e44e7eb8b390b67a8f8a83030b49606956501
CONFIRM https://github.com/inverse-inc/sogo/commit/80a09407652ec04e8c9fb6cb48e1029e69a15765
CONFIRM https://github.com/inverse-inc/sogo/commit/c94595ea7f0f843c2d7abf25df039b2bbe707625
CONFIRM https://sogo.nu/bugs/view.php?id=2598
sogo -- sogo
Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Description, (2) Location, (3) URL, or (4) Title field. 2017-02-17 not yet calculated CVE-2016-6191 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6191
MLIST http://www.openwall.com/lists/oss-security/2016/07/09/3
CONFIRM https://github.com/inverse-inc/sogo/commit/64ce3c9c22fd9a28caabf11e76216cd53d0245aa
CONFIRM https://sogo.nu/bugs/view.php?id=3718
sogo -- sogo
SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users. 2017-02-17 not yet calculated CVE-2016-6190 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6190
MLIST http://www.openwall.com/lists/oss-security/2016/07/09/3
CONFIRM https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225
CONFIRM https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d
CONFIRM https://sogo.nu/bugs/view.php?id=3696
sogo -- sogo
Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds. 2017-02-17 not yet calculated CVE-2016-6189 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6189
MLIST http://www.openwall.com/lists/oss-security/2016/07/09/3
CONFIRM https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225
CONFIRM https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d
CONFIRM https://sogo.nu/bugs/view.php?id=3695
st_jude_medical -- merlin at home
An issue was discovered in St. Jude Medical Merlin at home, versions prior to Version 8.2.2 (RF models: EX1150; Inductive models: EX1100; and Inductive models: EX1100 with MerlinOnDemand capability). The identities of the endpoints for the communication channel between the transmitter and St. Jude Medical's web site, Merlin.net, are not verified. This may allow a man-in-the-middle attacker to access or influence communications between the identified endpoints. 2017-02-13 not yet calculated CVE-2017-5149 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5149
BID http://www.securityfocus.com/bid/95331
MISC https://ics-cert.us-cert.gov/advisories/ICSMA-17-009-01A
tesla -- model_s
An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. The vehicle's Gateway ECU is susceptible to commands that may allow an attacker to install malicious software allowing the attacker to send messages to the vehicle's CAN bus, a Command Injection. 2017-02-13 not yet calculated CVE-2016-9337 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9337
BID http://www.securityfocus.com/bid/94697
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-341-01
tre_library_musl_libc -- tre_library_musl_libc
Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write. 2017-02-13 not yet calculated CVE-2016-8859 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8859
MLIST http://www.openwall.com/lists/oss-security/2016/10/19/1
MLIST http://www.openwall.com/lists/oss-security/2016/10/19/10
BID http://www.securityfocus.com/bid/93795
unix -- intersect_alliance_snare_epilog
Cross-site scripting (XSS) vulnerability in InterSect Alliance SNARE Epilog for UNIX version 1.5 allows remote authenticated users to inject arbitrary web script or HTML via the str_log_name parameter in a "Web Admin Portal > Log Configuration > Add" action. 2017-02-17 not yet calculated CVE-2017-5998 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5998
MISC http://arthrocyber.com/research
visonic -- powerlink2
An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. When a specific URL to an image is accessed, the downloaded image carries with it source code used in the web server (INFORMATION EXPOSURE). 2017-02-13 not yet calculated CVE-2016-5813 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5813
BID http://www.securityfocus.com/bid/94894
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-348-01
wago -- wago
An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to edit and to view settings without authenticating. 2017-02-13 not yet calculated CVE-2016-9362 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9362
BID http://www.securityfocus.com/bid/95074
MISC https://ics-cert.us-cert.gov/advisories/ICSA-16-357-02
wso2 -- wso2_identity_server
Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that process XACML requests via an entitlement/eval-policy-submit.jsp request. 2017-02-16 not yet calculated CVE-2016-4311 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4311
MISC http://hyp3rlinx.altervista.org/advisories/WSO2-IDENTITY-SERVER-v5.1.0-XML-External-Entity.txt
MISC http://packetstormsecurity.com/files/138329/WSO2-Identity-Server-5.1.0-XML-Injection.html
BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/539199/100/0/threaded
BID http://www.securityfocus.com/bid/92485
EXPLOIT-DB https://www.exploit-db.com/exploits/40239/
wso2 -- wso2_identity_server
XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery (SSRF) attacks, or have unspecified other impact via a crafted XACML request to entitlement/eval-policy-submit.jsp. NOTE: this issue can be combined with CVE-2016-4311 to exploit the vulnerability without credentials. 2017-02-16 not yet calculated CVE-2016-4312 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4312
MISC http://hyp3rlinx.altervista.org/advisories/WSO2-IDENTITY-SERVER-v5.1.0-XML-External-Entity.txt
MISC http://packetstormsecurity.com/files/138329/WSO2-Identity-Server-5.1.0-XML-Injection.html
BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/539199/100/0/threaded
BID http://www.securityfocus.com/bid/92485
CONFIRM https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2016-0096
EXPLOIT-DB https://www.exploit-db.com/exploits/40239/
xen -- xen
The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access. 2017-02-16 not yet calculated CVE-2016-9637 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9637
BID http://www.securityfocus.com/bid/94699
SECTRACK http://www.securitytracker.com/id/1037397
CONFIRM http://xenbits.xen.org/xsa/advisory-199.html
CONFIRM https://support.citrix.com/article/CTX219136
zabbix -- zabbix
SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php. 2017-02-16 not yet calculated CVE-2016-10134 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10134
MLIST http://www.openwall.com/lists/oss-security/2017/01/12/4
MLIST http://www.openwall.com/lists/oss-security/2017/01/13/4
BID http://www.securityfocus.com/bid/95423
CONFIRM https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850936
CONFIRM https://support.zabbix.com/browse/ZBX-11023
zend_framework -- zend_framework
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression. 2017-02-16 not yet calculated CVE-2016-6233 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6233
BID http://www.securityfocus.com/bid/91802
CONFIRM https://framework.zend.com/security/advisory/ZF2016-02
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT/
zend_framework -- zend_framework
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation. 2017-02-16 not yet calculated CVE-2016-4861 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4861
JVN http://jvn.jp/en/jp/JVN18926672/index.html
JVNDB http://jvndb.jvn.jp/jvndb/JVNDB-2016-000158
CONFIRM https://framework.zend.com/security/advisory/ZF2016-03
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT/
Back to top https://www.us-cert.gov#top
---------------------------------------------
This product is provided subject to this Notification http://www.us-cert.gov/privacy/notification and this Privacy & Use http://www.us-cert.gov/privacy/ policy.
---------------------------------------------
A copy of this publication is available at www.us-cert.gov https://www.us-cert.gov . If you need help or have questions, please send an email to info at us-cert.gov mailto:info at us-cert.gov . Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT at ncas.us-cert.gov to your address book.
OTHER RESOURCES:
Contact Us http://www.us-cert.gov/contact-us/ | Security Publications http://www.us-cert.gov/security-publications | Alerts and Tips http://www.us-cert.gov/ncas | Related Resources http://www.us-cert.gov/related-resources
STAY CONNECTED:
[Sign up for email updates] http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new
SUBSCRIBER SERVICES:
Manage Preferences http://public.govdelivery.com/accounts/USDHSUSCERT/subscribers/new?preferences=true | Unsubscribe https://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/one_click_unsubscribe?verification=5.b03cc84c90ac58ffb6e970add416fb2d&destination=w3hwn%40arrl.net | Help https://subscriberhelp.govdelivery.com/
---------------------------------------------
This email was sent to w3hwn at arrl.net using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (888) 282-0870 [Powered by GovDelivery] http://www.govdelivery.com/portals/powered-by
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amrad.org/pipermail/tacos/attachments/20170220/57c97e69/attachment-0001.html>
More information about the Tacos
mailing list