Fwd: SB17-023: Vulnerability Summary for the Week of January 16, 2017
RICHARD BARTH
w3hwn at comcast.net
Mon Jan 23 12:50:02 CST 2017
-------- Original Message ----------
From: US-CERT <US-CERT at ncas.us-cert.gov>
To: w3hwn at arrl.net
Date: January 23, 2017 at 12:10 PM
Subject: SB17-023: Vulnerability Summary for the Week of January 16, 2017
[U.S. Department of Homeland Security US-CERT]
National Cyber Awareness System:
SB17-023: Vulnerability Summary for the Week of January 16, 2017 https://www.us-cert.gov/ncas/bulletins/SB17-023
01/23/2017 10:20 AM EST
Original release date: January 23, 2017
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology http://www.nist.gov (NIST) National Vulnerability Database http://nvd.nist.gov (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security http://www.dhs.gov (DHS) National Cybersecurity and Communications Integration Center https://www.us-cert.gov/nccic (NCCIC) / United States Computer Emergency Readiness Team https://www.us-cert.gov (US-CERT). For modified or updated entries, please visit the NVD http://nvd.nist.gov , which contains historical vulnerability information.
The vulnerabilities are based on the CVE http://cve.mitre.org/ vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System http://nvd.nist.gov/cvss.cfm (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
* High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
* Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
* Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info
apache -- storm The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors. 2017-01-13 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-3188&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-3188 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3188
MISC http://packetstormsecurity.com/files/132417/Apache-Storm-0.10.0-beta-Code-Execution.html
BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/535804/100/0/threaded
SECTRACK http://www.securitytracker.com/id/1032695
artifex -- mujs An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS before fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045. The attack requires a regular expression with nested repetition. A successful exploitation of this issue can lead to code execution or a denial of service (buffer overflow) condition. 2017-01-13 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10141&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-10141 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10141
CONFIRM http://git.ghostscript.com/?p=mujs.git;h=fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045
CONFIRM https://bugs.ghostscript.com/show_bug.cgi?id=697448
brocade -- network_advisor A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed. 2017-01-14 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8204&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-8204 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8204
CONFIRM https://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-177.htm
brocade -- network_advisor A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed. 2017-01-14 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8205&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-8205 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8205
CONFIRM https://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-178.htm
citrix -- provisioning_services Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. 2017-01-18 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9676&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-9676 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9676
BID http://www.securityfocus.com/bid/95620
SECTRACK http://www.securitytracker.com/id/1037625
CONFIRM https://support.citrix.com/article/CTX219580
citrix -- provisioning_services Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. 2017-01-18 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9678&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-9678 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9678
BID http://www.securityfocus.com/bid/95620
SECTRACK http://www.securitytracker.com/id/1037625
CONFIRM https://support.citrix.com/article/CTX219580
citrix -- provisioning_services Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer. 2017-01-18 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9679&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-9679 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9679
BID http://www.securityfocus.com/bid/95620
SECTRACK http://www.securitytracker.com/id/1037625
CONFIRM https://support.citrix.com/article/CTX219580
fedoraproject -- fedora Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow. 2017-01-13 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-2090&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-2090 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2090
MLIST http://www.openwall.com/lists/oss-security/2016/01/28/5
MISC https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html
CONFIRM https://bugs.freedesktop.org/show_bug.cgi?id=93881
CONFIRM https://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KJE5SPSX7HEKLZ34LUTZLXWPEL2K353/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIQKQ42Z7553D46QY3IMIQKS52QTNIHY/
fedoraproject -- fedora Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. 2017-01-19 7.2 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7543&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-7543 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7543
MLIST http://www.openwall.com/lists/oss-security/2016/09/26/9
BID http://www.securityfocus.com/bid/93183
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7XOQSHU63Y357NHU5FPTFBM6I3YOCQB/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OU3C756YPHDAAPFX76UGZBAQQQ5UMHS5/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z2VRBSIPZDZ75ZQ2DLITHUIDW4W26KVR/
MLIST https://lists.gnu.org/archive/html/bug-bash/2016-09/msg00018.html
GENTOO https://security.gentoo.org/glsa/201701-02
firejail -- firejail Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. 2017-01-19 7.2 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9016&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-9016 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9016
MLIST http://www.openwall.com/lists/oss-security/2016/10/25/3
MLIST http://www.openwall.com/lists/oss-security/2016/10/25/9
BID http://www.securityfocus.com/bid/93899
google -- android An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31676542. References: B-RB#26684. 2017-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9909&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2014-9909 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9909
BID http://www.securityfocus.com/bid/94685
CONFIRM https://source.android.com/security/bulletin/2016-12-01.html
google -- android An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31746399. References: B-RB#26710. 2017-01-18 7.6 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9910&vector=(AV:N/AC:H/Au:N/C:C/I:C/A:C) CVE-2014-9910 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9910
BID http://www.securityfocus.com/bid/94685
CONFIRM https://source.android.com/security/bulletin/2016-12-01.html
graphicsmagick -- graphicsmagick Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries. 2017-01-18 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7996&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-7996 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7996
MLIST http://www.openwall.com/lists/oss-security/2016/10/07/4
MLIST http://www.openwall.com/lists/oss-security/2016/10/08/5
BID http://www.securityfocus.com/bid/93464
intelliants -- subrion_cms includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request. 2017-01-20 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5543&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2017-5543 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5543
CONFIRM https://github.com/intelliants/subrion/issues/297
metalgenix -- genixcms SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter. 2017-01-17 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5517&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2017-5517 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5517
BID http://www.securityfocus.com/bid/95455
CONFIRM https://github.com/semplon/GeniXCMS/issues/66
metalgenix -- genixcms SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter. 2017-01-17 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5519&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2017-5519 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5519
BID http://www.securityfocus.com/bid/95458
CONFIRM https://github.com/semplon/GeniXCMS/issues/67
netbsd -- netbsd CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program. 2017-01-19 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-8212&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2015-8212 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8212
NETBSD http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2016-005.txt.asc
SECTRACK http://www.securitytracker.com/id/1035673
netbsd -- netbsd mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox. 2017-01-20 7.2 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-6253&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-6253 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6253
MISC http://akat1.pl/?id=2
NETBSD http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2016-006.txt.asc
MISC http://packetstormsecurity.com/files/138021/NetBSD-mail.local-8-Local-Root.html
MISC http://www.rapid7.com/db/modules/exploit/unix/local/netbsd_mail_local
BID http://www.securityfocus.com/bid/92101
SECTRACK http://www.securitytracker.com/id/1036429
EXPLOIT-DB https://www.exploit-db.com/exploits/40141/
EXPLOIT-DB https://www.exploit-db.com/exploits/40385/
ntp -- ntp ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet. 2017-01-13 7.1 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9311&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:C) CVE-2016-9311 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9311
CONFIRM http://nwtime.org/ntp428p9_release/
CONFIRM http://support.ntp.org/bin/view/Main/NtpBug3119
CONFIRM http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
BID http://www.securityfocus.com/bid/94444
CERT-VN https://www.kb.cert.org/vuls/id/633847
samsung -- samsung_mobile The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object. 2017-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-6526&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2016-6526 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6526
CONFIRM http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016
MLIST http://www.openwall.com/lists/oss-security/2016/08/05/1
BID http://www.securityfocus.com/bid/92330
samsung -- samsung_mobile The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object. 2017-01-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-6527&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2016-6527 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6527
CONFIRM http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016
MLIST http://www.openwall.com/lists/oss-security/2016/08/05/1
BID http://www.securityfocus.com/bid/92330
selinux_project -- selinux SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. 2017-01-19 7.2 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7545&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-7545 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7545
REDHAT http://rhn.redhat.com/errata/RHSA-2016-2702.html
MLIST http://www.openwall.com/lists/oss-security/2016/09/25/1
BID http://www.securityfocus.com/bid/93156
CONFIRM https://github.com/SELinuxProject/selinux/commit/acca96a135a4d2a028ba9b636886af99c0915379
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPRNK3PWMAVNJZ53YW5GOEOGJSFNAQIF/
MLIST https://marc.info/?l=selinux&m=147465160112766&w=2
sociomantic -- git-hub sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository name. 2017-01-19 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7794&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-7794 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7794
MLIST http://www.openwall.com/lists/oss-security/2016/09/30/2
BID http://www.securityfocus.com/bid/93249
CONFIRM https://github.com/sociomantic-tsunami/git-hub/issues/197
Back to top https://www.us-cert.gov#top
Medium Vulnerabilities
Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info
apache -- groovy main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods. 2017-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-6497&vector=(AV:N/AC:L/Au:N/C:N/I:P/A:N) CVE-2016-6497 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6497
CONFIRM http://svn.apache.org/viewvc/directory/sandbox/szoerner/groovyldap/src/main/java/org/apache/directory/groovyldap/LDAP.java?r1=1765362&r2=1765361&pathrev=1765362&view=patch
MLIST https://mail-archives.apache.org/mod_mbox/directory-users/201610.mbox/%3Cb7d7e909-a8ed-1ab4-c853-4078c1e7624a%40stefan-seelmann.de%3E
MISC https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf
artifex -- mujs The chartorune function in Artifex Software MuJS allows attackers to cause a denial of service (out-of-bounds read) via a * (asterisk) at the end of the input. 2017-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7563&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-7563 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7563
MLIST http://www.openwall.com/lists/oss-security/2016/09/21/5
MLIST http://www.openwall.com/lists/oss-security/2016/09/28/11
CONFIRM https://bugs.ghostscript.com/show_bug.cgi?id=697136
artifex -- mujs Heap-based buffer overflow in the Fp_toString function in jsfunction.c in Artifex Software MuJS allows attackers to cause a denial of service (crash) via crafted input. 2017-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7564&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-7564 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7564
MLIST http://www.openwall.com/lists/oss-security/2016/09/21/5
MLIST http://www.openwall.com/lists/oss-security/2016/09/28/11
CONFIRM https://bugs.ghostscript.com/show_bug.cgi?id=697137
artifex -- mujs Artifex Software MuJS allows attackers to cause a denial of service (crash) via vectors related to incomplete escape sequences. NOTE: this vulnerability exists due to an incomplete fix for CVE-2016-7563. 2017-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9109&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-9109 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9109
MLIST http://www.openwall.com/lists/oss-security/2016/10/30/13
MLIST http://www.openwall.com/lists/oss-security/2016/10/30/4
MLIST http://www.openwall.com/lists/oss-security/2016/11/07/5
BID http://www.securityfocus.com/bid/94150
CONFIRM https://bugs.ghostscript.com/show_bug.cgi?id=697136#c4
atlassian -- confluence Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action. 2017-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-6283&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-6283 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6283
MISC http://packetstormsecurity.com/files/140363/Atlassian-Confluence-5.9.12-Cross-Site-Scripting.html
FULLDISC http://seclists.org/fulldisclosure/2017/Jan/12
FULLDISC http://seclists.org/fulldisclosure/2017/Jan/3
BID http://www.securityfocus.com/bid/95288
EXPLOIT-DB https://www.exploit-db.com/exploits/40989/
b2evolution -- b2evolution Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function. 2017-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7149&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-7149 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7149
MLIST http://www.openwall.com/lists/oss-security/2016/09/12/1
MLIST http://www.openwall.com/lists/oss-security/2016/09/15/4
BID http://www.securityfocus.com/bid/92967
CONFIRM https://github.com/b2evolution/b2evolution/commit/9a4ab85439d1b838ee7b8eeebbf59174bb787811
b2evolution -- b2evolution Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter. 2017-01-15 5.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5480&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:N) CVE-2017-5480 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5480
BID http://www.securityfocus.com/bid/95454
CONFIRM https://github.com/b2evolution/b2evolution/commit/26841d9c81f27ad23b2f6e4bd5eaec7f2f58dfe0
CONFIRM https://github.com/b2evolution/b2evolution/issues/35
blackberry -- enterprise_service A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a device that was legitimately enrolled on the BES. 2017-01-13 6.4 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-3128&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:N) CVE-2016-3128 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3128
CONFIRM http://support.blackberry.com/kb/articleDetail?articleNumber=000038913
BID http://www.securityfocus.com/bid/95624
SECTRACK http://www.securitytracker.com/id/1037585
blackberry -- enterprise_service An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt. 2017-01-13 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-3130&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2016-3130 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3130
CONFIRM http://support.blackberry.com/kb/articleDetail?articleNumber=000038914
SECTRACK http://www.securitytracker.com/id/1037584
blackberry -- vapp A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link. 2017-01-13 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-3890&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-3890 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3890
CONFIRM http://support.blackberry.com/kb/articleDetail?articleNumber=000038915
BID http://www.securityfocus.com/bid/95442
brocade -- network_advisor A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files. 2017-01-14 6.4 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8206&vector=(AV:N/AC:L/Au:N/C:N/I:P/A:P) CVE-2016-8206 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8206
CONFIRM https://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-179.htm
brocade -- network_advisor A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files including files with sensitive user information. 2017-01-14 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8207&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2016-8207 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8207
CONFIRM https://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-180.htm
brocade -- virtual_traffic_manager A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster. 2017-01-14 6.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8201&vector=(AV:N/AC:M/Au:S/C:P/I:P/A:P) CVE-2016-8201 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8201
CONFIRM https://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-209.htm
bzrtp_project -- bzrtp The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception. 2017-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-6271&vector=(AV:N/AC:L/Au:N/C:N/I:P/A:N) CVE-2016-6271 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6271
CONFIRM https://github.com/BelledonneCommunications/bzrtp/commit/bbb1e6e2f467ee4bd7b9a8c800e4f07343d7d99b
ca -- service_desk_management RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request. 2017-01-18 5.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10086&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:N) CVE-2016-10086 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10086
BID http://www.securityfocus.com/bid/95366
SECTRACK http://www.securitytracker.com/id/1037583
CONFIRM https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170109-01-security-notice-for-ca-service-desk-manager.html
citrix -- provisioning_services Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors. 2017-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9677&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2016-9677 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9677
BID http://www.securityfocus.com/bid/95620
SECTRACK http://www.securitytracker.com/id/1037625
CONFIRM https://support.citrix.com/article/CTX219580
citrix -- provisioning_services Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive information from kernel memory via unspecified vectors. 2017-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9680&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2016-9680 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9680
BID http://www.securityfocus.com/bid/95620
SECTRACK http://www.securitytracker.com/id/1037625
CONFIRM https://support.citrix.com/article/CTX219580
cloud_foundry -- capi-release An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a log aggregator via syslog. 2017-01-13 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9882&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2016-9882 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9882
BID http://www.securityfocus.com/bid/95441
CONFIRM https://www.cloudfoundry.org/cve-2016-9882/
cmsmadesimple -- cms_made_simple Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request. 2017-01-16 6.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7904&vector=(AV:N/AC:M/Au:S/C:P/I:P/A:P) CVE-2016-7904 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7904
MISC http://dev.cmsmadesimple.org/project/changelog/5392
MISC http://www.openwall.com/lists/oss-security/2017/01/16/1
BID http://www.securityfocus.com/bid/95453
exponentcms -- exponent_cms Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email. 2017-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-8667&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2015-8667 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8667
CONFIRM https://exponentcms.lighthouseapp.com/projects/61783/tickets/1320-exponent-cms-235-cross-site-scripting-vulnerability
MISC https://packetstormsecurity.com/files/136763/Exponent-CMS-2.3.5-Cross-Site-Scripting.html
exponentcms -- exponent_cms Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then accessing it via the elFinder functionality. 2017-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-8684&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2015-8684 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8684
CONFIRM https://exponentcms.lighthouseapp.com/projects/61783/tickets/1323-exponent-cms-235-file-upload-cross-site-scripting-vulnerability
MISC https://packetstormsecurity.com/files/136762/Exponent-CMS-2.3.5-File-Upload-Cross-Site-Scripting.html
foxitsoftware -- foxit_pdf_toolkit Memory Corruption Vulnerability in Foxit PDF Toolkit v1.3 allows an attacker to cause Denial of Service and Remote Code Execution when the victim opens the specially crafted PDF file. The Vulnerability has been fixed in v2.0. 2017-01-13 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5364&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-5364 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5364
CONFIRM https://www.foxitsoftware.com/support/security-bulletins.php
google -- android An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service (device interoperability: completely permanent or requiring re-flashing the entire operating system). Product: Android. Versions: N/A. Android ID: A-30308784. 2017-01-13 4.9 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8467&vector=(AV:L/AC:L/Au:N/C:N/I:N/A:C) CVE-2016-8467 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8467
BID http://www.securityfocus.com/bid/95250
MISC https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/
CONFIRM https://source.android.com/security/bulletin/2017-01-01.html
google -- android An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android IDs: A-32438594, A-32635664. 2017-01-13 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-0398&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2017-0398 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0398
BID http://www.securityfocus.com/bid/95226
CONFIRM https://source.android.com/security/bulletin/2017-01-01.html
google -- chrome The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page. 2017-01-19 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5196&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-5196 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5196
BID http://www.securityfocus.com/bid/94078
CONFIRM https://chromereleases.googleblog.com/2016/10/chrome-for-android-update_31.html
CONFIRM https://crbug.com/659492
google -- chrome The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbitrary activity on the system via a crafted HTML page. 2017-01-19 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5197&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-5197 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5197
BID http://www.securityfocus.com/bid/94078
CONFIRM https://chromereleases.googleblog.com/2016/10/chrome-for-android-update_31.html
CONFIRM https://crbug.com/659477
google -- chrome V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page. 2017-01-19 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5198&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-5198 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5198
BID http://www.securityfocus.com/bid/94079
CONFIRM https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/659475
google -- chrome An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file. 2017-01-19 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5199&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-5199 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5199
BID http://www.securityfocus.com/bid/94196
CONFIRM https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html
CONFIRM https://crbug.com/643948
google -- chrome V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android incorrectly applied type rules, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2017-01-19 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5200&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-5200 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5200
BID http://www.securityfocus.com/bid/94196
CONFIRM https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html
CONFIRM https://crbug.com/658114
google -- chrome A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page. 2017-01-19 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5201&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2016-5201 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5201
BID http://www.securityfocus.com/bid/94196
CONFIRM https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html
CONFIRM https://crbug.com/660678
google -- chrome A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. 2017-01-19 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5203&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-5203 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5203
BID http://www.securityfocus.com/bid/94633
CONFIRM https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/644219
google -- chrome Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. 2017-01-19 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5204&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-5204 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5204
BID http://www.securityfocus.com/bid/94633
CONFIRM https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/630870
google -- chrome Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac, incorrectly handles deferred page loads, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. 2017-01-19 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5205&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-5205 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5205
BID http://www.securityfocus.com/bid/94633
CONFIRM https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/646610
google -- chrome The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page. 2017-01-19 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5206&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-5206 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5206
BID http://www.securityfocus.com/bid/94633
CONFIRM https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/653749
google -- chrome In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page. 2017-01-19 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5207&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-5207 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5207
BID http://www.securityfocus.com/bid/94633
CONFIRM https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/655904
google -- chrome Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. 2017-01-19 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5208&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-5208 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5208
BID http://www.securityfocus.com/bid/94633
CONFIRM https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/658535
google -- chrome Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2017-01-19 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5209&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-5209 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5209
BID http://www.securityfocus.com/bid/94633
CONFIRM https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/664139
google -- chrome Heap buffer overflow during TIFF image parsing in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. 2017-01-19 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5210&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-5210 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5210
BID http://www.securityfocus.com/bid/94633
CONFIRM https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/654183
google -- chrome A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. 2017-01-19 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5211&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-5211 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5211
BID http://www.securityfocus.com/bid/94633
CONFIRM https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/649229
google -- chrome Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android insufficiently sanitized DevTools URLs, which allowed a remote attacker to read local files via a crafted HTML page. 2017-01-19 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5212&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2016-5212 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5212
BID http://www.securityfocus.com/bid/94633
CONFIRM https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/653134
google -- chrome A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2017-01-19 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5213&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-5213 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5213
BID http://www.securityfocus.com/bid/94633
CONFIRM https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/652548
google -- chrome Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files, which allowed a remote attacker to prevent the downloaded file from receiving the Mark of the Web via a crafted HTML page. 2017-01-19 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5214&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-5214 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5214
BID http://www.securityfocus.com/bid/94633
CONFIRM https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/601538
google -- chrome A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. 2017-01-19 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5215&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-5215 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5215
BID http://www.securityfocus.com/bid/94633
CONFIRM https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/619463
google -- chrome A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. 2017-01-19 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5216&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-5216 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5216
BID http://www.securityfocus.com/bid/94633
CONFIRM https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/653090
google -- chrome The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page. 2017-01-19 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5217&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-5217 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5217
BID http://www.securityfocus.com/bid/94633
CONFIRM https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/654280
google -- chrome The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox (URL bar) via a crafted HTML page containing PDF data. 2017-01-19 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5218&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-5218 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5218
BID http://www.securityfocus.com/bid/94633
CONFIRM https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/660498
google -- chrome A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2017-01-19 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5219&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-5219 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5219
BID http://www.securityfocus.com/bid/94633
CONFIRM https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/657568
google -- chrome PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to read local files via a crafted PDF file. 2017-01-19 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5220&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2016-5220 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5220
BID http://www.securityfocus.com/bid/94633
CONFIRM https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/654279
google -- chrome Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android possibly allowed a remote attacker to bypass buffer validation via a crafted HTML page. 2017-01-19 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5221&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-5221 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5221
BID http://www.securityfocus.com/bid/94633
CONFIRM https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/660854
google -- chrome Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2017-01-19 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5222&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-5222 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5222
BID http://www.securityfocus.com/bid/94633
CONFIRM https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/657720
google -- chrome Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption or DoS via a crafted PDF file. 2017-01-19 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5223&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-5223 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5223
BID http://www.securityfocus.com/bid/94633
CONFIRM https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/652038
google -- chrome A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page. 2017-01-19 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5224&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-5224 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5224
BID http://www.securityfocus.com/bid/94633
CONFIRM https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/615851
google -- chrome Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page. 2017-01-19 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5225&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-5225 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5225
BID http://www.securityfocus.com/bid/94633
CONFIRM https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/630332
google -- chrome Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar. 2017-01-19 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5226&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-5226 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5226
BID http://www.securityfocus.com/bid/94633
CONFIRM https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/639750
google -- chrome Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page. 2017-01-19 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9650&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-9650 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9650
BID http://www.securityfocus.com/bid/94633
CONFIRM https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html
CONFIRM https://crbug.com/653034
graphicsmagick -- graphicsmagick The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer. 2017-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7997&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-7997 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7997
MLIST http://www.openwall.com/lists/oss-security/2016/10/07/4
MLIST http://www.openwall.com/lists/oss-security/2016/10/08/5
BID http://www.securityfocus.com/bid/93467
gstreamer -- gstreamer The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file. 2017-01-13 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9807&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-9807 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9807
MLIST http://www.openwall.com/lists/oss-security/2016/12/01/2
MLIST http://www.openwall.com/lists/oss-security/2016/12/05/8
BID http://www.securityfocus.com/bid/95148
CONFIRM https://bugzilla.gnome.org/show_bug.cgi?id=774859
CONFIRM https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
CONFIRM https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
gstreamer -- gstreamer The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs. 2017-01-13 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9808&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-9808 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9808
MLIST http://www.openwall.com/lists/oss-security/2016/12/01/2
MLIST http://www.openwall.com/lists/oss-security/2016/12/05/8
BID http://www.securityfocus.com/bid/95446
CONFIRM https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
MISC https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-incorrect-fix-for-gstreamer.html
gstreamer -- gstreamer Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read. 2017-01-13 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9809&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-9809 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9809
MLIST http://www.openwall.com/lists/oss-security/2016/12/01/2
MLIST http://www.openwall.com/lists/oss-security/2016/12/05/8
BID http://www.securityfocus.com/bid/95147
CONFIRM https://bugzilla.gnome.org/show_bug.cgi?id=774896
CONFIRM https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
gstreamer -- gstreamer The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call. 2017-01-13 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9810&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-9810 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9810
MLIST http://www.openwall.com/lists/oss-security/2016/12/01/2
MLIST http://www.openwall.com/lists/oss-security/2016/12/05/8
BID http://www.securityfocus.com/bid/95163
CONFIRM https://bugzilla.gnome.org/show_bug.cgi?id=774897
CONFIRM https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
gstreamer -- gstreamer The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. 2017-01-13 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9811&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-9811 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9811
MLIST http://www.openwall.com/lists/oss-security/2016/12/01/2
MLIST http://www.openwall.com/lists/oss-security/2016/12/05/8
BID http://www.securityfocus.com/bid/95161
CONFIRM https://bugzilla.gnome.org/show_bug.cgi?id=774902
CONFIRM https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
gstreamer -- gstreamer The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section. 2017-01-13 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9812&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-9812 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9812
MLIST http://www.openwall.com/lists/oss-security/2016/12/01/2
MLIST http://www.openwall.com/lists/oss-security/2016/12/05/8
BID http://www.securityfocus.com/bid/95160
CONFIRM https://bugzilla.gnome.org/show_bug.cgi?id=775048
CONFIRM https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
gstreamer -- gstreamer The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. 2017-01-13 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9813&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-9813 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9813
MLIST http://www.openwall.com/lists/oss-security/2016/12/01/2
MLIST http://www.openwall.com/lists/oss-security/2016/12/05/8
BID http://www.securityfocus.com/bid/95158
CONFIRM https://bugzilla.gnome.org/show_bug.cgi?id=775120
CONFIRM https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
hexchat_project -- hexchat Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name. 2017-01-18 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-2087&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-2087 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2087
MISC http://packetstormsecurity.com/files/136564/Hexchat-IRC-Client-2.11.0-Directory-Traversal.html
EXPLOIT-DB https://www.exploit-db.com/exploits/39656/
hexchat_project -- hexchat Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash) via a large number of options in a CAP LS message. 2017-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-2233&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-2233 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2233
MISC http://packetstormsecurity.com/files/136563/Hexchat-IRC-Client-2.11.0-CAP-LS-Handling-Buffer-Overflow.html
EXPLOIT-DB https://www.exploit-db.com/exploits/39657/
ietf -- ipv6 An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and can subsequently perform any type of fragmentation-based attack against legacy IPv6 nodes that do not implement [RFC6946]. That is, employing fragmentation where not actually needed allows for fragmentation-based attack vectors to be employed, unnecessarily. We note that, unfortunately, even nodes that already implement [RFC6946] can be subject to DoS attacks as a result of the generation of IPv6 atomic fragments. Let us assume that Host A is communicating with Host B and that, as a result of the widespread dropping of IPv6 packets that contain extension headers (including fragmentation) [RFC7872], some intermediate node filters fragments between Host B and Host A. If an attacker sends a forged ICMPv6 PTB error message to Host B, reporting an MTU smaller than 1280, this will trigger the generation of IPv6 atomic fragments from that moment on (as required by [RFC2460]). When Host B starts sending IPv6 atomic fragments (in response to the received ICMPv6 PTB error message), these packets will be dropped, since we previously noted that IPv6 packets with extension headers were being dropped between Host B and Host A. Thus, this situation will result in a DoS scenario. Another possible scenario is that in which two BGP peers are employing IPv6 transport and they implement Access Control Lists (ACLs) to drop IPv6 fragments (to avoid control-plane attacks). If the aforementioned BGP peers drop IPv6 fragments but still honor received ICMPv6 PTB error messages, an attacker could easily attack the corresponding peering session by simply sending an ICMPv6 PTB message with a reported MTU smaller than 1280 bytes. Once the attack packet has been sent, the aforementioned routers will themselves be the ones dropping their own traffic. 2017-01-14 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10142&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-10142 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10142
MISC https://tools.ietf.org/html/draft-ietf-6man-deprecate-atomfrag-generation-08
MISC https://tools.ietf.org/html/rfc8021
imagemagick -- imagemagick Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write. 2017-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-6823&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-6823 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6823
MLIST http://www.openwall.com/lists/oss-security/2016/09/26/3
BID http://www.securityfocus.com/bid/93158
CONFIRM https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834504
CONFIRM https://github.com/ImageMagick/ImageMagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323
imagemagick -- imagemagick The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file. 2017-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7101&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-7101 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7101
MLIST http://www.openwall.com/lists/oss-security/2016/09/26/8
BID http://www.securityfocus.com/bid/93181
CONFIRM https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836776
CONFIRM https://github.com/ImageMagick/ImageMagick/commit/7afcf9f71043df15508e46f079387bd4689a738d
CONFIRM https://github.com/ImageMagick/ImageMagick/commit/8f8959033e4e59418d6506b345829af1f7a71127
imagemagick -- imagemagick MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. 2017-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7799&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-7799 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7799
MLIST http://www.openwall.com/lists/oss-security/2016/10/01/4
MLIST http://www.openwall.com/lists/oss-security/2016/10/01/6
BID http://www.securityfocus.com/bid/93264
CONFIRM https://github.com/ImageMagick/ImageMagick/commit/a7bb158b7bedd1449a34432feb3a67c8f1873bfa
CONFIRM https://github.com/ImageMagick/ImageMagick/issues/280
imagemagick -- imagemagick magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file. 2017-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7906&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-7906 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7906
MLIST http://www.openwall.com/lists/oss-security/2016/10/02/1
MLIST http://www.openwall.com/lists/oss-security/2016/10/02/3
BID http://www.securityfocus.com/bid/93271
CONFIRM https://github.com/ImageMagick/ImageMagick/commit/d63a3c5729df59f183e9e110d5d8385d17caaad0
CONFIRM https://github.com/ImageMagick/ImageMagick/issues/281
jasper_project -- jasper The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. 2017-01-13 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8882&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-8882 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8882
MLIST http://www.openwall.com/lists/oss-security/2016/10/17/1
MLIST http://www.openwall.com/lists/oss-security/2016/10/23/8
CONFIRM https://github.com/mdadams/jasper/issues/30
jasper_project -- jasper The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. 2017-01-13 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8883&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-8883 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8883
MLIST http://www.openwall.com/lists/oss-security/2016/10/17/1
MLIST http://www.openwall.com/lists/oss-security/2016/10/23/8
CONFIRM https://github.com/mdadams/jasper/issues/32
jcraft -- jsch Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command. 2017-01-19 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5725&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-5725 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5725
MISC http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html
FULLDISC http://seclists.org/fulldisclosure/2016/Sep/53
CONFIRM http://www.jcraft.com/jsch/ChangeLog
BID http://www.securityfocus.com/bid/93100
MISC https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725
EXPLOIT-DB https://www.exploit-db.com/exploits/40411/
lg -- lg_mobile An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are accessible to any application that resides on the device. Namely, the com.mediatek.mtklogger.framework.LogReceiver and com.mediatek.mtklogger.framework.MTKLoggerService application components are exported since they contain an intent filter, are not protected by a custom permission, and do not explicitly set the android:exported attribute to false. Therefore, these components are exported by default and are thus accessible to any third party application by using android.content.Intent object for communication. These application components can be used to start and stop the logs using Intent objects with embedded data. The available logs are the GPS log, modem log, network log, and mobile log. The base directory that contains the directories for the 4 types of logs is /sdcard/mtklog which makes them accessible to apps that require the READ_EXTERNAL_STORAGE permission. The GPS log contains the GPS coordinates of the user as well as a timestamp for the coordinates. The modem log contains AT commands and their parameters which allow the user's outgoing and incoming calls and text messages to be obtained. The network log is a tcpdump network capture. The mobile log contains the Android log, which is not available to third-party apps as of Android 4.1. The LG ID is LVE-SMP-160019. 2017-01-13 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10135&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2016-10135 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10135
MISC https://lgsecurity.lge.com/security_updates.html
libical_project -- libical libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file. 2017-01-18 6.4 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9584&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:P) CVE-2016-9584 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9584
MLIST http://www.openwall.com/lists/oss-security/2016/12/15/5
BID http://www.securityfocus.com/bid/94948
libtiff -- libtiff Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff. 2017-01-20 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5318&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-5318 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5318
MLIST http://www.openwall.com/lists/oss-security/2016/04/27/6
MLIST http://www.openwall.com/lists/oss-security/2016/06/07/1
BID http://www.securityfocus.com/bid/88604
libtiff -- libtiff Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file. 2017-01-20 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5319&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-5319 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5319
MLIST http://www.openwall.com/lists/oss-security/2016/04/27/6
MLIST http://www.openwall.com/lists/oss-security/2016/06/07/1
BID http://www.securityfocus.com/bid/88604
libtiff -- libtiff tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode. 2017-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9273&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-9273 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9273
CONFIRM http://bugzilla.maptools.org/show_bug.cgi?id=2587
MLIST http://www.openwall.com/lists/oss-security/2016/11/09/20
MLIST http://www.openwall.com/lists/oss-security/2016/11/11/6
BID http://www.securityfocus.com/bid/94271
libtiff -- libtiff The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values. 2017-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9297&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-9297 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9297
CONFIRM http://bugzilla.maptools.org/show_bug.cgi?id=2590
MLIST http://www.openwall.com/lists/oss-security/2016/11/12/2
MLIST http://www.openwall.com/lists/oss-security/2016/11/14/7
BID http://www.securityfocus.com/bid/94419
liferay -- liferay_portal Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template. 2017-01-13 6.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2010-5327&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P) CVE-2010-5327 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5327
CONFIRM https://dev.liferay.com/web/community-security-team/known-vulnerabilities
CONFIRM https://dev.liferay.com/web/community-security-team/known-vulnerabilities/-/asset_publisher/4AHAYapUm8Xc/content/lps-64547-remote-code-execution-and-privilege-escalation-in-templates
CONFIRM https://github.com/liferay/liferay-portal/commit/90c4e85a8f8135f069f3f05e4d54a77704769f91
CONFIRM https://issues.liferay.com/browse/LPE-14964
CONFIRM https://issues.liferay.com/browse/LPS-64547
CONFIRM https://issues.liferay.com/browse/LPS-7087
linux -- linux_kernel crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5). 2017-01-18 4.9 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10147&vector=(AV:L/AC:L/Au:N/C:N/I:N/A:C) CVE-2016-10147 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10147
CONFIRM http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=48a992727d82cb7db076fa15d372178743b1f4cd
MLIST http://marc.info/?l=linux-crypto-vger&m=148063683310477&w=2
CONFIRM http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.15
MLIST http://www.openwall.com/lists/oss-security/2017/01/17/13
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1404200
CONFIRM https://github.com/torvalds/linux/commit/48a992727d82cb7db076fa15d372178743b1f4cd
matrixssl -- matrixssl The pstm_exptmod function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid free and crash) via a base zero value for the modular exponentiation. 2017-01-13 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-6885&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-6885 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6885
CONFIRM http://www.matrixssl.org/blog/releases/matrixssl_3_8_4
MISC https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html
matrixssl -- matrixssl The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret key during RSA key exchange. 2017-01-13 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-6886&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-6886 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6886
CONFIRM http://www.matrixssl.org/blog/releases/matrixssl_3_8_4
BID http://www.securityfocus.com/bid/92604
MISC https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html
matrixssl -- matrixssl The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack. 2017-01-13 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-6887&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2016-6887 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6887
CONFIRM http://www.matrixssl.org/blog/releases/matrixssl_3_8_4
MISC https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html
matrixssl -- matrixssl The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6887. 2017-01-13 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8671&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2016-8671 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8671
MLIST http://www.openwall.com/lists/oss-security/2016/10/15/2
MLIST http://www.openwall.com/lists/oss-security/2016/10/15/8
BID http://www.securityfocus.com/bid/95439
MISC https://blog.fuzzing-project.org/54-Update-on-MatrixSSL-miscalculation-CVE-2016-8671,-incomplete-fix-for-CVE-2016-6887.html
metalgenix -- genixcms Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters. 2017-01-17 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5516&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-5516 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5516
BID http://www.securityfocus.com/bid/95622
CONFIRM https://github.com/semplon/GeniXCMS/issues/65
metalgenix -- genixcms The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address. 2017-01-17 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5518&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-5518 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5518
BID http://www.securityfocus.com/bid/95462
CONFIRM https://github.com/semplon/GeniXCMS/issues/64
metalgenix -- genixcms The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions. 2017-01-17 6.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5520&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P) CVE-2017-5520 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5520
BID http://www.securityfocus.com/bid/95460
CONFIRM https://github.com/semplon/GeniXCMS/issues/62
moodle -- moodle In Moodle 3.x, glossary search displays entries without checking user permissions to view them. 2017-01-20 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5012&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2016-5012 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5012
CONFIRM https://moodle.org/mod/forum/discuss.php?d=336697
moodle -- moodle In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam. 2017-01-20 5.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5013&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N) CVE-2016-5013 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5013
CONFIRM https://moodle.org/mod/forum/discuss.php?d=336698
moodle -- moodle In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course. 2017-01-20 5.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5014&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N) CVE-2016-5014 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5014
CONFIRM https://moodle.org/mod/forum/discuss.php?d=336699
moodle -- moodle In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed. 2017-01-20 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7038&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2016-7038 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7038
CONFIRM https://moodle.org/mod/forum/discuss.php?d=339631
moodle -- moodle In Moodle 2.x and 3.x, the question engine allows access to files that should not be available. 2017-01-20 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8642&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2016-8642 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8642
CONFIRM https://moodle.org/mod/forum/discuss.php?d=343275
moodle -- moodle In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services. 2017-01-20 4.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8643&vector=(AV:N/AC:L/Au:S/C:N/I:P/A:N) CVE-2016-8643 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8643
CONFIRM https://moodle.org/mod/forum/discuss.php?d=343276
moodle -- moodle In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. 2017-01-20 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8644&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2016-8644 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8644
CONFIRM https://moodle.org/mod/forum/discuss.php?d=343277
moodle -- moodle In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. 2017-01-20 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2576&vector=(AV:N/AC:L/Au:N/C:N/I:P/A:N) CVE-2017-2576 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2576
CONFIRM https://moodle.org/mod/forum/discuss.php?d=345912
moodle -- moodle In Moodle 3.x, there is XSS in the assignment submission page. 2017-01-20 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2578&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-2578 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2578
CONFIRM https://moodle.org/mod/forum/discuss.php?d=345915
novell -- opensuse The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers tocause a denial of service (invalid read and crash) via a crafted tiff image. 2017-01-20 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5321&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-5321 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5321
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html
ntop -- ntop Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua. 2017-01-14 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5473&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-5473 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5473
CONFIRM https://github.com/ntop/ntopng/commit/1b2ceac8f578a246af6351c4f476e3102cdf21b3
CONFIRM https://github.com/ntop/ntopng/commit/f91fbe3d94c8346884271838ae3406ae633f6f15
ntp -- ntp NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. 2017-01-13 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7426&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-7426 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7426
CONFIRM http://nwtime.org/ntp428p9_release/
CONFIRM http://support.ntp.org/bin/view/Main/NtpBug3071
CONFIRM http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
BID http://www.securityfocus.com/bid/94451
CERT-VN https://www.kb.cert.org/vuls/id/633847
ntp -- ntp NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use. 2017-01-13 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7429&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-7429 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7429
CONFIRM http://nwtime.org/ntp428p9_release/
CONFIRM http://support.ntp.org/bin/view/Main/NtpBug3072
CONFIRM http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
BID http://www.securityfocus.com/bid/94453
CERT-VN https://www.kb.cert.org/vuls/id/633847
ntp -- ntp NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression. 2017-01-13 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7431&vector=(AV:N/AC:L/Au:N/C:N/I:P/A:N) CVE-2016-7431 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7431
CONFIRM http://nwtime.org/ntp428p9_release/
CONFIRM http://support.ntp.org/bin/view/Main/NtpBug3102
CONFIRM http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
BID http://www.securityfocus.com/bid/94454
CERT-VN https://www.kb.cert.org/vuls/id/633847
ntp -- ntp NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion." 2017-01-13 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7433&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-7433 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7433
CONFIRM http://nwtime.org/ntp428p9_release/
CONFIRM http://support.ntp.org/bin/view/Main/NtpBug3067
CONFIRM http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
BID http://www.securityfocus.com/bid/94455
CERT-VN https://www.kb.cert.org/vuls/id/633847
ntp -- ntp The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query. 2017-01-13 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7434&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-7434 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7434
CONFIRM http://nwtime.org/ntp428p9_release/
CONFIRM http://support.ntp.org/bin/view/Main/NtpBug3082
CONFIRM http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
BID http://www.securityfocus.com/bid/94448
CERT-VN https://www.kb.cert.org/vuls/id/633847
ntp -- ntp The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. 2017-01-13 6.4 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9310&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:P) CVE-2016-9310 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9310
CONFIRM http://nwtime.org/ntp428p9_release/
CONFIRM http://support.ntp.org/bin/view/Main/NtpBug3118
CONFIRM http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
BID http://www.securityfocus.com/bid/94452
CERT-VN https://www.kb.cert.org/vuls/id/633847
ntp -- ntp ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet. 2017-01-13 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9312&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-9312 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9312
CONFIRM http://nwtime.org/ntp428p9_release/
CONFIRM http://support.ntp.org/bin/view/Main/NtpBug3110
CONFIRM http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
BID http://www.securityfocus.com/bid/94450
CERT-VN https://www.kb.cert.org/vuls/id/633847
opensuse_project -- opensuse Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool. 2017-01-20 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5316&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-5316 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5316
SUSE http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html
SUSE http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html
SUSE http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html
MLIST http://www.openwall.com/lists/oss-security/2016/06/15/3
opensuse_project -- opensuse Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file. 2017-01-20 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5317&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-5317 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5317
SUSE http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html
SUSE http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html
SUSE http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html
MLIST http://www.openwall.com/lists/oss-security/2016/06/15/10
MLIST http://www.openwall.com/lists/oss-security/2016/06/15/5
opensuse_project -- opensuse The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image. 2017-01-20 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5323&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-5323 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5323
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html
MLIST http://www.openwall.com/lists/oss-security/2016/06/15/6
otr -- gajim-otr The OTR plugin for Gajim sends information in cleartext when using XHTML, which allows remote attackers to obtain sensitive information via unspecified vectors. 2017-01-13 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9107&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2016-9107 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9107
MLIST http://www.openwall.com/lists/oss-security/2016/10/30/11
MLIST http://www.openwall.com/lists/oss-security/2016/10/30/2
BID http://www.securityfocus.com/bid/94099
CONFIRM https://dev.gajim.org/gajim/gajim-plugins/issues/145
CONFIRM https://trac-plugins.gajim.org/changeset/c7c2e519ed63377bc943dd01c4661b0fe49321ae
s9y -- serendipity Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header. 2017-01-14 5.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5474&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N) CVE-2017-5474 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5474
CONFIRM https://github.com/s9y/Serendipity/commit/6285933470bab2923e4573b5d54ba9a32629b0cd
s9y -- serendipity comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments. 2017-01-14 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5475&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-5475 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5475
CONFIRM https://github.com/s9y/Serendipity/issues/439
s9y -- serendipity Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin. 2017-01-14 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5476&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-5476 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5476
CONFIRM https://github.com/s9y/Serendipity/issues/439
samsung -- exynos_fimg2d_driver The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows local users to cause a denial of service (kernel panic) via a crafted ioctl command. 2017-01-18 4.9 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9278&vector=(AV:L/AC:L/Au:N/C:N/I:N/A:C) CVE-2016-9278 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9278
CONFIRM http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016
MLIST http://www.openwall.com/lists/oss-security/2016/11/09/3
MLIST http://www.openwall.com/lists/oss-security/2016/11/11/11
BID http://www.securityfocus.com/bid/94283
samsung -- exynos_fimg2d_driver Use-after-free vulnerability in the Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows attackers to obtain sensitive information via unspecified vectors. 2017-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9279&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2016-9279 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9279
CONFIRM http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016
MLIST http://www.openwall.com/lists/oss-security/2016/11/09/3
MLIST http://www.openwall.com/lists/oss-security/2016/11/11/11
BID http://www.securityfocus.com/bid/94283
sociomantic -- git-hub sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL. 2017-01-19 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7793&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-7793 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7793
MLIST http://www.openwall.com/lists/oss-security/2016/09/30/2
BID http://www.securityfocus.com/bid/93249
CONFIRM https://github.com/sociomantic-tsunami/git-hub/issues/197
spip -- spip Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code. 2017-01-18 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7980&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-7980 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7980
MLIST http://www.openwall.com/lists/oss-security/2016/10/05/17
MLIST http://www.openwall.com/lists/oss-security/2016/10/06/6
MLIST http://www.openwall.com/lists/oss-security/2016/10/12/6
BID http://www.securityfocus.com/bid/93451
CONFIRM https://core.spip.net/projects/spip/repository/revisions/23201
CONFIRM https://core.spip.net/projects/spip/repository/revisions/23202
CONFIRM https://core.spip.net/projects/spip/repository/revisions/23203
spip -- spip Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action. 2017-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7981&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-7981 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7981
MLIST http://www.openwall.com/lists/oss-security/2016/10/05/17
MLIST http://www.openwall.com/lists/oss-security/2016/10/06/6
MLIST http://www.openwall.com/lists/oss-security/2016/10/12/7
BID http://www.securityfocus.com/bid/93451
CONFIRM https://core.spip.net/projects/spip/repository/revisions/23200
CONFIRM https://core.spip.net/projects/spip/repository/revisions/23201
CONFIRM https://core.spip.net/projects/spip/repository/revisions/23202
spip -- spip Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action. 2017-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7982&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2016-7982 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7982
MLIST http://www.openwall.com/lists/oss-security/2016/10/05/17
MLIST http://www.openwall.com/lists/oss-security/2016/10/06/6
MLIST http://www.openwall.com/lists/oss-security/2016/10/12/8
BID http://www.securityfocus.com/bid/93451
CONFIRM https://core.spip.net/projects/spip/repository/revisions/23200
spip -- spip The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action. 2017-01-18 6.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7998&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P) CVE-2016-7998 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7998
MLIST http://www.openwall.com/lists/oss-security/2016/10/05/17
MLIST http://www.openwall.com/lists/oss-security/2016/10/07/5
MLIST http://www.openwall.com/lists/oss-security/2016/10/08/6
BID http://www.securityfocus.com/bid/93451
CONFIRM https://core.spip.net/projects/spip/repository/revisions/23186
CONFIRM https://core.spip.net/projects/spip/repository/revisions/23189
CONFIRM https://core.spip.net/projects/spip/repository/revisions/23192
spip -- spip ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action. 2017-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7999&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-7999 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7999
MLIST http://www.openwall.com/lists/oss-security/2016/10/05/17
MLIST http://www.openwall.com/lists/oss-security/2016/10/07/5
MLIST http://www.openwall.com/lists/oss-security/2016/10/08/6
MLIST http://www.openwall.com/lists/oss-security/2016/10/12/10
BID http://www.securityfocus.com/bid/93451
CONFIRM https://core.spip.net/projects/spip/repository/revisions/23188
CONFIRM https://core.spip.net/projects/spip/repository/revisions/23193
symphony-cms -- symphony_cms Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder parameters. 2017-01-20 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5541&vector=(AV:N/AC:L/Au:N/C:N/I:P/A:N) CVE-2017-5541 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5541
CONFIRM https://github.com/symphonycms/symphony-2/issues/2639
CONFIRM https://github.com/symphonycms/symphony-2/releases/tag/2.6.10
symphony-cms -- symphony_cms Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter. 2017-01-20 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5542&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-5542 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5542
CONFIRM https://github.com/symphonycms/symphony-2/issues/2639
CONFIRM https://github.com/symphonycms/symphony-2/releases/tag/2.6.10
tiki -- tikiwiki_cms/groupware A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field. 2017-01-20 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10143&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2016-10143 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10143
CONFIRM https://dev.tiki.org/item6174
CONFIRM https://sourceforge.net/p/tikiwiki/code/60308/
tqdm_project -- tqdm The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory. 2017-01-19 4.6 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10075&vector=(AV:L/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-10075 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10075
MLIST http://www.openwall.com/lists/oss-security/2016/12/28/8
BID http://www.securityfocus.com/bid/95143
MISC https://github.com/tqdm/tqdm/issues/328
unrealircd -- unrealircd The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter. 2017-01-18 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7144&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-7144 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7144
MLIST http://www.openwall.com/lists/oss-security/2016/09/04/3
MLIST http://www.openwall.com/lists/oss-security/2016/09/05/8
BID http://www.securityfocus.com/bid/92763
CONFIRM https://forums.unrealircd.org/viewtopic.php?f=1&t=8588
CONFIRM https://github.com/unrealircd/unrealircd/commit/f473e355e1dc422c4f019dbf86bc50ba1a34a766
viprinet -- multichannel_vpn_router_300_firmware Multiple cross-site scripting (XSS) vulnerabilities in the 'old' and 'new' interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool. 2017-01-20 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-2045&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2014-2045 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2045
MISC http://packetstormsecurity.com/files/135613/Viprinet-Multichannel-VPN-Router-300-Cross-Site-Scripting.html
FULLDISC http://seclists.org/fulldisclosure/2016/Feb/8
BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/537441/100/0/threaded
EXPLOIT-DB https://www.exploit-db.com/exploits/39407/
MISC https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/
viprinet -- multichannel_vpn_router_300_firmware The hardware VPN client in Viprinet MultichannelVPN Router 300 verison 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows an attacker to perform a Man in the Middle attack. 2017-01-20 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9754&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2014-9754 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9754
MISC http://packetstormsecurity.com/files/135614/Viprinet-Multichannel-VPN-Router-300-Identity-Verification-Fail.html
FULLDISC http://seclists.org/fulldisclosure/2016/Feb/8
BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/537441/100/0/threaded
viprinet -- multichannel_vpn_router_300_firmware The hardware VPN client in Viprinet MultichannelVPN Router 300 verison 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows remote attackers to perform a replay attack. 2017-01-20 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9755&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2014-9755 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9755
MISC http://packetstormsecurity.com/files/135614/Viprinet-Multichannel-VPN-Router-300-Identity-Verification-Fail.html
FULLDISC http://seclists.org/fulldisclosure/2016/Feb/8
BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/537441/100/0/threaded
w3m_project -- w3m The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags. 2017-01-20 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9435&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-9435 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9435
SUSE http://lists.opensuse.org/opensuse-updates/2016-12/msg00084.html
MLIST http://www.openwall.com/lists/oss-security/2016/11/18/3
BID http://www.securityfocus.com/bid/94407
CONFIRM https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd
MISC https://github.com/tats/w3m/issues/16
GENTOO https://security.gentoo.org/glsa/201701-08
w3m_project -- w3m parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag. 2017-01-20 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9436&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-9436 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9436
SUSE http://lists.opensuse.org/opensuse-updates/2016-12/msg00084.html
MLIST http://www.openwall.com/lists/oss-security/2016/11/18/3
BID http://www.securityfocus.com/bid/94407
CONFIRM https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd
MISC https://github.com/tats/w3m/issues/16
GENTOO https://security.gentoo.org/glsa/201701-08
wordpress -- wordpress The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896. 2017-01-18 4.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10148&vector=(AV:N/AC:L/Au:S/C:P/I:N/A:N) CVE-2016-10148 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10148
MLIST http://www.openwall.com/lists/oss-security/2016/08/20/1
CONFIRM https://core.trac.wordpress.org/changeset/38168
CONFIRM https://core.trac.wordpress.org/ticket/37490
MISC https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html
wordpress -- wordpress Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool. 2017-01-18 5.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-6896&vector=(AV:N/AC:L/Au:S/C:P/I:N/A:P) CVE-2016-6896 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6896
MLIST http://www.openwall.com/lists/oss-security/2016/08/20/1
MISC https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html
wordpress -- wordpress Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896. 2017-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-6897&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2016-6897 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6897
MLIST http://www.openwall.com/lists/oss-security/2016/08/20/1
BID http://www.securityfocus.com/bid/92572
CONFIRM https://github.com/WordPress/WordPress/commit/8c82515ab62b88fb32d01c9778f0204b296f3568
MISC https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html
wordpress -- wordpress wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request. 2017-01-14 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5487&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2017-5487 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5487
MLIST http://www.openwall.com/lists/oss-security/2017/01/14/6
BID http://www.securityfocus.com/bid/95391
CONFIRM https://codex.wordpress.org/Version_4.7.1
CONFIRM https://github.com/WordPress/WordPress/commit/daf358983cc1ce0c77bf6d2de2ebbb43df2add60
CONFIRM https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
MISC https://www.wordfence.com/blog/2016/12/wordfence-blocks-username-harvesting-via-new-rest-api-wp-4-7/
wordpress -- wordpress Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin. 2017-01-14 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5488&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-5488 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5488
MLIST http://www.openwall.com/lists/oss-security/2017/01/14/6
BID http://www.securityfocus.com/bid/95397
CONFIRM https://codex.wordpress.org/Version_4.7.1
CONFIRM https://github.com/WordPress/WordPress/commit/c9ea1de1441bb3bda133bf72d513ca9de66566c2
CONFIRM https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
wordpress -- wordpress Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload. 2017-01-14 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5489&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-5489 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5489
MLIST http://www.openwall.com/lists/oss-security/2017/01/14/6
BID http://www.securityfocus.com/bid/95399
CONFIRM https://codex.wordpress.org/Version_4.7.1
CONFIRM https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
wordpress -- wordpress Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php. 2017-01-14 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5490&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-5490 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5490
MLIST http://www.openwall.com/lists/oss-security/2017/01/14/6
BID http://www.securityfocus.com/bid/95402
CONFIRM https://codex.wordpress.org/Version_4.7.1
CONFIRM https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359
CONFIRM https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
MISC https://www.mehmetince.net/low-severity-wordpress/
wordpress -- wordpress wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name. 2017-01-14 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5491&vector=(AV:N/AC:L/Au:N/C:N/I:P/A:N) CVE-2017-5491 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5491
MLIST http://www.openwall.com/lists/oss-security/2017/01/14/6
BID http://www.securityfocus.com/bid/95406
CONFIRM https://codex.wordpress.org/Version_4.7.1
CONFIRM https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
CONFIRM https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
wordpress -- wordpress Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php. 2017-01-14 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5492&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-5492 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5492
MLIST http://www.openwall.com/lists/oss-security/2017/01/14/6
BID http://www.securityfocus.com/bid/95407
CONFIRM https://codex.wordpress.org/Version_4.7.1
CONFIRM https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
CONFIRM https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
wordpress -- wordpress wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup. 2017-01-14 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5493&vector=(AV:N/AC:L/Au:N/C:N/I:P/A:N) CVE-2017-5493 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5493
MLIST http://www.openwall.com/lists/oss-security/2017/01/14/6
BID http://www.securityfocus.com/bid/95401
CONFIRM https://codex.wordpress.org/Version_4.7.1
CONFIRM https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
CONFIRM https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
zimbra -- zimbra_collaboration_suite Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to affect integrity via unknown vectors, aka bug 99810. 2017-01-18 4.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-3401&vector=(AV:N/AC:L/Au:S/C:N/I:P/A:N) CVE-2016-3401 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3401
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
zimbra -- zimbra_collaboration_suite Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect confidentiality via unknown vectors, aka bug 99167. 2017-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-3402&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2016-3402 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3402
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
zimbra -- zimbra_collaboration_suite Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103959. 2017-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-3404&vector=(AV:N/AC:L/Au:N/C:N/I:P/A:N) CVE-2016-3404 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3404
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
zimbra -- zimbra_collaboration_suite Multiple unspecified vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to affect integrity via unknown vectors, aka bugs 103961 and 104828. 2017-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-3405&vector=(AV:N/AC:L/Au:N/C:N/I:P/A:N) CVE-2016-3405 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3405
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
zimbra -- zimbra_collaboration_suite Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the Client uploader extension or (2) extension REST handlers, aka bugs 104294 and 104456. 2017-01-18 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-3406&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-3406 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3406
CONFIRM https://bugzilla.zimbra.com/show_bug.cgi?id=104294
CONFIRM https://bugzilla.zimbra.com/show_bug.cgi?id=104456
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
zimbra -- zimbra_collaboration_suite Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104222, 104910, 105071, and 105175. 2017-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-3407&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-3407 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3407
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
zimbra -- zimbra_collaboration_suite Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 101813. 2017-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-3408&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-3408 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3408
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
zimbra -- zimbra_collaboration_suite Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 102637. 2017-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-3409&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-3409 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3409
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
zimbra -- zimbra_collaboration_suite Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103956, 103995, 104475, 104838, and 104839. 2017-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-3410&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-3410 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3410
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
zimbra -- zimbra_collaboration_suite Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 103609. 2017-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-3411&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-3411 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3411
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
zimbra -- zimbra_collaboration_suite Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103997, 104413, 104414, 104777, and 104791. 2017-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-3412&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-3412 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3412
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
zimbra -- zimbra_collaboration_suite Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103996. 2017-01-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-3413&vector=(AV:N/AC:L/Au:N/C:N/I:P/A:N) CVE-2016-3413 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3413
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
zimbra -- zimbra_collaboration_suite Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 allows remote authenticated users to affect availability via unknown vectors, aka bug 102029. 2017-01-18 4.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-3414&vector=(AV:N/AC:L/Au:S/C:N/I:N/A:P) CVE-2016-3414 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3414
CONFIRM https://forums.zimbra.org/viewtopic.php?f=8&t=59816
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
zimbra -- zimbra_collaboration_suite Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276. 2017-01-18 6.4 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-3415&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:N) CVE-2016-3415 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3415
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
zimbra -- zimbra_collaboration_suite Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104552 and 104703. 2017-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-3999&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-3999 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3999
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
zimbra -- zimbra_collaboration_suite Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 104477. 2017-01-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-4019&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2016-4019 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4019
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0
CONFIRM https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
zoneminder -- zoneminder Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30.0, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server. 2017-01-13 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10140&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2016-10140 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10140
CONFIRM https://github.com/ZoneMinder/ZoneMinder/pull/1697
Back to top https://www.us-cert.gov#top
Low Vulnerabilities
Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info
b2evolution -- b2evolution Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name. 2017-01-18 3.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7150&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) CVE-2016-7150 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7150
MLIST http://www.openwall.com/lists/oss-security/2016/09/12/1
MLIST http://www.openwall.com/lists/oss-security/2016/09/15/4
BID http://www.securityfocus.com/bid/92967
CONFIRM https://github.com/b2evolution/b2evolution/commit/dd975fff7fce81bf12f9c59edb1a99475747c83c
b2evolution -- b2evolution Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame. 2017-01-15 3.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5494&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) CVE-2017-5494 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5494
BID http://www.securityfocus.com/bid/95452
CONFIRM https://github.com/b2evolution/b2evolution/commit/261dbd5b294e707af766691e65a177a290314a6e
CONFIRM https://github.com/b2evolution/b2evolution/issues/34
info-zip -- unzip Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method. 2017-01-18 2.1 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9913&vector=(AV:L/AC:L/Au:N/C:N/I:N/A:P) CVE-2014-9913 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9913
MLIST http://www.openwall.com/lists/oss-security/2014/11/03/5
MLIST http://www.openwall.com/lists/oss-security/2016/12/05/13
MLIST http://www.openwall.com/lists/oss-security/2016/12/05/19
MLIST http://www.openwall.com/lists/oss-security/2016/12/05/20
BID http://www.securityfocus.com/bid/95081
CONFIRM https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750
info-zip -- unzip Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header. 2017-01-18 2.1 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-9844&vector=(AV:L/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-9844 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9844
MLIST http://www.openwall.com/lists/oss-security/2016/12/05/13
MLIST http://www.openwall.com/lists/oss-security/2016/12/05/19
MLIST http://www.openwall.com/lists/oss-security/2016/12/05/20
BID http://www.securityfocus.com/bid/94728
CONFIRM https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750
linux -- linux_kernel arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt. 2017-01-14 3.6 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2584&vector=(AV:L/AC:L/Au:N/C:P/I:N/A:P) CVE-2017-2584 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2584
CONFIRM http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=129a72a0d3c8e139a04512325384fe5ac119e74d
MLIST http://www.openwall.com/lists/oss-security/2017/01/13/7
BID http://www.securityfocus.com/bid/95430
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1413001
CONFIRM https://github.com/torvalds/linux/commit/129a72a0d3c8e139a04512325384fe5ac119e74d
metalgenix -- genixcms Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names. 2017-01-17 3.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5515&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) CVE-2017-5515 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5515
BID http://www.securityfocus.com/bid/95623
CONFIRM https://github.com/semplon/GeniXCMS/issues/63
ntp -- ntp The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet. 2017-01-13 3.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7427&vector=(AV:A/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-7427 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7427
CONFIRM http://nwtime.org/ntp428p9_release/
CONFIRM http://support.ntp.org/bin/view/Main/NtpBug3114
CONFIRM http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
BID http://www.securityfocus.com/bid/94447
CERT-VN https://www.kb.cert.org/vuls/id/633847
ntp -- ntp ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet. 2017-01-13 3.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7428&vector=(AV:A/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-7428 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7428
CONFIRM http://nwtime.org/ntp428p9_release/
CONFIRM http://support.ntp.org/bin/view/Main/NtpBug3113
CONFIRM http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
BID http://www.securityfocus.com/bid/94446
CERT-VN https://www.kb.cert.org/vuls/id/633847
phpmailer_project -- phpmailer An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory. 2017-01-16 2.1 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5223&vector=(AV:L/AC:L/Au:N/C:P/I:N/A:N) CVE-2017-5223 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5223
MISC http://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclosure-vulnerability-analysis/
BID http://www.securityfocus.com/bid/95328
MISC https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md
Back to top https://www.us-cert.gov#top
Severity Not Yet Assigned
Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info
libimobiledevice -- libplist
The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short. 2017-01-20 not yet calculated CVE-2017-5545 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5545
CONFIRM https://github.com/libimobiledevice/libplist/commit/7391a506352c009fe044dead7baad9e22dd279ee
CONFIRM https://github.com/libimobiledevice/libplist/issues/87
netgear -- routers
An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. The bug is exploitable remotely if the remote management option is set, and can also be exploited given access to the router over LAN or WLAN. When trying to access the web panel, a user is asked to authenticate; if the authentication is canceled and password recovery is not enabled, the user is redirected to a page that exposes a password recovery token. If a user supplies the correct token to the page /passwordrecovered.cgi?id=TOKEN (and password recovery is not enabled), they will receive the admin password for the router. If password recovery is set the exploit will fail, as it will ask the user for the recovery questions that were previously set when enabling that feature. This is persistent (even after disabling the recovery option, the exploit will fail) because the router will ask for the security questions. 2017-01-17 not yet calculated CVE-2017-5521 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5521
CONFIRM http://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability
BID http://www.securityfocus.com/bid/95457
Back to top https://www.us-cert.gov#top
---------------------------------------------
This product is provided subject to this Notification http://www.us-cert.gov/privacy/notification and this Privacy & Use http://www.us-cert.gov/privacy/ policy.
---------------------------------------------
A copy of this publication is available at www.us-cert.gov https://www.us-cert.gov . If you need help or have questions, please send an email to info at us-cert.gov mailto:info at us-cert.gov . Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT at ncas.us-cert.gov to your address book.
OTHER RESOURCES:
Contact Us http://www.us-cert.gov/contact-us/ | Security Publications http://www.us-cert.gov/security-publications | Alerts and Tips http://www.us-cert.gov/ncas | Related Resources http://www.us-cert.gov/related-resources
STAY CONNECTED:
[Sign up for email updates] http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new
SUBSCRIBER SERVICES:
Manage Preferences http://public.govdelivery.com/accounts/USDHSUSCERT/subscribers/new?preferences=true | Unsubscribe https://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/one_click_unsubscribe?verification=5.b03cc84c90ac58ffb6e970add416fb2d&destination=w3hwn%40arrl.net | Help https://subscriberhelp.govdelivery.com/
---------------------------------------------
This email was sent to w3hwn at arrl.net using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (888) 282-0870 [Powered by GovDelivery] http://www.govdelivery.com/portals/powered-by
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amrad.org/pipermail/tacos/attachments/20170123/9ddc6a8b/attachment-0001.html>
More information about the Tacos
mailing list