Original release date: December 26, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
blackberry — good_enterprise_mobility_server A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS server via commands executed on the Karaf command shell. 2016-12-16 8.5 CVE-2016-3129
CONFIRM (link is external)
BID (link is external)
bundler — bundler Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334. 2016-12-22 7.5 CVE-2016-7954
MISC (link is external)
MLIST (link is external)
MLIST (link is external)
MLIST (link is external)
BID (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
canonical — ubuntu_linux An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a “{“. This allows remote attackers to execute arbitrary Python code. 2016-12-16 9.3 CVE-2016-9949
BID (link is external)
MISC (link is external)
MISC (link is external)
MISC (link is external)
canonical — ubuntu_linux An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file “Package” and “SourcePackage” fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system. 2016-12-16 9.3 CVE-2016-9950
BID (link is external)
MISC (link is external)
MISC (link is external)
MISC (link is external)
dotcms — dotcms SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1. 2016-12-19 7.5 CVE-2016-2355
CONFIRM (link is external)
BID (link is external)
CONFIRM (link is external)
microsoft — edge Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability.” 2016-12-20 7.6 CVE-2016-7181
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — windows_server_2008 The Graphics Component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability.” 2016-12-20 7.2 CVE-2016-7259
MISC (link is external)
MS (link is external)
BUGTRAQ (link is external)
BID (link is external)
microsoft — windows_server_2008 The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability.” 2016-12-20 7.2 CVE-2016-7260
MS (link is external)
BID (link is external)
microsoft — excel_for_mac Microsoft Excel for Mac 2011 and Excel 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka “Microsoft Office Memory Corruption Vulnerability.” 2016-12-20 9.3 CVE-2016-7263
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — windows_server_2008 The Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka “Windows Graphics Remote Code Execution Vulnerability.” 2016-12-20 9.3 CVE-2016-7272
MS (link is external)
BID (link is external)
SECTRACK (link is external)
MISC (link is external)
microsoft — windows_10 The Graphics component in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka “Windows Graphics Remote Code Execution Vulnerability.” 2016-12-20 9.3 CVE-2016-7273
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — windows_server_2008 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka “Windows Uniscribe Remote Code Execution Vulnerability.” 2016-12-20 9.3 CVE-2016-7274
MS (link is external)
BID (link is external)
microsoft — office Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka “Microsoft Office OLE DLL Side Loading Vulnerability.” 2016-12-20 7.2 CVE-2016-7275
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — office Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka “Microsoft Office Memory Corruption Vulnerability.” 2016-12-20 9.3 CVE-2016-7277
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability.” 2016-12-20 7.6 CVE-2016-7279
MS (link is external)
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2016-12-20 9.3 CVE-2016-7283
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — edge The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-7288, CVE-2016-7296, and CVE-2016-7297. 2016-12-20 7.6 CVE-2016-7286
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — edge The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability.” 2016-12-20 7.6 CVE-2016-7287
MS (link is external)
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — edge The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-7286, CVE-2016-7296, and CVE-2016-7297. 2016-12-20 7.6 CVE-2016-7288
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — publisher Microsoft Publisher 2010 SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka “Microsoft Office Memory Corruption Vulnerability.” 2016-12-20 9.3 CVE-2016-7289
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — windows_server_2016 The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka “Windows Installer Elevation of Privilege Vulnerability.” 2016-12-20 7.2 CVE-2016-7292
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — edge The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-7286, CVE-2016-7288, and CVE-2016-7297. 2016-12-20 7.6 CVE-2016-7296
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — edge The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-7286, CVE-2016-7288, and CVE-2016-7296. 2016-12-20 7.6 CVE-2016-7297
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — word_viewer Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka “Microsoft Office Memory Corruption Vulnerability.” 2016-12-20 9.3 CVE-2016-7298
MS (link is external)
BID (link is external)
SECTRACK (link is external)
nvidia — gpu_driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where multiple pointers are used without checking for NULL, leading to denial of service or potential escalation of privileges. 2016-12-16 7.2 CVE-2016-8813
CONFIRM (link is external)
BID (link is external)
nvidia — gpu_driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where multiple pointers are used without checking for NULL, leading to denial of service or potential escalation of privileges. 2016-12-16 7.2 CVE-2016-8814
CONFIRM (link is external)
BID (link is external)
nvidia — gpu_driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the index to an array, leading to denial of service or potential escalation of privileges. 2016-12-16 7.2 CVE-2016-8815
CONFIRM (link is external)
BID (link is external)
nvidia — gpu_driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the index to an array, leading to denial of service or potential escalation of privileges. 2016-12-16 7.2 CVE-2016-8816
CONFIRM (link is external)
BID (link is external)
nvidia — gpu_driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the size input to memcpy(), causing a buffer overflow, leading to denial of service or potential escalation of privileges. 2016-12-16 7.2 CVE-2016-8817
CONFIRM (link is external)
BID (link is external)
nvidia — gpu_driver All versions of NVIDIA Windows GPU Display contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a pointer passed from a user to the driver is used without validation, leading to denial of service or potential escalation of privileges. 2016-12-16 7.2 CVE-2016-8818
CONFIRM (link is external)
BID (link is external)
nvidia — gpu_driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a handle to a kernel object may be returned to the user, leading to possible denial of service or escalation of privileges. 2016-12-16 7.2 CVE-2016-8819
CONFIRM (link is external)
BID (link is external)
nvidia — gpu_driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where improper access controls may allow a user to access arbitrary physical memory, leading to an escalation of privileges. 2016-12-16 7.2 CVE-2016-8821
CONFIRM (link is external)
BID (link is external)
nvidia — gpu_driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000E, 0x600000F, and 0x6000010 where a value passed from a user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges. 2016-12-16 7.2 CVE-2016-8822
CONFIRM (link is external)
BID (link is external)
nvidia — gpu_driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where the size of an input buffer is not validated leading to a denial of service or possible escalation of privileges 2016-12-16 7.2 CVE-2016-8823
CONFIRM (link is external)
BID (link is external)
MISC (link is external)
nvidia — gpu_driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where improper access controls allow a regular user to write a part of the registry intended for privileged users only, leading to escalation of privileges. 2016-12-16 7.2 CVE-2016-8824
CONFIRM (link is external)
BID (link is external)
nvidia — gpu_driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges. 2016-12-16 7.2 CVE-2016-8825
CONFIRM (link is external)
BID (link is external)
samsung — samsung_mobile Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7119. 2016-12-16 10.0 CVE-2016-9965
CONFIRM (link is external)
BID (link is external)
samsung — samsung_mobile Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7120. 2016-12-16 10.0 CVE-2016-9966
CONFIRM (link is external)
BID (link is external)
samsung — samsung_mobile Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7121. 2016-12-16 10.0 CVE-2016-9967
CONFIRM (link is external)
BID (link is external)
siemens — simatic_s7-300_cpu_firmware A vulnerability in SIEMENS SIMATIC S7-300 PN CPUs (all versions including V3.2.12) and SIMATIC S7-400 PN CPUs (V6 and V7) could allow a remote attacker to cause a Denial of Service condition by sending specially crafted packets to port 80/TCP. 2016-12-16 7.8 CVE-2016-9158
BID (link is external)
CONFIRM (link is external)
MISC
technicolor — xfinity_gateway_router_dpc3941t_firmware CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco dpc3941T) devices with firmware dpc3941-P20-18-v303r20421733-160413a-CMCST allows an attacker to change the Wi-Fi password, open the remote management interface, or reset the router. 2016-12-16 7.9 CVE-2016-7454
BID (link is external)
MISC (link is external)

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apport_project — apport An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK. 2016-12-16 4.3 CVE-2016-9951
BID (link is external)
MISC (link is external)
MISC (link is external)
MISC (link is external)
bmc — remedy_action_request_system Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password. 2016-12-21 5.0 CVE-2016-2349
BID (link is external)
CONFIRM (link is external)
bottlepy — bottle redirect() in bottle.py in bottle 0.12.10 doesn’t filter a “rn” sequence, which leads to a CRLF attack, as demonstrated by a redirect(“233rnSet-Cookie: name=salt”) call. 2016-12-16 4.3 CVE-2016-9964
BID (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
debian — debian_linux An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user’s cleartext password, DES encrypted with a known key. 2016-12-16 5.0 CVE-2013-1430
BID (link is external)
CONFIRM (link is external)
CONFIRM
ffmpeg — ffmpeg The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file. 2016-12-23 6.8 CVE-2016-6671
MLIST (link is external)
BID (link is external)
ffmpeg — ffmpeg The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file. 2016-12-23 4.3 CVE-2016-6881
MLIST (link is external)
BID (link is external)
ffmpeg — ffmpeg The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted ‘nctg’ structure. 2016-12-23 4.3 CVE-2016-7122
MLIST (link is external)
BID (link is external)
ffmpeg — ffmpeg The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file. 2016-12-23 6.8 CVE-2016-7450
MLIST (link is external)
BID (link is external)
ffmpeg — ffmpeg The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode. 2016-12-23 6.8 CVE-2016-7502
MLIST (link is external)
BID (link is external)
ffmpeg — ffmpeg The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted “strh” structure. 2016-12-23 4.3 CVE-2016-7555
MLIST (link is external)
BID (link is external)
ffmpeg — ffmpeg The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file. 2016-12-23 4.3 CVE-2016-7562
MLIST (link is external)
BID (link is external)
ffmpeg — ffmpeg The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. 2016-12-23 4.3 CVE-2016-7785
MLIST (link is external)
BID (link is external)
ffmpeg — ffmpeg The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file. 2016-12-23 4.3 CVE-2016-7905
MLIST (link is external)
BID (link is external)
ffmpeg — ffmpeg The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. 2016-12-23 4.3 CVE-2016-8595
MLIST (link is external)
BID (link is external)
ffmpeg — ffmpeg The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file. 2016-12-23 4.3 CVE-2016-9561
MLIST (link is external)
BID (link is external)
google — chrome Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages. 2016-12-17 4.3 CVE-2016-5181
BID (link is external)
CONFIRM (link is external)
CONFIRM
CONFIRM (link is external)
google — chrome Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages. 2016-12-17 6.8 CVE-2016-5182
BID (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files. 2016-12-17 6.8 CVE-2016-5183
BID (link is external)
CONFIRM (link is external)
CONFIRM
CONFIRM (link is external)
google — chrome PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files. 2016-12-17 6.8 CVE-2016-5184
BID (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages. 2016-12-17 6.8 CVE-2016-5185
BID (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files. 2016-12-17 6.8 CVE-2016-5186
BID (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages. 2016-12-17 4.3 CVE-2016-5187
BID (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages. 2016-12-17 4.3 CVE-2016-5188
BID (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages. 2016-12-17 4.3 CVE-2016-5189
BID (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages. 2016-12-17 6.8 CVE-2016-5190
BID (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:payload@example.com URL. 2016-12-17 4.3 CVE-2016-5191
BID (link is external)
CONFIRM (link is external)
CONFIRM
CONFIRM (link is external)
google — chrome Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages. 2016-12-17 4.3 CVE-2016-5192
BID (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages. 2016-12-17 4.3 CVE-2016-5193
BID (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
google — android The non-existent notification listener vulnerability was introduced in the initial Android 5.0.2 builds for the Samsung Galaxy S6 Edge devices, but the vulnerability can persist on the device even after the device has been upgraded to an Android 5.1.1 or 6.0.1 build. The vulnerable system app gives a non-existent app the ability to read the notifications from the device, which a third-party app can utilize if it uses a package name of com.samsung.android.app.portalservicewidget. This vulnerability allows an unprivileged third-party app to obtain the text of the user’s notifications, which tend to contain personal data. 2016-12-23 4.3 CVE-2016-6910
MISC (link is external)
horde — groupware Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink attribute. 2016-12-20 4.3 CVE-2016-5303
MLIST (link is external)
MLIST (link is external)
BID (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
image-info_project — image-info_for_perl perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or, potentially, information disclosure. 2016-12-22 5.8 CVE-2016-9181
MLIST (link is external)
BID (link is external)
miscellaneous (link is external)
joomla — joomla! An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view allow users to view articles that should not be publicly accessible, as demonstrated by an index.php?option=com_content&view=article&id=1&template=beez3 request. 2016-12-16 5.0 CVE-2016-9837
BID (link is external)
CONFIRM
joomla — joomla! An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user’s account and reset the user’s group mappings, username, and password, as demonstrated by submitting a form that targets the `registration.register` task. 2016-12-16 5.0 CVE-2016-9838
BID (link is external)
CONFIRM
lynx — lynx lynx: It was found that Lynx doesn’t parse the authority component of the URL correctly when the host name part ends with ‘?’, and could instead be tricked into connecting to a different host. 2016-12-22 5.0 CVE-2016-9179
MLIST (link is external)
BID (link is external)
microsoft — edge Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka “Microsoft Edge Information Disclosure Vulnerability,” a different vulnerability than CVE-2016-7280. 2016-12-20 4.3 CVE-2016-7206
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — windows_server_2008 The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka “GDI Information Disclosure Vulnerability.” 2016-12-20 4.3 CVE-2016-7257
MS (link is external)
MS (link is external)
BID (link is external)
SECTRACK (link is external)
SECTRACK (link is external)
microsoft — excel Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka “Microsoft Office Security Feature Bypass Vulnerability.” 2016-12-20 6.8 CVE-2016-7262
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — excel_for_mac Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka “Microsoft Office Information Disclosure Vulnerability.” 2016-12-20 5.8 CVE-2016-7264
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — excel Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka “Microsoft Office Information Disclosure Vulnerability.” 2016-12-20 5.8 CVE-2016-7265
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — excel Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka “Microsoft Office Security Feature Bypass Vulnerability.” 2016-12-20 6.8 CVE-2016-7266
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — excel Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses file formats, which makes it easier for remote attackers to execute arbitrary code via a crafted document, aka “Microsoft Office Security Feature Bypass Vulnerability.” 2016-12-20 4.3 CVE-2016-7267
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — word_for_mac Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka “Microsoft Office Information Disclosure Vulnerability.” 2016-12-20 5.8 CVE-2016-7268
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — .net_framework The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka “.NET Information Disclosure Vulnerability.” 2016-12-20 5.0 CVE-2016-7270
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — windows_10 The Secure Kernel Mode implementation in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to bypass the virtual trust level (VTL) protection mechanism via a crafted application, aka “Secure Kernel Mode Elevation of Privilege Vulnerability.” 2016-12-20 4.6 CVE-2016-7271
MS (link is external)
BID (link is external)
microsoft — office Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka “Microsoft Office Information Disclosure Vulnerability.” 2016-12-20 5.8 CVE-2016-7276
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — edge Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka “Microsoft Edge Information Disclosure Vulnerability,” a different vulnerability than CVE-2016-7206. 2016-12-20 4.3 CVE-2016-7280
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — internet_explorer Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka “Microsoft Browser Information Disclosure Vulnerability.” 2016-12-20 4.3 CVE-2016-7282
MS (link is external)
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka “Internet Explorer Information Disclosure Vulnerability.” 2016-12-20 4.3 CVE-2016-7284
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — word_for_mac Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka “Microsoft Office Information Disclosure Vulnerability,” a different vulnerability than CVE-2016-7291. 2016-12-20 5.8 CVE-2016-7290
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — word_for_mac Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka “Microsoft Office Information Disclosure Vulnerability,” a different vulnerability than CVE-2016-7290. 2016-12-20 5.8 CVE-2016-7291
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — auto_updater_for_mac Untrusted search path vulnerability in Microsoft Auto Updater for Mac allows local users to gain privileges via a Trojan horse executable file, aka “Microsoft (MAU) Office Elevation of Privilege Vulnerability.” 2016-12-20 4.6 CVE-2016-7300
MS (link is external)
BID (link is external)
SECTRACK (link is external)
netapp — snap_creator_framework NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user. 2016-12-21 5.0 CVE-2016-7172
BID (link is external)
CONFIRM (link is external)
nvidia — gpu_driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a check on a function return value is missing, potentially allowing an uninitialized value to be used as the source of a strcpy() call, leading to denial of service or information disclosure. 2016-12-16 5.6 CVE-2016-8820
CONFIRM (link is external)
BID (link is external)
nvidia — gpu_driver All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) where a user can cause a GPU interrupt storm, leading to a denial of service. 2016-12-16 4.9 CVE-2016-8826
CONFIRM (link is external)
BID (link is external)
nvidia — geforce_experience NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack. 2016-12-16 5.0 CVE-2016-8827
CONFIRM (link is external)
BID (link is external)
openjpeg — openjpeg openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code. 2016-12-22 6.8 CVE-2016-9675
MLIST (link is external)
BID (link is external)
pivotal_software — greenplum An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation of external tables using GPHDFS protocol has a vulnerability whereby arbitrary commands can be injected into the system. In order to exploit this vulnerability the user must have superuser ‘gpadmin’ access to the system or have been granted GPHDFS protocol permissions in order to create a GPHDFS external table. 2016-12-16 6.5 CVE-2016-6656
BID (link is external)
CONFIRM (link is external)
pivotal_software — cloud_foundry_elastic_runtime An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later. 2016-12-16 5.8 CVE-2016-6657
BID (link is external)
CONFIRM (link is external)
python-openxml — python-docx python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted document. 2016-12-21 6.8 CVE-2016-5851
MLIST (link is external)
MLIST (link is external)
BID (link is external)
CONFIRM (link is external)
redhat — enterprise_linux_hpc_node sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo. 2016-12-22 4.9 CVE-2016-7091
BID (link is external)
MLIST
REDHAT (link is external)
roundcube — webmail Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message. 2016-12-20 4.3 CVE-2016-4552
CONFIRM (link is external)
CONFIRM (link is external)
sap — solution_manager Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd requests, aka SAP Security Note 2344524. 2016-12-19 5.0 CVE-2016-10005
BID (link is external)
MISC (link is external)
siemens — desigo_web_module_pxa40-w0_firmware Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U (All firmware versions < V6.00.046) use a pseudo random number generator with insufficient entropy to generate certificates for HTTPS, potentially allowing remote attackers to reconstruct the corresponding private key. 2016-12-23 5.0 CVE-2016-9154
BID (link is external)
CONFIRM (link is external)
siemens — simatic_s7-300_cpu_firmware A vulnerability in SIEMENS SIMATIC S7-300 PN CPUs (all versions including V3.2.12) and SIMATIC S7-400 PN CPUs (all versions including V7) could allow a remote attacker to obtain credentials from the PLC if protection-level 2 is configured on the affected devices. 2016-12-16 4.3 CVE-2016-9159
BID (link is external)
CONFIRM (link is external)
MISC
siemens — simatic_wincc A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions. 2016-12-16 5.8 CVE-2016-9160
BID (link is external)
CONFIRM (link is external)
MISC
spip — spip SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL. 2016-12-16 4.3 CVE-2016-9997
BID (link is external)
CONFIRM (link is external)
spip — spip SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL. 2016-12-16 4.3 CVE-2016-9998
BID (link is external)
CONFIRM (link is external)
tiki — tikiwiki_cms/groupware Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don’t have the input sanitized, related to tiki-setup.php and article_image.php. The impact is XSS. 2016-12-23 4.3 CVE-2016-9889
CONFIRM
xmltwig — xml-twig_for_perl perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option’s setting. 2016-12-22 6.4 CVE-2016-9180
MLIST (link is external)
BID (link is external)
miscellaneous (link is external)

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
microsoft — windows_server_2008 The Crypto driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka “Windows Crypto Driver Information Disclosure Vulnerability.” 2016-12-20 2.1 CVE-2016-7219
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — windows_10 The kernel in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 mishandles page-fault system calls, which allows local users to obtain sensitive information from arbitrary processes via a crafted application, aka “Windows Kernel Memory Address Information Disclosure Vulnerability.” 2016-12-20 2.1 CVE-2016-7258
MS (link is external)
BID (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka “Windows Hyperlink Object Library Information Disclosure Vulnerability.” 2016-12-20 2.6 CVE-2016-7278
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — internet_explorer The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka “Microsoft Browser Security Feature Bypass Vulnerability.” 2016-12-20 2.6 CVE-2016-7281
MS (link is external)
MS (link is external)
BID (link is external)
SECTRACK (link is external)
microsoft — windows_server_2016 The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information from process memory via a crafted application, aka “Windows Common Log File System Driver Information Disclosure Vulnerability.” 2016-12-20 2.1 CVE-2016-7295
MS (link is external)
BID (link is external)
pivotal_software — cloud_foundry Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3 allow attackers to gain privileges by accessing UAA logs and subsequently running a specially crafted application that interacts with a configured SAML provider. 2016-12-23 2.6 CVE-2016-6659
CONFIRM
rapid7 — nexpose In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag name field. Once this tag is viewed in the Tag Detail page of the Rapid7 Nexpose 6.4.12 UI by another authenticated user, the script is run in that user’s browser context. 2016-12-20 3.5 CVE-2016-9757
BID (link is external)
CONFIRM (link is external)

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
fedora_project — kscreenlocker Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again. 2016-12-23 not yet calculated CVE-2016-2312
FEDORA
FEDORA
MISC
MISC
CONFIRM
imagemagick_studio — imagemagick An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks’s convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality. 2016-12-23 not yet calculated CVE-2016-8707
MISC (link is external)
kde — kdesu A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. 2016-12-23 not yet calculated CVE-2016-7787
SUSE
SUSE
MLIST (link is external)
BID (link is external)
kde — kmail KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed. 2016-12-23 not yet calculated CVE-2016-7968
MLIST (link is external)
BID (link is external)
kde — kmail KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled. 2016-12-23 not yet calculated CVE-2016-7967
MLIST (link is external)
BID (link is external)
kde — kmail Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail’s plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content. 2016-12-23 not yet calculated CVE-2016-7966
SUSE
DEBIAN
MLIST (link is external)
BID (link is external)
FEDORA
modx — revolution Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/getfiles. 2016-12-24 not yet calculated CVE-2016-10039
CONFIRM (link is external)
CONFIRM (link is external)
modx — revolution Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/remove. 2016-12-24 not yet calculated CVE-2016-10038
CONFIRM (link is external)
CONFIRM (link is external)
modx — revolution Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist. 2016-12-24 not yet calculated CVE-2016-10037
CONFIRM (link is external)
CONFIRM (link is external)
owasp — antisamy In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS. 2016-12-24 not yet calculated CVE-2016-10006
CONFIRM (link is external)
qemu — chardev_backend_support Quick Emulator (Qemu) built with the ‘chardev’ backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS. 2016-12-23 not yet calculated CVE-2016-9923
MLIST (link is external)
BID (link is external)
qemu — cirrus_CLGD_VGA_Emulator Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. 2016-12-23 not yet calculated CVE-2016-9921
MLIST (link is external)
BID (link is external)
qemu — USB_EHCI_emulation_support Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in ‘ehci_init_transfer’. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. 2016-12-23 not yet calculated CVE-2016-9911
MLIST (link is external)
BID (link is external)
qemu — USB_redirector Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in ‘usbredir_handle_destroy’. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. 2016-12-23 not yet calculated CVE-2016-9907
MLIST (link is external)
BID (link is external)
qemu — virtio_gpu_device_emulator_support Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in ‘virtio_gpu_resource_destroy’. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host. 2016-12-23 not yet calculated CVE-2016-9912
MLIST (link is external)
BID (link is external)
qemu — virtio_GPU_device_emulator_support Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing ‘VIRTIO_GPU_CMD_GET_CAPSET’ command. A guest user/process could use this flaw to leak contents of the host memory bytes. 2016-12-23 not yet calculated CVE-2016-9908
MLIST (link is external)
BID (link is external)
tarantool — msgpuck An exploitable incorrect return value vulnerability exists in the mp_check function of Tarantool’s Msgpuck library 1.0.3. A specially crafted packet can cause the mp_check function to incorrectly return success when trying to check if decoding a map16 packet will read outside the bounds of a buffer, resulting in a denial of service vulnerability. 2016-12-23 not yet calculated CVE-2016-9036
MISC (link is external)
tarantool — xrow_header_decode_function An exploitable out-of-bounds array access vulnerability exists in the xrow_header_decode function of Tarantool 1.7.2.0-g8e92715. A specially crafted packet can cause the function to access an element outside the bounds of a global array that is used to determine the type of the specified key’s value. This can lead to an out of bounds read within the context of the server. An attacker who exploits this vulnerability can cause a denial of service vulnerability on the server. 2016-12-23 not yet calculated CVE-2016-9037
MISC (link is external)


Click here for reuse options!
Copyright 2016 ECI Networks