Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-30 | CVE-2016-6604 | NULL Pointer Dereference vulnerability in Samsung Exynos Fimg2D NULL pointer dereference in Samsung Exynos fimg2d driver for Android L(5.0/5.1) and M(6.0) allows attackers to have unspecified impact via unknown vectors. | 9.8 |
| 2017-01-30 | CVE-2016-6270 | Command Injection vulnerability in Trendmicro Virtual Mobile Infrastructure 5.0 The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to api/v1/cfg/oauth/save_identify_pfx/. | 8.8 |
| 2017-01-30 | CVE-2016-6269 | Path Traversal vulnerability in Trendmicro Smart Protection Server 2.5/2.6/3.0 Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php. | 9.1 |
| 2017-01-30 | CVE-2016-6268 | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Smart Protection Server 2.5/2.6/3.0 Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory. | 7.8 |
| 2017-01-30 | CVE-2016-6267 | Improper Input Validation vulnerability in Trendmicro Smart Protection Server 2.5/2.6/3.0 SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php. | 8.8 |
| 2017-01-30 | CVE-2016-6266 | Improper Input Validation vulnerability in Trendmicro Smart Protection Server 2.5/2.6/3.0 ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action. | 8.8 |
| 2017-01-30 | CVE-2016-6167 | Untrusted Search Path vulnerability in Putty 0.67 Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) UxTheme.dll or (2) ntmarta.dll file in the current working directory. | 7.8 |
| 2017-01-30 | CVE-2016-5434 | Out-of-bounds Read vulnerability in Pacman Project Pacman 5.0.1 libalpm, as used in pacman 5.0.1, allows remote attackers to cause a denial of service (infinite loop or out-of-bounds read) via a crafted signature file. | 5.5 |
| 2017-01-30 | CVE-2016-5026 | Improper Access Control vulnerability in Onionshare hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory. | 5.5 |
| 2017-01-30 | CVE-2016-2402 | Improper Certificate Validation vulnerability in Squareup Okhttp and Okhttp3 OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate. | 5.9 |