Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-23 | CVE-2016-7967 | Improper Access Control vulnerability in KDE Kmail KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. | 8.1 |
| 2016-12-23 | CVE-2016-7966 | Code Injection vulnerability in multiple products Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. | 7.3 |
| 2016-12-23 | CVE-2016-7787 | Code Injection vulnerability in multiple products A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. | 4.9 |
| 2016-12-23 | CVE-2016-2312 | 7PK - Security Features vulnerability in multiple products Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again. | 6.8 |
| 2016-12-23 | CVE-2016-6910 | Information Exposure vulnerability in Google Android 5.0.2/5.1.1/6.0.1 The non-existent notification listener vulnerability was introduced in the initial Android 5.0.2 builds for the Samsung Galaxy S6 Edge devices, but the vulnerability can persist on the device even after the device has been upgraded to an Android 5.1.1 or 6.0.1 build. | 5.5 |
| 2016-12-23 | CVE-2016-9889 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don't have the input sanitized, related to tiki-setup.php and article_image.php. | 6.1 |
| 2016-12-23 | CVE-2016-9561 | Resource Management Errors vulnerability in Ffmpeg The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file. | 5.5 |
| 2016-12-23 | CVE-2016-9154 | Insufficient Entropy in PRNG vulnerability in Siemens products Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U (All firmware versions < V6.00.046) use a pseudo random number generator with insufficient entropy to generate certificates for HTTPS, potentially allowing remote attackers to reconstruct the corresponding private key. | 7.5 |
| 2016-12-23 | CVE-2016-8595 | Improper Input Validation vulnerability in Ffmpeg The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. | 5.5 |
| 2016-12-23 | CVE-2016-7905 | NULL Pointer Dereference vulnerability in Ffmpeg The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file. | 5.5 |