Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-01-31 CVE-2016-9249 Improper Input Validation vulnerability in F5 products
An undisclosed traffic pattern received by a BIG-IP Virtual Server with TCP Fast Open enabled may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS).
network
low complexity
f5 CWE-20
7.5
2017-01-30 CVE-2016-9132 Integer Overflow or Wraparound vulnerability in Botan Project Botan
In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed.
network
low complexity
botan-project CWE-190
critical
9.8
2017-01-30 CVE-2016-9119 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
moinmo canonical debian CWE-79
6.1
2017-01-30 CVE-2016-7798 Inadequate Encryption Strength vulnerability in multiple products
The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.
network
low complexity
ruby-lang debian CWE-326
7.5
2017-01-30 CVE-2016-6604 NULL Pointer Dereference vulnerability in Samsung Exynos Fimg2D
NULL pointer dereference in Samsung Exynos fimg2d driver for Android L(5.0/5.1) and M(6.0) allows attackers to have unspecified impact via unknown vectors.
network
low complexity
samsung CWE-476
critical
9.8
2017-01-30 CVE-2016-6270 Command Injection vulnerability in Trendmicro Virtual Mobile Infrastructure 5.0
The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to api/v1/cfg/oauth/save_identify_pfx/.
network
low complexity
trendmicro CWE-77
8.8
2017-01-30 CVE-2016-6269 Path Traversal vulnerability in Trendmicro Smart Protection Server 2.5/2.6/3.0
Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php.
network
low complexity
trendmicro CWE-22
critical
9.1
2017-01-30 CVE-2016-6268 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Smart Protection Server 2.5/2.6/3.0
Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory.
local
low complexity
trendmicro CWE-264
7.8
2017-01-30 CVE-2016-6267 Improper Input Validation vulnerability in Trendmicro Smart Protection Server 2.5/2.6/3.0
SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php.
network
low complexity
trendmicro CWE-20
8.8
2017-01-30 CVE-2016-6266 Improper Input Validation vulnerability in Trendmicro Smart Protection Server 2.5/2.6/3.0
ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action.
network
low complexity
trendmicro CWE-20
8.8