Weekly Vulnerabilities Reports > December 5 to 11, 2016

Overview

106 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 19 high severity vulnerabilities. This weekly summary report vulnerabilities in 57 products from 35 vendors including Phpmyadmin, Qemu, Debian, Opensuse, and Linux. Vulnerabilities are notably categorized as "Information Exposure", "Improper Input Validation", "7PK - Security Features", "Missing Release of Resource after Effective Lifetime", and "Cross-site Scripting".

  • 78 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 23 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 88 reported vulnerabilities are exploitable by an anonymous user.
  • Phpmyadmin has the most reported vulnerabilities, with 48 reported vulnerabilities.
  • Linux has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-12-11 CVE-2016-6629 Phpmyadmin 7PK - Security Features vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive.

10.0
2016-12-08 CVE-2016-9120 Linux USE After Free vulnerability in Linux Kernel

Race condition in the ion_ioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) by calling ION_IOC_FREE on two CPUs at the same time.

9.3
2016-12-08 CVE-2015-8967 Google
Linux
Permissions, Privileges, and Access Controls vulnerability in multiple products

arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.

9.3

19 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-12-11 CVE-2016-6631 Phpmyadmin OS Command Injection vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

8.5
2016-12-09 CVE-2016-6301 Busybox Resource Management Errors vulnerability in Busybox

The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.

7.8
2016-12-09 CVE-2016-8858 Openbsd Resource Management Errors vulnerability in Openbsd Openssh

** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests.

7.8
2016-12-08 CVE-2016-9919 Linux Improper Input Validation vulnerability in Linux Kernel

The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure, which allows remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet.

7.8
2016-12-11 CVE-2016-9865 Phpmyadmin 7PK - Security Features vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

7.5
2016-12-11 CVE-2016-9849 Phpmyadmin Permissions, Privileges, and Access Controls vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

7.5
2016-12-11 CVE-2016-6620 Phpmyadmin Deserialization of Untrusted Data vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

7.5
2016-12-09 CVE-2016-6501 Jfrog Improper Input Validation vulnerability in Jfrog Artifactory

JFrog Artifactory before 4.11 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning.

7.5
2016-12-09 CVE-2016-6496 Atlassian Improper Input Validation vulnerability in Atlassian Crowd

The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning.

7.5
2016-12-09 CVE-2016-9013 Djangoproject
Canonical
Fedoraproject
USE of Hard-Coded Credentials vulnerability in multiple products

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.

7.5
2016-12-09 CVE-2016-6829 Barclamp Trove Project
Crowbar Openstack Project
USE of Hard-Coded Credentials vulnerability in multiple products

The trove service user in (1) Openstack deployment (aka crowbar-openstack) and (2) Trove Barclamp (aka barclamp-trove and crowbar-barclamp-trove) in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors.

7.5
2016-12-05 CVE-2016-9836 Joomla Improper Access Control vulnerability in Joomla Joomla!

The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7`, `.phtml`, and `.phpt` extensions.

7.5
2016-12-05 CVE-2016-9835 Zikula Command Injection vulnerability in Zikula Application Framework

Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file.

7.5
2016-12-05 CVE-2016-9157 Siemens Improper Input Validation vulnerability in Siemens Sicam PAS 8.06

A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets to port 19234/TCP.

7.5
2016-12-05 CVE-2016-9156 Siemens Improper Input Validation vulnerability in Siemens Sicam PAS 8.06

A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted packets to port 19235/TCP.

7.5
2016-12-08 CVE-2015-8966 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allows local users to gain privileges via a crafted (1) F_OFD_GETLK, (2) F_OFD_SETLK, or (3) F_OFD_SETLKW command in an fcntl64 system call.

7.2
2016-12-08 CVE-2016-8102 Intel Permissions, Privileges, and Access Controls vulnerability in Intel Wireless Bluetooth Drivers

Unquoted service path vulnerability in Intel Wireless Bluetooth Drivers 16.x, 17.x, and before 18.1.1607.3129 allows local users to launch processes with elevated privileges.

7.2
2016-12-08 CVE-2016-8655 Linux USE After Free vulnerability in Linux Kernel

Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.

7.2
2016-12-06 CVE-2016-5341 Google Improper Access Control vulnerability in Google Android

The GPS component in Android before 2016-12-05 allows man-in-the-middle attackers to cause a denial of service (GPS signal-acquisition delay) via an incorrect xtra.bin or xtra2.bin file on a spoofed Qualcomm gpsonextra.net or izatcloud.net host, aka internal bug 31470303 and external bug 211602 (and AndroidID-7225554).

7.1

59 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-12-11 CVE-2016-9866 Phpmyadmin Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

6.8
2016-12-11 CVE-2016-6633 Phpmyadmin Remote Code Execution vulnerability in phpMyAdmin

An issue was discovered in phpMyAdmin.

6.8
2016-12-11 CVE-2016-6628 Phpmyadmin 7PK - Security Features vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

6.8
2016-12-11 CVE-2016-6617 Phpmyadmin SQL Injection vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

6.8
2016-12-11 CVE-2016-6616 Phpmyadmin SQL Injection vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

6.8
2016-12-09 CVE-2016-9014 Fedoraproject
Canonical
Djangoproject
Permissions, Privileges, and Access Controls vulnerability in multiple products

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.

6.8
2016-12-09 CVE-2015-8786 Oracle
Pivotal Software
Resource Management Errors vulnerability in multiple products

The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_incr parameter.

6.8
2016-12-08 CVE-2016-8103 Intel Permissions, Privileges, and Access Controls vulnerability in Intel products

SMM call out in all Intel Branded NUC Kits allows a local privileged user to access the System Management Mode and take full control of the platform.

6.8
2016-12-05 CVE-2016-7171 Netapp Improper Certificate Validation vulnerability in Netapp Plug-In

NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation.

6.8
2016-12-11 CVE-2016-6619 Phpmyadmin SQL Injection vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

6.5
2016-12-11 CVE-2016-6609 Phpmyadmin Command Injection vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

6.5
2016-12-10 CVE-2016-9832 PWC Injection vulnerability in PWC Ace-Advanced Business Application Programming 8.10.304

PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communication Framework (ICF) over HTTP or HTTPS, as demonstrated by WEBGUI or Report.

6.5
2016-12-09 CVE-2016-5423 Debian
Postgresql
Null Pointer Dereference vulnerability in multiple products

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.

6.5
2016-12-11 CVE-2016-9864 Phpmyadmin SQL Injection vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

6.0
2016-12-08 CVE-2016-9920 Roundcube Improper Access Control vulnerability in Roundcube Webmail

steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute arbitrary code via a modified HTTP request that sends a crafted e-mail message.

6.0
2016-12-11 CVE-2016-6626 Phpmyadmin 7PK - Security Features vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

5.8
2016-12-06 CVE-2015-8870 Libtiff Improper Input Validation vulnerability in Libtiff

Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file.

5.8
2016-12-11 CVE-2016-6611 Phpmyadmin SQL Injection vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

5.1
2016-12-11 CVE-2016-9863 Phpmyadmin Improper Input Validation vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

5.0
2016-12-11 CVE-2016-9862 Phpmyadmin Code Injection vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

5.0
2016-12-11 CVE-2016-9861 Phpmyadmin 7PK - Security Features vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

5.0
2016-12-11 CVE-2016-9859 Phpmyadmin Improper Input Validation vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

5.0
2016-12-11 CVE-2016-9858 Phpmyadmin Improper Input Validation vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

5.0
2016-12-11 CVE-2016-9855 Phpmyadmin Information Exposure vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

5.0
2016-12-11 CVE-2016-9854 Phpmyadmin Information Exposure vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

5.0
2016-12-11 CVE-2016-9853 Phpmyadmin Information Exposure vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

5.0
2016-12-11 CVE-2016-9852 Phpmyadmin Information Exposure vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

5.0
2016-12-11 CVE-2016-9851 Phpmyadmin 7PK - Security Features vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

5.0
2016-12-11 CVE-2016-9850 Phpmyadmin 7PK - Security Features vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

5.0
2016-12-11 CVE-2016-9848 Phpmyadmin Information Exposure vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

5.0
2016-12-11 CVE-2016-9847 Phpmyadmin Cryptographic Issues vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

5.0
2016-12-11 CVE-2016-6627 Phpmyadmin Information Exposure vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

5.0
2016-12-11 CVE-2016-6606 Phpmyadmin Information Exposure vulnerability in PHPmyadmin

An issue was discovered in cookie encryption in phpMyAdmin.

5.0
2016-12-09 CVE-2016-6321 GNU Path Traversal vulnerability in GNU TAR

Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.

5.0
2016-12-08 CVE-2016-9918 Bluez Project Out-Of-Bounds Read vulnerability in Bluez Project Bluez 5.42

In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file.

5.0
2016-12-08 CVE-2016-9917 Bluez Buffer Errors vulnerability in Bluez 5.42

In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file.

5.0
2016-12-08 CVE-2016-9839 UMN Information Exposure vulnerability in UMN Mapserver

In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails.

5.0
2016-12-05 CVE-2016-8740 Apache Improper Input Validation vulnerability in Apache Http Server

The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.

5.0
2016-12-10 CVE-2016-4964 Qemu Unspecified vulnerability in Qemu

The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop, and CPU consumption or QEMU process crash) via vectors involving s->state.

4.9
2016-12-09 CVE-2016-5424 Debian
Postgresql
Code Injection vulnerability in multiple products

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.

4.6
2016-12-11 CVE-2016-9860 Phpmyadmin Improper Input Validation vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

4.3
2016-12-11 CVE-2016-9857 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

4.3
2016-12-11 CVE-2016-9856 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10.

4.3
2016-12-11 CVE-2016-6632 Phpmyadmin Resource Management Errors vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files.

4.3
2016-12-11 CVE-2016-6624 Phpmyadmin 7PK - Security Features vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules.

4.3
2016-12-11 CVE-2016-6622 Phpmyadmin Resource Management Errors vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

4.3
2016-12-11 CVE-2016-6615 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

XSS issues were discovered in phpMyAdmin.

4.3
2016-12-11 CVE-2016-6614 Phpmyadmin Path Traversal vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features.

4.3
2016-12-11 CVE-2016-6608 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

XSS issues were discovered in phpMyAdmin.

4.3
2016-12-11 CVE-2016-6607 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

XSS issues were discovered in phpMyAdmin.

4.3
2016-12-09 CVE-2016-6523 Dotclear Cross-Site Scripting vulnerability in Dotclear

Multiple cross-site scripting (XSS) vulnerabilities in the media manager in Dotclear before 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) link_type parameter to admin/media.php.

4.3
2016-12-08 CVE-2016-9888 Gnome Null Pointer Dereference vulnerability in Gnome Libgsf

An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file.

4.3
2016-12-05 CVE-2016-9152 Spip Cross-Site Scripting vulnerability in Spip 3.1.3

Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter.

4.3
2016-12-11 CVE-2016-6630 Phpmyadmin Improper Input Validation vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

4.0
2016-12-11 CVE-2016-6625 Phpmyadmin Information Exposure vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

4.0
2016-12-11 CVE-2016-6623 Phpmyadmin Improper Input Validation vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

4.0
2016-12-11 CVE-2016-6618 Phpmyadmin Denial of Service vulnerability in phpMyAdmin

An issue was discovered in phpMyAdmin.

4.0
2016-12-11 CVE-2016-6612 Phpmyadmin Information Exposure vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

4.0
2016-12-11 CVE-2016-6610 Phpmyadmin Information Exposure vulnerability in PHPmyadmin

A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk.

4.0

25 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-12-11 CVE-2016-4412 Phpmyadmin 7PK - Security Features vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

3.6
2016-12-11 CVE-2016-6613 Phpmyadmin Information Exposure vulnerability in PHPmyadmin

An issue was discovered in phpMyAdmin.

2.1
2016-12-10 CVE-2016-7995 Qemu
Opensuse
Missing Release of Resource After Effective Lifetime vulnerability in multiple products

Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes.

2.1
2016-12-10 CVE-2016-7994 Qemu
Opensuse
Missing Release of Resource After Effective Lifetime vulnerability in multiple products

Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_CREATE_2D commands.

2.1
2016-12-10 CVE-2016-7422 Qemu
Opensuse
Redhat
Classic Buffer Overflow vulnerability in multiple products

The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value.

2.1
2016-12-10 CVE-2016-7421 Qemu
Debian
Excessive Iteration vulnerability in multiple products

The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit process IO loop to the ring size.

2.1
2016-12-10 CVE-2016-7170 Qemu
Debian
Opensuse
Improper Validation of Array Index vulnerability in multiple products

The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command.

2.1
2016-12-10 CVE-2016-7157 Qemu Unspecified vulnerability in Qemu

The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 functions in hw/scsi/mptconfig.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via vectors involving MPTSAS_CONFIG_PACK.

2.1
2016-12-10 CVE-2016-7156 Qemu
Debian
Incorrect Type Conversion OR Cast vulnerability in multiple products

The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging an incorrect cast.

2.1
2016-12-10 CVE-2016-7155 Qemu
Debian
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings.
2.1
2016-12-10 CVE-2016-7116 Qemu
Debian
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a ..

2.1
2016-12-10 CVE-2016-6888 Qemu
Debian
Redhat
Integer Overflow OR Wraparound vulnerability in multiple products

Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference.

2.1
2016-12-10 CVE-2016-6836 Qemu
Debian
Improper Initialization vulnerability in multiple products

The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object.

2.1
2016-12-10 CVE-2016-6835 Qemu
Redhat
Debian
The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length.
2.1
2016-12-10 CVE-2016-6834 Qemu
Debian
Classic Buffer Overflow vulnerability in multiple products

The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length.

2.1
2016-12-10 CVE-2016-6833 Qemu
Debian
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active.

2.1
2016-12-10 CVE-2016-6490 Qemu Classic Buffer Overflow vulnerability in Qemu

The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the descriptor buffer.

2.1
2016-12-09 CVE-2016-9106 Qemu
Opensuse
Debian
Missing Release of Resource After Effective Lifetime vulnerability in multiple products

Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector.

2.1
2016-12-09 CVE-2016-9105 Qemu
Opensuse
Debian
Missing Release of Resource After Effective Lifetime vulnerability in multiple products

Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a reference to the source fid object.

2.1
2016-12-09 CVE-2016-9104 Qemu
Debian
Opensuse
Integer Overflow OR Wraparound vulnerability in multiple products

Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access.

2.1
2016-12-09 CVE-2016-9103 Qemu
Debian
Information Exposure vulnerability in multiple products

The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them.

2.1
2016-12-09 CVE-2016-9102 Qemu
Debian
Missing Release of Resource After Effective Lifetime vulnerability in multiple products

Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number.

2.1
2016-12-09 CVE-2016-9101 Qemu
Opensuse
Debian
Missing Release of Resource After Effective Lifetime vulnerability in multiple products

Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device.

2.1
2016-12-08 CVE-2016-8104 Intel Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Intel Proset/Wireless Software and Drivers

Buffer overflow in Intel PROSet/Wireless Software and Drivers in versions before 19.20.3 allows a local user to crash iframewrk.exe causing a potential denial of service.

2.1
2016-12-10 CVE-2016-7466 Qemu
Opensuse
Redhat
Missing Release of Resource After Effective Lifetime vulnerability in multiple products

Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device.

1.9