Weekly Vulnerabilities Reports > December 12 to 18, 2016

Overview

223 new vulnerabilities reported during this period, including 28 critical vulnerabilities and 45 high severity vulnerabilities. This weekly summary report vulnerabilities in 155 products from 47 vendors including Google, Microsoft, W3M Project, Adobe, and Cisco. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Improper Input Validation", "NULL Pointer Dereference", and "Information Exposure".

  • 186 reported vulnerabilities are remotely exploitables.
  • 15 reported vulnerabilities have public exploit available.
  • 49 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 213 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 36 reported vulnerabilities.
  • Adobe has the most reported critical vulnerabilities, with 19 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

28 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-12-16 CVE-2016-9967 Samsung 7PK - Errors vulnerability in Samsung Mobile

Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges.

10.0
2016-12-16 CVE-2016-9966 Samsung 7PK - Errors vulnerability in Samsung Mobile

Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges.

10.0
2016-12-16 CVE-2016-9965 Samsung 7PK - Errors vulnerability in Samsung Mobile

Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges.

10.0
2016-12-15 CVE-2016-7892 Adobe
Linux
Apple
Microsoft
Google
USE After Free vulnerability in Adobe Flash Player and Flash Player for Linux

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class.

10.0
2016-12-15 CVE-2016-7886 Adobe
Apple
Microsoft
Buffer Errors vulnerability in Adobe Indesign and Indesign Server

Adobe InDesign version 11.4.1 and earlier, Adobe InDesign Server 11.0.0 and earlier have an exploitable memory corruption vulnerability.

10.0
2016-12-15 CVE-2016-7881 Adobe
Apple
Microsoft
Google
Linux
USE After Free vulnerability in Adobe Flash Player and Flash Player for Linux

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class when handling conversion to an object.

10.0
2016-12-15 CVE-2016-7880 Adobe
Microsoft
Linux
Apple
Google
USE After Free vulnerability in Adobe Flash Player and Flash Player for Linux

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability when setting the length property of an array object.

10.0
2016-12-15 CVE-2016-7879 Adobe
Apple
Google
Linux
Microsoft
USE After Free vulnerability in Adobe Flash Player and Flash Player for Linux

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the NetConnection class when handling an attached script object.

10.0
2016-12-15 CVE-2016-7878 Adobe
Linux
Apple
Google
Microsoft
USE After Free vulnerability in Adobe Flash Player and Flash Player for Linux

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the PSDK's MediaPlayer class.

10.0
2016-12-15 CVE-2016-7877 Adobe
Linux
Apple
Google
Microsoft
USE After Free vulnerability in Adobe Flash Player and Flash Player for Linux

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the Action Message Format serialization (AFM0).

10.0
2016-12-15 CVE-2016-7876 Adobe
Apple
Google
Linux
Microsoft
Buffer Errors vulnerability in Adobe Flash Player and Flash Player for Linux

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Clipboard class related to data handling functionality.

10.0
2016-12-15 CVE-2016-7875 Adobe
Apple
Google
Linux
Microsoft
Integer Overflow OR Wraparound vulnerability in Adobe Flash Player and Flash Player for Linux

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable integer overflow vulnerability in the BitmapData class.

10.0
2016-12-15 CVE-2016-7874 Adobe
Apple
Microsoft
Google
Linux
Buffer Errors vulnerability in Adobe Flash Player and Flash Player for Linux

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the NetConnection class when handling the proxy types.

10.0
2016-12-15 CVE-2016-7873 Adobe
Apple
Microsoft
Google
Linux
Buffer Errors vulnerability in Adobe Flash Player and Flash Player for Linux

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the PSDK class related to ad policy functionality method.

10.0
2016-12-15 CVE-2016-7872 Adobe
Apple
Google
Linux
Microsoft
USE After Free vulnerability in Adobe Flash Player and Flash Player for Linux

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class related to objects at multiple presentation levels.

10.0
2016-12-15 CVE-2016-7871 Adobe
Apple
Google
Linux
Microsoft
Buffer Errors vulnerability in Adobe Flash Player and Flash Player for Linux

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Worker class.

10.0
2016-12-15 CVE-2016-7870 Adobe
Linux
Apple
Google
Microsoft
Buffer Errors vulnerability in Adobe Flash Player and Flash Player for Linux

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class for specific search strategies.

10.0
2016-12-15 CVE-2016-7869 Adobe
Apple
Microsoft
Google
Linux
Buffer Errors vulnerability in Adobe Flash Player and Flash Player for Linux

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to backtrack search functionality.

10.0
2016-12-15 CVE-2016-7868 Adobe
Apple
Microsoft
Google
Linux
Buffer Errors vulnerability in Adobe Flash Player and Flash Player for Linux

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to alternation functionality.

10.0
2016-12-15 CVE-2016-7867 Adobe
Apple
Microsoft
Google
Linux
Buffer Errors vulnerability in Adobe Flash Player and Flash Player for Linux

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to bookmarking in searches.

10.0
2016-12-15 CVE-2016-7866 Adobe Buffer Errors vulnerability in Adobe Animate 15.2.1.95

Adobe Animate versions 15.2.1.95 and earlier have an exploitable memory corruption vulnerability.

10.0
2016-12-15 CVE-2016-7856 Adobe Buffer Errors vulnerability in Adobe DNG Converter 9.7

Adobe DNG Converter versions 9.7 and earlier have an exploitable memory corruption vulnerability.

10.0
2016-12-17 CVE-2016-9950 Apport Project
Canonical
Path Traversal vulnerability in multiple products

An issue was discovered in Apport before 2.20.4.

9.3
2016-12-17 CVE-2016-9949 Apport Project
Canonical
Code Injection vulnerability in multiple products

An issue was discovered in Apport before 2.20.4.

9.3
2016-12-14 CVE-2016-6277 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear products

NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.

9.3
2016-12-13 CVE-2016-2334 7 ZIP
Fedoraproject
Oracle
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.

9.3
2016-12-13 CVE-2016-6706 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

An elevation of privilege vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process.

9.3
2016-12-13 CVE-2016-6699 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Android

A remote code execution vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.

9.3

45 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-12-16 CVE-2016-3129 Blackberry Arbitrary Command Execution vulnerability in BlackBerry Good Enterprise Mobility Server

A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS server via commands executed on the Karaf command shell.

8.5
2016-12-17 CVE-2016-7454 Technicolor Cross-Site Request Forgery (CSRF) vulnerability in Technicolor Xfinity Gateway Router Dpc3941T Firmware Dpc3941P2018V303R20421733160413Acmcst

CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco dpc3941T) devices with firmware dpc3941-P20-18-v303r20421733-160413a-CMCST allows an attacker to change the Wi-Fi password, open the remote management interface, or reset the router.

7.9
2016-12-17 CVE-2016-9158 Siemens Improper Input Validation vulnerability in Siemens products

A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl.

7.8
2016-12-15 CVE-2015-6574 Sisco Resource Management Errors vulnerability in Sisco Ax-S4 Iccp Firmware and Mms-Ease Firmware

The SNAP Lite component in certain SISCO MMS-EASE and AX-S4 ICCP products allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet.

7.8
2016-12-15 CVE-2016-9565 Nagios Improper Access Control vulnerability in Nagios

MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server.

7.5
2016-12-15 CVE-2016-7890 Adobe
Apple
Google
Linux
Microsoft
7PK - Security Features vulnerability in Adobe Flash Player and Flash Player for Linux

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have security bypass vulnerability in the implementation of the same origin policy.

7.5
2016-12-14 CVE-2014-8241 Tigervnc
Redhat
Null Pointer Dereference vulnerability in multiple products

XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.

7.5
2016-12-14 CVE-2016-1000156 Mailcwp Project Command Injection vulnerability in Mailcwp Project Mailcwp

Mailcwp remote file upload vulnerability incomplete fix v1.100

7.5
2016-12-13 CVE-2016-7953 Fedoraproject
X ORG
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string.

7.5
2016-12-13 CVE-2016-7951 Fedoraproject
X
Out-Of-Bounds Read vulnerability in multiple products

Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.

7.5
2016-12-13 CVE-2016-7950 X ORG
Fedoraproject
Out-Of-Bounds Write vulnerability in multiple products

The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths.

7.5
2016-12-13 CVE-2016-7949 X ORG
Fedoraproject
Improper Input Validation vulnerability in multiple products

Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields.

7.5
2016-12-13 CVE-2016-7948 X ORG
Fedoraproject
Out-Of-Bounds Write vulnerability in multiple products

X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data.

7.5
2016-12-13 CVE-2016-7947 Fedoraproject
X ORG
Integer Overflow OR Wraparound vulnerability in multiple products

Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response.

7.5
2016-12-13 CVE-2016-7944 X ORG
Fedoraproject
Permissions, Privileges, and Access Controls vulnerability in multiple products

Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync.

7.5
2016-12-13 CVE-2016-7943 Fedoraproject
X ORG
Out-Of-Bounds Write vulnerability in multiple products

The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations.

7.5
2016-12-13 CVE-2016-7942 Fedoraproject
X ORG
Permissions, Privileges, and Access Controls vulnerability in multiple products

The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations.

7.5
2016-12-13 CVE-2016-5407 X ORG
Fedoraproject
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data.

7.5
2016-12-13 CVE-2016-4322 BMC Improper Authentication vulnerability in BMC Bladelogic Server Automation Console 8.7.00

BMC BladeLogic Server Automation (BSA) before 8.7 Patch 3 allows remote attackers to bypass authentication and consequently read arbitrary files or possibly have unspecified other impact by leveraging a "logic flaw" in the authentication process.

7.5
2016-12-13 CVE-2015-3210 Pcre Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pcre and Pcre2

Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384.

7.5
2016-12-13 CVE-2016-5841 Imagemagick
Oracle
Integer Overflow OR Wraparound vulnerability in Imagemagick

Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.

7.5
2016-12-13 CVE-2016-5691 Oracle
Imagemagick
Improper Input Validation vulnerability in multiple products

The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.

7.5
2016-12-13 CVE-2016-5690 Oracle
Imagemagick
Null Pointer Dereference vulnerability in multiple products

The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.

7.5
2016-12-13 CVE-2016-5689 Oracle
Imagemagick
Null Pointer Dereference vulnerability in multiple products

The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.

7.5
2016-12-13 CVE-2016-5687 Imagemagick
Oracle
Out-Of-Bounds Read vulnerability in Imagemagick

The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.

7.5
2016-12-12 CVE-2016-9427 Bdwgc Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Bdwgc Project Bdwgc

Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.

7.5
2016-12-16 CVE-2016-8825 Nvidia
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nvidia GPU Driver

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges.

7.2
2016-12-16 CVE-2016-8824 Nvidia
Microsoft
Improper Access Control vulnerability in Nvidia GPU Driver

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where improper access controls allow a regular user to write a part of the registry intended for privileged users only, leading to escalation of privileges.

7.2
2016-12-16 CVE-2016-8823 Nvidia
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nvidia GPU Driver

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where the size of an input buffer is not validated leading to a denial of service or possible escalation of privileges

7.2
2016-12-16 CVE-2016-8822 Nvidia
Microsoft
Improper Input Validation vulnerability in Nvidia GPU Driver

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000E, 0x600000F, and 0x6000010 where a value passed from a user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.

7.2
2016-12-16 CVE-2016-8821 Nvidia
Microsoft
Improper Access Control vulnerability in Nvidia GPU Driver

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where improper access controls may allow a user to access arbitrary physical memory, leading to an escalation of privileges.

7.2
2016-12-16 CVE-2016-8819 Nvidia
Microsoft
Missing Release of File Descriptor OR Handle After Effective Lifetime vulnerability in Nvidia GPU Driver

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a handle to a kernel object may be returned to the user, leading to possible denial of service or escalation of privileges.

7.2
2016-12-16 CVE-2016-8818 Nvidia
Microsoft
Improper Input Validation vulnerability in Nvidia GPU Driver

All versions of NVIDIA Windows GPU Display contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a pointer passed from a user to the driver is used without validation, leading to denial of service or potential escalation of privileges.

7.2
2016-12-16 CVE-2016-8817 Nvidia
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nvidia GPU Driver

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the size input to memcpy(), causing a buffer overflow, leading to denial of service or potential escalation of privileges.

7.2
2016-12-16 CVE-2016-8816 Nvidia
Microsoft
Improper Validation of Array Index vulnerability in Nvidia GPU Driver

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the index to an array, leading to denial of service or potential escalation of privileges.

7.2
2016-12-16 CVE-2016-8815 Nvidia
Microsoft
Improper Validation of Array Index vulnerability in Nvidia GPU Driver

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the index to an array, leading to denial of service or potential escalation of privileges.

7.2
2016-12-16 CVE-2016-8814 Nvidia
Microsoft
Null Pointer Dereference vulnerability in Nvidia GPU Driver

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where multiple pointers are used without checking for NULL, leading to denial of service or potential escalation of privileges.

7.2
2016-12-16 CVE-2016-8813 Nvidia
Microsoft
Null Pointer Dereference vulnerability in Nvidia GPU Driver

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where multiple pointers are used without checking for NULL, leading to denial of service or potential escalation of privileges.

7.2
2016-12-15 CVE-2016-9566 Nagios Permissions, Privileges, and Access Controls vulnerability in Nagios

base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file.

7.2
2016-12-14 CVE-2016-8733 Joyent Integer Overflow OR Wraparound vulnerability in Joyent Smartos 20120614

An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system.

7.2
2016-12-14 CVE-2016-9215 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XR 6.1.1

A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to the device with the privileges of the root user.

7.2
2016-12-14 CVE-2016-9192 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account.

7.2
2016-12-14 CVE-2016-6470 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Hybrid Media Service 1.0Base

A vulnerability in the installation procedure of the Cisco Hybrid Media Service could allow an authenticated, local attacker to elevate privileges to the root level.

7.2
2016-12-13 CVE-2016-6712 Google Improper Input Validation vulnerability in Google Android

A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot.

7.1
2016-12-13 CVE-2016-6711 Google Improper Input Validation vulnerability in Google Android

A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot.

7.1

140 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-12-14 CVE-2016-9035 Joyent Buffer Errors vulnerability in Joyent Smartos 20161110T013148Z

An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system.

6.9
2016-12-14 CVE-2016-9034 Joyent Buffer Errors vulnerability in Joyent Smartos 20120614

An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system.

6.9
2016-12-14 CVE-2016-9033 Joyent Buffer Errors vulnerability in Joyent Smartos 20161110T013148Z

An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system.

6.9
2016-12-14 CVE-2016-9032 Joyent Buffer Errors vulnerability in Joyent Smartos 20161110T013148Z

An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system.

6.9
2016-12-14 CVE-2016-9031 Joyent Integer Overflow OR Wraparound vulnerability in Joyent Smartos 20161110T013148Z

An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system.

6.9
2016-12-13 CVE-2016-6664 Oracle
Mariadb
Percona
Link Following vulnerability in multiple products

mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.

6.9
2016-12-18 CVE-2016-5190 Google USE After Free vulnerability in Google Chrome

Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.

6.8
2016-12-18 CVE-2016-5186 Google Out-Of-Bounds Read vulnerability in Google Chrome

Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files.

6.8
2016-12-18 CVE-2016-5185 Google USE After Free vulnerability in Google Chrome

Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.

6.8
2016-12-18 CVE-2016-5184 Google USE After Free vulnerability in Google Chrome

PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files.

6.8
2016-12-18 CVE-2016-5183 Google USE After Free vulnerability in Google Chrome

A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files.

6.8
2016-12-18 CVE-2016-5182 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages.

6.8
2016-12-15 CVE-2016-7885 Adobe Cross-Site Request Forgery (CSRF) vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.2 and earlier have a vulnerability that could be used in Cross-Site Request Forgery attacks.

6.8
2016-12-14 CVE-2016-9199 Cisco Path Traversal vulnerability in Cisco IOX 1.1.0

A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system.

6.8
2016-12-14 CVE-2016-6468 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Emergency Responder 11.5(1.10000.4)

A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.

6.8
2016-12-13 CVE-2016-6491 Imagemagick
Oracle
Out-Of-Bounds Read vulnerability in Imagemagick

Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.

6.8
2016-12-13 CVE-2016-5688 Oracle
Imagemagick
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.

6.8
2016-12-12 CVE-2016-9429 W3M Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31.

6.8
2016-12-12 CVE-2016-9428 W3M Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31.

6.8
2016-12-12 CVE-2016-9426 W3M Project Integer Overflow OR Wraparound vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31.

6.8
2016-12-12 CVE-2016-9425 W3M Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31.

6.8
2016-12-12 CVE-2016-9424 W3M Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31.

6.8
2016-12-12 CVE-2016-9423 W3M Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31.

6.8
2016-12-12 CVE-2016-9422 W3M Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31.

6.8
2016-12-16 CVE-2016-6656 Pivotal Software Command Injection vulnerability in Pivotal Software Greenplum

An issue was discovered in Pivotal Greenplum before 4.3.10.0.

6.5
2016-12-14 CVE-2016-9207 Cisco Improper Input Validation vulnerability in Cisco Expressway X8.7.2/X8.8.3

A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts.

6.4
2016-12-14 CVE-2016-9204 Cisco Credentials Management vulnerability in Cisco Nexus 1000V Intercloud Firmware 2.2(1)

A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account.

6.4
2016-12-13 CVE-2015-5073 IBM
Pcre
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.

6.4
2016-12-13 CVE-2016-6520 Imagemagick Out-Of-Bounds Read vulnerability in Imagemagick

Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology.

6.4
2016-12-14 CVE-2016-6473 Cisco Injection vulnerability in Cisco IOS

A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm.

6.1
2016-12-17 CVE-2016-9160 Siemens 7PK - Security Features vulnerability in Siemens Simatic PCS 7 and Simatic Wincc

A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions.

5.8
2016-12-16 CVE-2016-6657 Pivotal Software Open Redirect vulnerability in Pivotal Software products

An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components.

5.8
2016-12-14 CVE-2016-6474 Cisco Improper Authentication vulnerability in Cisco IOS 15.5(2.25)T

A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality in Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on an affected system.

5.8
2016-12-16 CVE-2016-8820 Nvidia
Microsoft
Improper Input Validation vulnerability in Nvidia GPU Driver

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a check on a function return value is missing, potentially allowing an uninitialized value to be used as the source of a strcpy() call, leading to denial of service or information disclosure.

5.6
2016-12-16 CVE-2016-8827 Nvidia Path Traversal vulnerability in Nvidia Geforce Experience

NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack.

5.0
2016-12-16 CVE-2016-9838 Joomla Improper Access Control vulnerability in Joomla Joomla!

An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5.

5.0
2016-12-16 CVE-2016-9837 Joomla Permissions, Privileges, and Access Controls vulnerability in Joomla Joomla!

An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5.

5.0
2016-12-16 CVE-2013-1430 Xrdp
Debian
Credentials Management vulnerability in multiple products

An issue was discovered in xrdp before 0.9.1.

5.0
2016-12-15 CVE-2015-3271 Apache Information Exposure vulnerability in Apache Tika 1.9

Apache Tika server (aka tika-server) in Apache Tika 1.9 might allow remote attackers to read arbitrary files via the HTTP fileUrl header.

5.0
2016-12-15 CVE-2016-7889 Adobe Information Exposure vulnerability in Adobe Digital Editions

Adobe Digital Editions versions 4.5.2 and earlier has an issue with parsing crafted XML entries that could lead to information disclosure.

5.0
2016-12-15 CVE-2016-7888 Adobe Information Exposure vulnerability in Adobe Digital Editions

Adobe Digital Editions versions 4.5.2 and earlier has an important vulnerability that could lead to memory address leak.

5.0
2016-12-15 CVE-2016-7887 Adobe
Apple
Linux
Microsoft
Information Exposure vulnerability in Adobe Coldfusion Builder

Adobe ColdFusion Builder versions 2016 update 2 and earlier, 3.0.3 and earlier have an important vulnerability that could lead to information disclosure.

5.0
2016-12-15 CVE-2016-4046 Open Xchange Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11.

5.0
2016-12-14 CVE-2016-9212 Cisco Improper Input Validation vulnerability in Cisco web Security Appliance 9.0.1162/9.1.1074

A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer (SSL) or Transport Layer Security (TLS), even if the WSA is configured to block connections to the website.

5.0
2016-12-14 CVE-2016-9211 Cisco Improper Input Validation vulnerability in Cisco ONS 15454 SDH Multiservice Platform Software 10.51.0

A vulnerability in TCP port management in Cisco ONS 15454 Series Multiservice Provisioning Platforms could allow an unauthenticated, remote attacker to cause the controller card to unexpectedly reload.

5.0
2016-12-14 CVE-2016-9210 Cisco Path Traversal vulnerability in Cisco Unified Communications Manager 11.5(1.11007.2)

A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system.

5.0
2016-12-14 CVE-2016-9205 Cisco Resource Management Errors vulnerability in Cisco IOS XR 6.1.1

A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting in a denial of service (DoS) condition.

5.0
2016-12-14 CVE-2016-9203 Cisco Buffer Errors vulnerability in Cisco ASR 5000 Series Software 20.0.2.3.65026

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the ipsecmgr process.

5.0
2016-12-14 CVE-2016-9201 Cisco Improper Input Validation vulnerability in Cisco IOS 15.3(3)M3

A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based on the configuration.

5.0
2016-12-14 CVE-2016-9198 Cisco Resource Management Errors vulnerability in Cisco Identity Services Engine 1.2(1.199)

A vulnerability in the Active Directory integration component of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack.

5.0
2016-12-14 CVE-2016-9193 Cisco Improper Input Validation vulnerability in Cisco products

A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system.

5.0
2016-12-14 CVE-2016-6469 Cisco Resource Management Errors vulnerability in Cisco web Security Appliance 9.0.1162/9.1.1074

A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) vulnerability due to the proxy process unexpectedly restarting.

5.0
2016-12-14 CVE-2016-6467 Cisco Resource Management Errors vulnerability in Cisco ASR 5000 Series Software 20.0.0/21.0.0/21.0.M0.64702

A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit (NPU) process.

5.0
2016-12-14 CVE-2016-6464 Cisco Information Exposure vulnerability in Cisco Unified Communications Manager IM and Presence Service

A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted.

5.0
2016-12-13 CVE-2016-7952 Fedoraproject
X ORG
Improper Input Validation vulnerability in multiple products

X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data.

5.0
2016-12-13 CVE-2016-7946 X ORG
Fedoraproject
Improper Access Control vulnerability in multiple products

X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.

5.0
2016-12-13 CVE-2016-7945 Fedoraproject
X ORG
Out-Of-Bounds Read vulnerability in multiple products

Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.

5.0
2016-12-13 CVE-2016-6313 Gnupg
Debian
Canonical
Information Exposure vulnerability in multiple products

The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.

5.0
2016-12-13 CVE-2015-3418 X ORG Divide BY Zero vulnerability in X.Org Xorg-Server

The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request.

5.0
2016-12-13 CVE-2015-3217 Pcre
IBM
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.

5.0
2016-12-13 CVE-2016-5842 Imagemagick
Oracle
Out-Of-Bounds Read vulnerability in Imagemagick

MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.

5.0
2016-12-12 CVE-2016-9938 Digium Improper Authorization vulnerability in Digium Asterisk and Certified Asterisk

An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4.

5.0
2016-12-12 CVE-2016-9937 Digium Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Digium Asterisk

An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1.

5.0
2016-12-16 CVE-2016-8826 Nvidia
Linux
Microsoft
Resource Management Errors vulnerability in Nvidia GPU Driver

All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) where a user can cause a GPU interrupt storm, leading to a denial of service.

4.9
2016-12-14 CVE-2016-6449 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Fireamp Connector Endpoint Software 4.4.0/4.4.2.10200

A vulnerability in the system management of certain FireAMP system processes in Cisco FireAMP Connector Endpoint software could allow an authenticated, local attacker to stop certain protected FireAMP processes without requiring a password.

4.6
2016-12-13 CVE-2016-5647 Intel Permissions, Privileges, and Access Controls vulnerability in Intel Graphics Driver

The igdkmd64 module in the Intel Graphics Driver through 15.33.42.435, 15.36.x through 15.36.30.4385, and 15.40.x through 15.40.4404 on Windows allows local users to cause a denial of service (crash) or gain privileges via a crafted D3DKMTEscape request.

4.6
2016-12-13 CVE-2016-6663 Oracle
Percona
Mariadb
Race Condition vulnerability in multiple products

Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.

4.4
2016-12-18 CVE-2016-5193 Google Improper Input Validation vulnerability in Google Chrome

Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages.

4.3
2016-12-18 CVE-2016-5192 Google Improper Access Control vulnerability in Google Chrome

Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages.

4.3
2016-12-18 CVE-2016-5191 Google Cross-Site Scripting vulnerability in Google Chrome

Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:payload@example.com URL.

4.3
2016-12-18 CVE-2016-5189 Google Improper Access Control vulnerability in Google Chrome

Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.

4.3
2016-12-18 CVE-2016-5188 Google Improper Input Validation vulnerability in Google Chrome

Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages.

4.3
2016-12-18 CVE-2016-5187 Google Improper Input Validation vulnerability in Google Chrome

Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.

4.3
2016-12-18 CVE-2016-5181 Google Cross-Site Scripting vulnerability in Google Chrome

Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages.

4.3
2016-12-17 CVE-2016-9998 Spip Cross-Site Scripting vulnerability in Spip

SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.

4.3
2016-12-17 CVE-2016-9997 Spip Cross-Site Scripting vulnerability in Spip

SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL.

4.3
2016-12-17 CVE-2016-9951 Apport Project Improper Access Control vulnerability in Apport Project Apport

An issue was discovered in Apport before 2.20.4.

4.3
2016-12-17 CVE-2016-9159 Siemens Information Exposure vulnerability in Siemens products

A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl.

4.3
2016-12-16 CVE-2016-9964 Bottlepy
Debian
Crlf Injection vulnerability in multiple products

redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call.

4.3
2016-12-15 CVE-2016-7891 Adobe
Microsoft
Cross-Site Scripting vulnerability in Adobe Robohelp

Adobe RoboHelp version 2015.0.3 and earlier, RoboHelp 11 and earlier have an input validation issue that could be used in cross-site scripting attacks.

4.3
2016-12-15 CVE-2016-7884 Adobe Cross-Site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.1 and earlier have an input validation issue in the DAM create assets that could be used in cross-site scripting attacks.

4.3
2016-12-15 CVE-2016-7883 Adobe Cross-Site Scripting vulnerability in Adobe Experience Manager 6.2.0

Adobe Experience Manager version 6.2 has an input validation issue in create Launch wizard that could be used in cross-site scripting attacks.

4.3
2016-12-15 CVE-2016-7882 Adobe Cross-Site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.2 and earlier have an input validation issue in the WCMDebug filter that could be used in cross-site scripting attacks.

4.3
2016-12-15 CVE-2016-6934 Adobe Cross-Site Scripting vulnerability in Adobe Experience Manager Forms and Livecycle

Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks.

4.3
2016-12-15 CVE-2016-6933 Adobe Cross-Site Scripting vulnerability in Adobe Experience Manager and Livecycle

Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks.

4.3
2016-12-15 CVE-2016-6854 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange OX Guard

An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5.

4.3
2016-12-15 CVE-2016-6853 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange OX Guard

An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5.

4.3
2016-12-15 CVE-2016-6852 Open Xchange Information Exposure vulnerability in Open-Xchange Appsuite

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8.

4.3
2016-12-15 CVE-2016-6851 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange OX Guard

An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5.

4.3
2016-12-15 CVE-2016-6850 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8.

4.3
2016-12-15 CVE-2016-6847 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8.

4.3
2016-12-15 CVE-2016-6845 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8.

4.3
2016-12-15 CVE-2016-6844 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8.

4.3
2016-12-15 CVE-2016-6843 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8.

4.3
2016-12-15 CVE-2016-6842 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8.

4.3
2016-12-15 CVE-2016-5740 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5.

4.3
2016-12-15 CVE-2016-5124 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14.

4.3
2016-12-15 CVE-2016-4048 Open Xchange Content Spoofing vulnerability in Open-Xchange AppSuite

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11.

4.3
2016-12-15 CVE-2016-4045 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11.

4.3
2016-12-15 CVE-2016-4026 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11.

4.3
2016-12-15 CVE-2016-3174 Open Xchange Open Redirect vulnerability in Open-Xchange Appsuite

An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27.

4.3
2016-12-15 CVE-2016-2840 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26.

4.3
2016-12-14 CVE-2016-9214 Cisco Cross-Site Scripting vulnerability in Cisco Identity Services Engine Software 2.0(1.130)

Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system.

4.3
2016-12-14 CVE-2016-9209 Cisco 7PK - Security Features vulnerability in Cisco Firepower Services for Adaptive Security Appliance

A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked.

4.3
2016-12-14 CVE-2016-9206 Cisco Cross-Site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.10000.6)

A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks.

4.3
2016-12-14 CVE-2016-9202 Cisco Cross-Site Scripting vulnerability in Cisco Email Security Appliance

A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device.

4.3
2016-12-14 CVE-2016-9200 Cisco Cross-Site Scripting vulnerability in Cisco Prime Collaboration Assurance 10.5.1/10.6.0

A vulnerability in the web framework code of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface.

4.3
2016-12-14 CVE-2016-6465 Cisco Improper Input Validation vulnerability in Cisco Email Security Appliance

A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances and Cisco Web Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device.

4.3
2016-12-14 CVE-2016-1411 Cisco Cryptographic Issues vulnerability in Cisco products

A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server.

4.3
2016-12-13 CVE-2016-5060 Naver Cross-Site Scripting vulnerability in Naver Ngrinder

Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter to user/save.

4.3
2016-12-13 CVE-2016-6722 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in libstagefright in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to access data outside of its permission levels.

4.3
2016-12-13 CVE-2016-6720 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in libstagefright in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to access data outside of its permission levels.

4.3
2016-12-12 CVE-2016-9633 W3M Project Resource Management Errors vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33.

4.3
2016-12-12 CVE-2016-9632 W3M Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33.

4.3
2016-12-12 CVE-2016-9631 W3M Project Null Pointer Dereference vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33.

4.3
2016-12-12 CVE-2016-9630 W3M Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33.

4.3
2016-12-12 CVE-2016-9629 W3M Project Null Pointer Dereference vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33.

4.3
2016-12-12 CVE-2016-9628 W3M Project Null Pointer Dereference vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33.

4.3
2016-12-12 CVE-2016-9627 W3M Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33.

4.3
2016-12-12 CVE-2016-9626 W3M Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33.

4.3
2016-12-12 CVE-2016-9625 W3M Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33.

4.3
2016-12-12 CVE-2016-9624 W3M Project Null Pointer Dereference vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33.

4.3
2016-12-12 CVE-2016-9623 W3M Project Null Pointer Dereference vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33.

4.3
2016-12-12 CVE-2016-9622 W3M Project Null Pointer Dereference vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33.

4.3
2016-12-12 CVE-2016-9443 W3M Project Null Pointer Dereference vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31.

4.3
2016-12-12 CVE-2016-9442 W3M Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31.

4.3
2016-12-12 CVE-2016-9441 W3M Project Null Pointer Dereference vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31.

4.3
2016-12-12 CVE-2016-9440 W3M Project Null Pointer Dereference vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31.

4.3
2016-12-12 CVE-2016-9439 W3M Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31.

4.3
2016-12-12 CVE-2016-9438 W3M Project Null Pointer Dereference vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31.

4.3
2016-12-12 CVE-2016-9437 W3M Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31.

4.3
2016-12-12 CVE-2016-9434 W3M Project Null Pointer Dereference vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31.

4.3
2016-12-12 CVE-2016-9433 W3M Project Out-Of-Bounds Read vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31.

4.3
2016-12-12 CVE-2016-9432 W3M Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31.

4.3
2016-12-12 CVE-2016-9431 W3M Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31.

4.3
2016-12-12 CVE-2016-9430 W3M Project Null Pointer Dereference vulnerability in W3M Project W3M

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31.

4.3
2016-12-15 CVE-2016-4047 Open Xchange Information Exposure vulnerability in Open-Xchange Appsuite

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8.

4.0
2016-12-15 CVE-2015-8542 Open Xchange KEY Management Errors vulnerability in Open-Xchange OX Guard 2.0.0

An issue was discovered in Open-Xchange Guard before 2.2.0-rev8.

4.0
2016-12-14 CVE-2016-9208 Cisco Path Traversal vulnerability in Cisco Emergency Responder 11.5(2.10000.5)

A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device.

4.0
2016-12-14 CVE-2016-6471 Cisco Information Exposure vulnerability in Cisco Firesight System Software 5.4.1.6

A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password.

4.0

10 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-12-15 CVE-2016-4028 Open Xchange Credentials Management vulnerability in Open-Xchange OX Guard

An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8.

3.5
2016-12-15 CVE-2016-4027 Open Xchange Information Exposure vulnerability in Open-Xchange Appsuite

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10.

3.5
2016-12-15 CVE-2016-3173 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27.

3.5
2016-12-14 CVE-2016-4443 Redhat Information Exposure Through LOG Files vulnerability in Redhat Enterprise Virtualization 3.6

Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.

2.1
2016-12-13 CVE-2016-7440 Mariadb
Oracle
Wolfssl
Cryptographic Issues vulnerability in multiple products

The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.

2.1
2016-12-13 CVE-2016-7439 Wolfssl Cryptographic Issues vulnerability in Wolfssl

The C software implementation of RSA in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences.

2.1
2016-12-13 CVE-2016-7438 Wolfssl Cryptographic Issues vulnerability in Wolfssl

The C software implementation of ECC in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences.

2.1
2016-12-15 CVE-2016-6848 Open Xchange 7PK - Security Features vulnerability in Open-Xchange Appsuite

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8.

1.9
2016-12-14 CVE-2016-3685 SAP
Apple
Microsoft
Credentials Management vulnerability in SAP Download Manager 1.1.3.0/2.1.142

SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of a hardcoded key in the program code and a computer BIOS serial number, aka SAP Security Note 2282338.

1.9
2016-12-14 CVE-2016-3684 SAP
Apple
Microsoft
Unspecified vulnerability in SAP Download Manager 1.1.3.0/2.1.142

SAP Download Manager 2.1.142 and earlier uses a hardcoded encryption key to protect stored data, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of this key, aka SAP Security Note 2282338.

1.9