Weekly Vulnerabilities Reports > December 19 to 25, 2016

Overview

90 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 19 high severity vulnerabilities. This weekly summary report vulnerabilities in 80 products from 32 vendors including Microsoft, Ffmpeg, Qemu, KDE, and Redhat. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", "Out-of-bounds Read", "Cross-site Scripting", and "Improper Input Validation".

  • 73 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities have public exploit available.
  • 19 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 86 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 41 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 8 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

8 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-12-20 CVE-2016-7298 Microsoft Buffer Errors vulnerability in Microsoft Office and Word Viewer

Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3
2016-12-20 CVE-2016-7289 Microsoft Buffer Errors vulnerability in Microsoft Publisher 2010

Microsoft Publisher 2010 SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3
2016-12-20 CVE-2016-7283 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2016-12-20 CVE-2016-7277 Microsoft Buffer Errors vulnerability in Microsoft Office 2016

Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3
2016-12-20 CVE-2016-7274 Microsoft Data Processing Errors vulnerability in Microsoft products

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability."

9.3
2016-12-20 CVE-2016-7273 Microsoft Data Processing Errors vulnerability in Microsoft Windows 10 and Windows Server 2016

The Graphics component in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Remote Code Execution Vulnerability."

9.3
2016-12-20 CVE-2016-7272 Microsoft Data Processing Errors vulnerability in Microsoft products

The Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Remote Code Execution Vulnerability."

9.3
2016-12-20 CVE-2016-7263 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Excel FOR mac 2011/2016

Microsoft Excel for Mac 2011 and Excel 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3

19 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-12-23 CVE-2016-9037 Tarantool Out-Of-Bounds Read vulnerability in Tarantool 1.7.2

An exploitable out-of-bounds array access vulnerability exists in the xrow_header_decode function of Tarantool 1.7.2.0-g8e92715.

7.8
2016-12-20 CVE-2016-7297 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7288, and CVE-2016-7296.

7.6
2016-12-20 CVE-2016-7296 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7288, and CVE-2016-7297.

7.6
2016-12-20 CVE-2016-7288 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7296, and CVE-2016-7297.

7.6
2016-12-20 CVE-2016-7287 Microsoft Buffer Errors vulnerability in Microsoft Edge and Internet Explorer

The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

7.6
2016-12-20 CVE-2016-7286 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7288, CVE-2016-7296, and CVE-2016-7297.

7.6
2016-12-20 CVE-2016-7279 Microsoft Buffer Errors vulnerability in Microsoft Edge and Internet Explorer

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."

7.6
2016-12-20 CVE-2016-7181 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."

7.6
2016-12-24 CVE-2016-10039 Modx Path Traversal vulnerability in Modx Revolution

Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/getfiles.

7.5
2016-12-24 CVE-2016-10038 Modx Path Traversal vulnerability in Modx Revolution

Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/remove.

7.5
2016-12-24 CVE-2016-10037 Modx Path Traversal vulnerability in Modx Revolution

Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist.

7.5
2016-12-23 CVE-2016-7968 KDE Code Injection vulnerability in KDE Kmail 4.4.0/5.2.3/5.3.0

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled.

7.5
2016-12-23 CVE-2016-7966 KDE
Debian
Fedoraproject
Suse
Code Injection vulnerability in multiple products

Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer.

7.5
2016-12-22 CVE-2016-7954 Bundler Code Injection vulnerability in Bundler

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source.

7.5
2016-12-19 CVE-2016-2355 Dotcms SQL Injection vulnerability in Dotcms

SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1.

7.5
2016-12-20 CVE-2016-7292 Microsoft Data Processing Errors vulnerability in Microsoft products

The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Installer Elevation of Privilege Vulnerability."

7.2
2016-12-20 CVE-2016-7275 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Office 2010/2013/2016

Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."

7.2
2016-12-20 CVE-2016-7260 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

7.2
2016-12-20 CVE-2016-7259 Microsoft Data Processing Errors vulnerability in Microsoft products

The Graphics Component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

7.2

52 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-12-23 CVE-2016-8707 Imagemagick Out-Of-Bounds Write vulnerability in Imagemagick 7.0.31

An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility.

6.8
2016-12-23 CVE-2016-7502 Ffmpeg Out-Of-Bounds Read vulnerability in Ffmpeg

The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode.

6.8
2016-12-23 CVE-2016-7450 Ffmpeg Out-Of-Bounds Read vulnerability in Ffmpeg

The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file.

6.8
2016-12-23 CVE-2016-6671 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file.

6.8
2016-12-22 CVE-2016-9675 Openjpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openjpeg

openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045.

6.8
2016-12-21 CVE-2016-5851 Python Openxml XXE vulnerability in Python-Openxml Python-Docx

python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted document.

6.8
2016-12-20 CVE-2016-7266 Microsoft Improper Input Validation vulnerability in Microsoft products

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka "Microsoft Office Security Feature Bypass Vulnerability."

6.8
2016-12-20 CVE-2016-7262 Microsoft Improper Input Validation vulnerability in Microsoft Excel, Excel Viewer and Office Compatibility Pack

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka "Microsoft Office Security Feature Bypass Vulnerability."

6.8
2016-12-22 CVE-2016-9180 Xmltwig XXE vulnerability in Xmltwig Xml-Twig FOR Perl

perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work.

6.4
2016-12-23 CVE-2016-7967 KDE Improper Access Control vulnerability in KDE Kmail 4.4.0/5.2.3/5.3.0

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled.

5.8
2016-12-22 CVE-2016-9181 Image Info Project XXE vulnerability in Image-Info Project Image-Info for Perl 1.16/1.30

perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled.

5.8
2016-12-20 CVE-2016-7291 Microsoft Out-Of-Bounds Read vulnerability in Microsoft products

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7290.

5.8
2016-12-20 CVE-2016-7290 Microsoft Out-Of-Bounds Read vulnerability in Microsoft products

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7291.

5.8
2016-12-20 CVE-2016-7276 Microsoft Out-Of-Bounds Read vulnerability in Microsoft Office and Office FOR mac

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."

5.8
2016-12-20 CVE-2016-7268 Microsoft Out-Of-Bounds Read vulnerability in Microsoft products

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."

5.8
2016-12-20 CVE-2016-7265 Microsoft Out-Of-Bounds Read vulnerability in Microsoft products

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."

5.8
2016-12-20 CVE-2016-7264 Microsoft Out-Of-Bounds Read vulnerability in Microsoft products

Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."

5.8
2016-12-23 CVE-2016-9036 Tarantool Out-Of-Bounds Read vulnerability in Tarantool Msgpuck 1.0.3

An exploitable incorrect return value vulnerability exists in the mp_check function of Tarantool's Msgpuck library 1.0.3.

5.0
2016-12-23 CVE-2016-9154 Siemens Insufficient Entropy in PRNG vulnerability in Siemens products

Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U (All firmware versions < V6.00.046) use a pseudo random number generator with insufficient entropy to generate certificates for HTTPS, potentially allowing remote attackers to reconstruct the corresponding private key.

5.0
2016-12-22 CVE-2016-9179 Lynx Improper Input Validation vulnerability in Lynx

lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host.

5.0
2016-12-21 CVE-2016-7172 Netapp Information Exposure vulnerability in Netapp Snap Creator Framework

NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user.

5.0
2016-12-21 CVE-2016-2349 BMC Weak Password Recovery Mechanism for Forgotten Password vulnerability in BMC Remedy Action Request System 8.1/9.0/9.1

Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password.

5.0
2016-12-20 CVE-2016-7270 Microsoft Cryptographic Issues vulnerability in Microsoft .Net Framework 4.6.2

The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure Vulnerability."

5.0
2016-12-19 CVE-2016-10005 SAP Information Exposure vulnerability in SAP Solution Manager 7.1/7.20/7.31

Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd requests, aka SAP Security Note 2344524.

5.0
2016-12-23 CVE-2016-9912 Qemu Missing Release of Resource After Effective Lifetime vulnerability in Qemu

Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue.

4.9
2016-12-23 CVE-2016-9911 Qemu
Debian
Redhat
Missing Release of Resource After Effective Lifetime vulnerability in multiple products

Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue.

4.9
2016-12-23 CVE-2016-9907 Qemu
Debian
Redhat
Missing Release of Resource After Effective Lifetime vulnerability in multiple products

Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw.

4.9
2016-12-22 CVE-2016-7091 Redhat Information Exposure vulnerability in Redhat products

sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure.

4.9
2016-12-25 CVE-2016-10041 Sprecher Automation Permissions, Privileges, and Access Controls vulnerability in Sprecher-Automation Sprecon-E Service Program 3.42

An issue was discovered in Sprecher Automation SPRECON-E Service Program before 3.43 SP0.

4.6
2016-12-23 CVE-2016-2312 KDE
Fedoraproject
Opensuse
7PK - Security Features vulnerability in multiple products

Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.

4.6
2016-12-20 CVE-2016-7300 Microsoft Untrusted Search Path vulnerability in Microsoft Auto Updater FOR mac

Untrusted search path vulnerability in Microsoft Auto Updater for Mac allows local users to gain privileges via a Trojan horse executable file, aka "Microsoft (MAU) Office Elevation of Privilege Vulnerability."

4.6
2016-12-20 CVE-2016-7271 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows 10 and Windows Server 2016

The Secure Kernel Mode implementation in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to bypass the virtual trust level (VTL) protection mechanism via a crafted application, aka "Secure Kernel Mode Elevation of Privilege Vulnerability."

4.6
2016-12-24 CVE-2016-10006 Antisamy Project Cross-Site Scripting vulnerability in Antisamy Project Antisamy

In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code.

4.3
2016-12-23 CVE-2016-6910 Google Information Exposure vulnerability in Google Android 5.0.2/5.1.1/6.0.1

The non-existent notification listener vulnerability was introduced in the initial Android 5.0.2 builds for the Samsung Galaxy S6 Edge devices, but the vulnerability can persist on the device even after the device has been upgraded to an Android 5.1.1 or 6.0.1 build.

4.3
2016-12-23 CVE-2016-9889 Tiki Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware

Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don't have the input sanitized, related to tiki-setup.php and article_image.php.

4.3
2016-12-23 CVE-2016-9561 Ffmpeg Resource Management Errors vulnerability in Ffmpeg

The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file.

4.3
2016-12-23 CVE-2016-8595 Ffmpeg Improper Input Validation vulnerability in Ffmpeg

The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.

4.3
2016-12-23 CVE-2016-7905 Ffmpeg Null Pointer Dereference vulnerability in Ffmpeg

The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file.

4.3
2016-12-23 CVE-2016-7785 Ffmpeg Improper Input Validation vulnerability in Ffmpeg

The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.

4.3
2016-12-23 CVE-2016-7562 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file.

4.3
2016-12-23 CVE-2016-7555 Ffmpeg Information Exposure vulnerability in Ffmpeg

The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure.

4.3
2016-12-23 CVE-2016-7122 Ffmpeg Resource Management Errors vulnerability in Ffmpeg

The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure.

4.3
2016-12-23 CVE-2016-6881 Ffmpeg Resource Management Errors vulnerability in Ffmpeg

The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file.

4.3
2016-12-20 CVE-2016-5303 Horde Cross-Site Scripting vulnerability in Horde Groupware 5.2.15

Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink attribute.

4.3
2016-12-20 CVE-2016-4552 Roundcube Cross-Site Scripting vulnerability in Roundcube Webmail 1.2

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.

4.3
2016-12-20 CVE-2016-7284 Microsoft Information Exposure vulnerability in Microsoft Internet Explorer 10/11

Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."

4.3
2016-12-20 CVE-2016-7282 Microsoft Cross-Site Scripting vulnerability in Microsoft Edge and Internet Explorer

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."

4.3
2016-12-20 CVE-2016-7280 Microsoft Cross-Site Scripting vulnerability in Microsoft Edge

Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7206.

4.3
2016-12-20 CVE-2016-7267 Microsoft Improper Input Validation vulnerability in Microsoft Excel 2010/2013/2016

Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses file formats, which makes it easier for remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability."

4.3
2016-12-20 CVE-2016-7257 Microsoft Information Exposure vulnerability in Microsoft products

The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability."

4.3
2016-12-20 CVE-2016-7206 Microsoft Cross-Site Scripting vulnerability in Microsoft Edge

Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7280.

4.3
2016-12-23 CVE-2016-7787 KDE
Opensuse
Code Injection vulnerability in multiple products

A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.

4.0

11 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-12-25 CVE-2016-9681 S9Y Cross-Site Scripting vulnerability in S9Y Serendipity

Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name.

3.5
2016-12-20 CVE-2016-9757 Rapid7 Cross-Site Scripting vulnerability in Rapid7 Nexpose 6.4.12

In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag name field.

3.5
2016-12-23 CVE-2016-6659 Pivotal Software Improper Authentication vulnerability in Pivotal Software products

Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3 allow attackers to gain privileges by accessing UAA logs and subsequently running a specially crafted application that interacts with a configured SAML provider.

2.6
2016-12-20 CVE-2016-7281 Microsoft 7PK - Security Features vulnerability in Microsoft Edge and Internet Explorer

The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Security Feature Bypass Vulnerability."

2.6
2016-12-20 CVE-2016-7278 Microsoft Information Exposure vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Hyperlink Object Library Information Disclosure Vulnerability."

2.6
2016-12-23 CVE-2016-9923 Qemu USE After Free vulnerability in Qemu

Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue.

2.1
2016-12-23 CVE-2016-9921 Qemu
Debian
Redhat
Divide BY Zero vulnerability in multiple products

Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue.

2.1
2016-12-23 CVE-2016-9908 Qemu Information Exposure vulnerability in Qemu

Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue.

2.1
2016-12-20 CVE-2016-7295 Microsoft Information Exposure vulnerability in Microsoft products

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information from process memory via a crafted application, aka "Windows Common Log File System Driver Information Disclosure Vulnerability."

2.1
2016-12-20 CVE-2016-7258 Microsoft Information Exposure vulnerability in Microsoft Windows 10 and Windows Server 2016

The kernel in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 mishandles page-fault system calls, which allows local users to obtain sensitive information from arbitrary processes via a crafted application, aka "Windows Kernel Memory Address Information Disclosure Vulnerability."

2.1
2016-12-20 CVE-2016-7219 Microsoft Information Exposure vulnerability in Microsoft products

The Crypto driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Windows Crypto Driver Information Disclosure Vulnerability."

2.1