Weekly Vulnerabilities Reports > January 16 to 22, 2017

Overview

135 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 26 high severity vulnerabilities. This weekly summary report vulnerabilities in 69 products from 48 vendors including Google, Zimbra, Synacor, Moodle, and Libtiff. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Use After Free", and "Information Exposure".

  • 125 reported vulnerabilities are remotely exploitables.
  • 12 reported vulnerabilities have public exploit available.
  • 42 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 122 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 33 reported vulnerabilities.
  • Samsung has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-01-18 CVE-2016-6527 Samsung Permissions, Privileges, and Access Controls vulnerability in Samsung Mobile 5.0/5.1/6.0

The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object.

9.3
2017-01-18 CVE-2016-6526 Samsung Permissions, Privileges, and Access Controls vulnerability in Samsung Mobile 5.0/5.1/6.0

The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object.

9.3
2017-01-18 CVE-2014-9909 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

9.3

26 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-01-19 CVE-2016-7545 Selinux Project
Fedoraproject
Redhat
Improper Access Control vulnerability in multiple products

SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.

8.8
2017-01-19 CVE-2016-5213 Google Use After Free vulnerability in Google Chrome

A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2017-01-19 CVE-2016-5211 Google Use After Free vulnerability in Google Chrome

A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8
2017-01-19 CVE-2016-5210 Google Out-of-bounds Write vulnerability in Google Chrome

Heap buffer overflow during TIFF image parsing in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8
2017-01-19 CVE-2016-5209 Google Out-of-bounds Write vulnerability in Google Chrome

Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2017-01-19 CVE-2016-5206 Google Improper Access Control vulnerability in Google Chrome

The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.

8.8
2017-01-19 CVE-2016-5203 Google Use After Free vulnerability in Google Chrome

A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8
2017-01-19 CVE-2016-5200 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome

V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android incorrectly applied type rules, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2017-01-19 CVE-2016-5199 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome

An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file.

8.8
2017-01-19 CVE-2016-5198 Google
Redhat
Out-of-bounds Write vulnerability in multiple products

V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.

8.8
2017-01-19 CVE-2016-5197 Google Improper Input Validation vulnerability in Google Chrome

The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbitrary activity on the system via a crafted HTML page.

8.8
2017-01-19 CVE-2016-5196 Google 7PK - Security Features vulnerability in Google Chrome

The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page.

8.8
2017-01-19 CVE-2016-7543 GNU
Fedoraproject
Improper Input Validation vulnerability in multiple products

Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.

8.4
2017-01-17 CVE-2017-5521 Netgear Unspecified vulnerability in Netgear products

An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices.

8.1
2017-01-18 CVE-2014-9910 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

7.6
2017-01-20 CVE-2017-5543 Intelliants Code Injection vulnerability in Intelliants Subrion 4.0.5

includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request.

7.5
2017-01-19 CVE-2016-7794 Sociomantic Improper Access Control vulnerability in Sociomantic Git-Hub

sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository name.

7.5
2017-01-19 CVE-2015-8212 Netbsd Improper Input Validation vulnerability in Netbsd

CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program.

7.5
2017-01-18 CVE-2016-9679 Citrix Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Citrix Provisioning Services

Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer.

7.5
2017-01-18 CVE-2016-9678 Citrix Use After Free vulnerability in Citrix Provisioning Services

Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.

7.5
2017-01-18 CVE-2016-9676 Citrix Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Citrix Provisioning Services

Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.

7.5
2017-01-18 CVE-2016-7996 Graphicsmagick Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Graphicsmagick

Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.

7.5
2017-01-17 CVE-2017-5519 Metalgenix SQL Injection vulnerability in Metalgenix Genixcms

SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2017-01-17 CVE-2017-5517 Metalgenix SQL Injection vulnerability in Metalgenix Genixcms

SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter.

7.5
2017-01-20 CVE-2016-6253 Netbsd Link Following vulnerability in Netbsd

mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.

7.2
2017-01-19 CVE-2016-9016 Firejail Project Improper Access Control vulnerability in Firejail Project Firejail 0.9.38.4

Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.

7.2

101 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-01-19 CVE-2016-7793 Sociomantic Improper Access Control vulnerability in Sociomantic Git-Hub

sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL.

6.8
2017-01-18 CVE-2016-3406 Zimbra
Synacor
Cross-Site Request Forgery (CSRF) vulnerability in Synacor Zimbra Collaboration Suite

Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the Client uploader extension or (2) extension REST handlers, aka bugs 104294 and 104456.

6.8
2017-01-18 CVE-2016-7980 Spip Cross-Site Request Forgery (CSRF) vulnerability in Spip

Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request.

6.8
2017-01-18 CVE-2016-7144 Unrealircd Improper Authentication vulnerability in Unrealircd

The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.

6.8
2017-01-18 CVE-2016-2087 Hexchat Project Path Traversal vulnerability in Hexchat Project Hexchat 2.11.0

Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a ..

6.8
2017-01-20 CVE-2016-9436 Opensuse Project
Opensuse
Tats
Improper Input Validation vulnerability in multiple products

parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.

6.5
2017-01-20 CVE-2016-9435 Opensuse Project
Opensuse
Tats
Improper Input Validation vulnerability in multiple products

The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags.

6.5
2017-01-19 CVE-2016-5223 Google Integer Overflow or Wraparound vulnerability in Google Chrome

Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption or DoS via a crafted PDF file.

6.5
2017-01-19 CVE-2016-5222 Google Improper Input Validation vulnerability in Google Chrome

Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5
2017-01-19 CVE-2016-5220 Google Information Exposure vulnerability in Google Chrome

PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to read local files via a crafted PDF file.

6.5
2017-01-19 CVE-2016-5218 Google Improper Input Validation vulnerability in Google Chrome

The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox (URL bar) via a crafted HTML page containing PDF data.

6.5
2017-01-19 CVE-2016-5217 Google Improper Access Control vulnerability in Google Chrome

The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page.

6.5
2017-01-19 CVE-2016-5212 Google Information Exposure vulnerability in Google Chrome

Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android insufficiently sanitized DevTools URLs, which allowed a remote attacker to read local files via a crafted HTML page.

6.5
2017-01-19 CVE-2016-5201 Google Information Exposure vulnerability in Google Chrome

A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page.

6.5
2017-01-18 CVE-2016-7998 Spip Improper Input Validation vulnerability in Spip

The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action.

6.5
2017-01-17 CVE-2017-5520 Metalgenix Unrestricted Upload of File with Dangerous Type vulnerability in Metalgenix Genixcms

The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions.

6.5
2017-01-21 CVE-2017-5545 Libimobiledevice Out-of-bounds Read vulnerability in Libimobiledevice Libplist

The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short.

6.4
2017-01-18 CVE-2016-3415 Zimbra
Synacor
Deserialization of Untrusted Data vulnerability in Synacor Zimbra Collaboration Suite

Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276.

6.4
2017-01-18 CVE-2016-9584 Libical Project Use After Free vulnerability in Libical Project Libical 2.0

libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file.

6.4
2017-01-19 CVE-2016-5221 Google Integer Overflow or Wraparound vulnerability in Google Chrome

Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android possibly allowed a remote attacker to bypass buffer validation via a crafted HTML page.

6.3
2017-01-19 CVE-2016-5219 Google Use After Free vulnerability in Google Chrome

A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.3
2017-01-19 CVE-2016-5216 Google Use After Free vulnerability in Google Chrome

A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

6.3
2017-01-19 CVE-2016-5215 Google Use After Free vulnerability in Google Chrome

A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

6.3
2017-01-19 CVE-2016-5226 Google Cross-site Scripting vulnerability in Google Chrome

Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar.

6.1
2017-01-19 CVE-2016-5208 Google Cross-site Scripting vulnerability in Google Chrome

Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

6.1
2017-01-19 CVE-2016-5207 Google Cross-site Scripting vulnerability in Google Chrome

In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page.

6.1
2017-01-19 CVE-2016-5205 Google Cross-site Scripting vulnerability in Google Chrome

Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac, incorrectly handles deferred page loads, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

6.1
2017-01-19 CVE-2016-5204 Google Cross-site Scripting vulnerability in Google Chrome

Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

6.1
2017-01-16 CVE-2016-7904 Cmsmadesimple Cross-Site Request Forgery (CSRF) vulnerability in Cmsmadesimple CMS Made Simple

Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request.

6.0
2017-01-20 CVE-2016-5014 Moodle Information Exposure vulnerability in Moodle

In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.

5.8
2017-01-20 CVE-2016-5013 Moodle Injection vulnerability in Moodle

In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam.

5.8
2017-01-18 CVE-2016-10086 CA
IBM
Linux
Microsoft
Oracle
Permissions, Privileges, and Access Controls vulnerability in CA Service Desk Management and Service Desk Manager

RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request.

5.5
2017-01-18 CVE-2016-6896 Wordpress Path Traversal vulnerability in Wordpress 4.5.3

Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a ..

5.5
2017-01-18 CVE-2016-10147 Linux NULL Pointer Dereference vulnerability in Linux Kernel

crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5).

5.5
2017-01-20 CVE-2016-5323 Libtiff
Opensuse
Divide By Zero vulnerability in multiple products

The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.

5.0
2017-01-20 CVE-2014-9755 Viprinet Improper Input Validation vulnerability in Viprinet Multichannel VPN Router 300 Firmware 2013070830/2013080900

The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows remote attackers to perform a replay attack.

5.0
2017-01-20 CVE-2017-5541 Getsymphony Path Traversal vulnerability in Getsymphony Symphony

Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a ..

5.0
2017-01-20 CVE-2017-2576 Moodle Improper Input Validation vulnerability in Moodle

In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums.

5.0
2017-01-20 CVE-2016-8644 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context.

5.0
2017-01-20 CVE-2016-8642 Moodle Improper Access Control vulnerability in Moodle

In Moodle 2.x and 3.x, the question engine allows access to files that should not be available.

5.0
2017-01-20 CVE-2016-7038 Moodle Weak Password Recovery Mechanism for Forgotten Password vulnerability in Moodle

In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.

5.0
2017-01-20 CVE-2016-5012 Moodle Information Exposure vulnerability in Moodle 3.1.0

In Moodle 3.x, glossary search displays entries without checking user permissions to view them.

5.0
2017-01-20 CVE-2016-10143 Tiki Information Exposure vulnerability in Tiki Tikiwiki Cms/Groupware 15.2

A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field.

5.0
2017-01-18 CVE-2016-9680 Citrix Information Exposure vulnerability in Citrix Provisioning Services

Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive information from kernel memory via unspecified vectors.

5.0
2017-01-18 CVE-2016-9677 Citrix Information Exposure vulnerability in Citrix Provisioning Services

Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors.

5.0
2017-01-18 CVE-2016-6497 Apache 7PK - Security Features vulnerability in Apache Groovy Ldap

main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.

5.0
2017-01-18 CVE-2016-6271 Bzrtp Project 7PK - Security Features vulnerability in Bzrtp Project Bzrtp 1.0.0/1.0.2/1.0.3

The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception.

5.0
2017-01-18 CVE-2016-3413 Zimbra
Synacor
Security vulnerability in Synacor Zimbra Collaboration Suite

Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103996.

5.0
2017-01-18 CVE-2016-3405 Zimbra
Synacor
Security vulnerability in Synacor Zimbra Collaboration Suite

Multiple unspecified vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to affect integrity via unknown vectors, aka bugs 103961 and 104828.

5.0
2017-01-18 CVE-2016-3404 Zimbra
Synacor
Security vulnerability in Synacor Zimbra Collaboration Suite

Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103959.

5.0
2017-01-18 CVE-2016-3402 Zimbra
Synacor
Security vulnerability in Synacor Zimbra Collaboration Suite

Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect confidentiality via unknown vectors, aka bug 99167.

5.0
2017-01-18 CVE-2016-9297 Libtiff Out-of-bounds Read vulnerability in Libtiff 4.0.6

The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values.

5.0
2017-01-18 CVE-2016-9279 Samsung Use After Free vulnerability in Samsung Exynos Fimg2D Driver

Use-after-free vulnerability in the Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows attackers to obtain sensitive information via unspecified vectors.

5.0
2017-01-18 CVE-2016-9109 Artifex Out-of-bounds Read vulnerability in Artifex Mujs

Artifex Software MuJS allows attackers to cause a denial of service (crash) via vectors related to incomplete escape sequences.

5.0
2017-01-18 CVE-2016-7997 Graphicsmagick NULL Pointer Dereference vulnerability in Graphicsmagick

The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.

5.0
2017-01-18 CVE-2016-7982 Spip Path Traversal vulnerability in Spip

Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action.

5.0
2017-01-18 CVE-2016-7564 Artifex Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Artifex Mujs

Heap-based buffer overflow in the Fp_toString function in jsfunction.c in Artifex Software MuJS allows attackers to cause a denial of service (crash) via crafted input.

5.0
2017-01-18 CVE-2016-7563 Artifex Out-of-bounds Read vulnerability in Artifex Mujs

The chartorune function in Artifex Software MuJS allows attackers to cause a denial of service (out-of-bounds read) via a * (asterisk) at the end of the input.

5.0
2017-01-18 CVE-2016-6823 Imagemagick Integer Overflow or Wraparound vulnerability in Imagemagick

Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.

5.0
2017-01-18 CVE-2016-2233 Hexchat Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hexchat Project Hexchat 2.10.2

Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash) via a large number of options in a CAP LS message.

5.0
2017-01-18 CVE-2016-9278 Samsung Improper Input Validation vulnerability in Samsung Exynos Fimg2D Driver

The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows local users to cause a denial of service (kernel panic) via a crafted ioctl command.

4.9
2017-01-19 CVE-2016-10075 Tqdm Project Code vulnerability in Tqdm Project Tqdm 4.10/4.4.1

The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory.

4.6
2017-01-20 CVE-2016-5321 Opensuse
Libtiff
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image.

4.3
2017-01-20 CVE-2016-5319 Libtiff Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff

Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file.

4.3
2017-01-20 CVE-2016-5318 Libtiff Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff

Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff.

4.3
2017-01-20 CVE-2016-5317 Libtiff
Opensuse
Opensuse Project
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file.

4.3
2017-01-20 CVE-2016-5316 Libtiff
Opensuse
Opensuse Project
Out-of-bounds Read vulnerability in multiple products

Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.

4.3
2017-01-20 CVE-2014-9754 Viprinet Improper Input Validation vulnerability in Viprinet Multichannel VPN Router 300 Firmware 2013070830/2013080900

The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows an attacker to perform a Man in the Middle attack.

4.3
2017-01-20 CVE-2014-2045 Viprinet Cross-site Scripting vulnerability in Viprinet Multichannel VPN Router 300 Firmware 2013070830/2013080900

Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool.

4.3
2017-01-20 CVE-2017-5542 Getsymphony Cross-site Scripting vulnerability in Getsymphony Symphony

Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter.

4.3
2017-01-20 CVE-2017-2578 Moodle Cross-site Scripting vulnerability in Moodle

In Moodle 3.x, there is XSS in the assignment submission page.

4.3
2017-01-19 CVE-2016-5725 Jcraft Path Traversal vulnerability in Jcraft Jsch

Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.

4.3
2017-01-19 CVE-2016-9650 Google Data Processing Errors vulnerability in Google Chrome

Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page.

4.3
2017-01-19 CVE-2016-5225 Google Data Processing Errors vulnerability in Google Chrome

Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page.

4.3
2017-01-19 CVE-2016-5224 Google Numeric Errors vulnerability in Google Chrome

A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.

4.3
2017-01-19 CVE-2016-5214 Google Data Processing Errors vulnerability in Google Chrome

Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files, which allowed a remote attacker to prevent the downloaded file from receiving the Mark of the Web via a crafted HTML page.

4.3
2017-01-18 CVE-2016-6283 Atlassian Cross-site Scripting vulnerability in Atlassian Confluence

Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action.

4.3
2017-01-18 CVE-2016-4019 Zimbra
Synacor
Security vulnerability in Synacor Zimbra Collaboration Suite

Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 104477.

4.3
2017-01-18 CVE-2016-3999 Zimbra
Synacor
Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104552 and 104703.

4.3
2017-01-18 CVE-2016-3412 Zimbra
Synacor
Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103997, 104413, 104414, 104777, and 104791.

4.3
2017-01-18 CVE-2016-3411 Zimbra
Synacor
Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite

Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 103609.

4.3
2017-01-18 CVE-2016-3410 Zimbra
Synacor
Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103956, 103995, 104475, 104838, and 104839.

4.3
2017-01-18 CVE-2016-3409 Zimbra
Synacor
Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite

Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 102637.

4.3
2017-01-18 CVE-2016-3408 Zimbra
Synacor
Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite

Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 101813.

4.3
2017-01-18 CVE-2016-3407 Zimbra
Synacor
Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104222, 104910, 105071, and 105175.

4.3
2017-01-18 CVE-2016-6897 Wordpress Cross-Site Request Forgery (CSRF) vulnerability in Wordpress

Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896.

4.3
2017-01-18 CVE-2016-9273 Libtiff Out-of-bounds Read vulnerability in Libtiff 4.0.6

tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode.

4.3
2017-01-18 CVE-2016-7999 Spip Server-Side Request Forgery (SSRF) vulnerability in Spip

ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.

4.3
2017-01-18 CVE-2016-7981 Spip Cross-site Scripting vulnerability in Spip

Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.

4.3
2017-01-18 CVE-2016-7906 Imagemagick Use After Free vulnerability in Imagemagick 7.0.32

magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file.

4.3
2017-01-18 CVE-2016-7799 Imagemagick
Debian
Out-of-bounds Read vulnerability in multiple products

MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.

4.3
2017-01-18 CVE-2016-7149 B2Evolution Cross-site Scripting vulnerability in B2Evolution

Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function.

4.3
2017-01-18 CVE-2016-7101 Imagemagick Out-of-bounds Read vulnerability in Imagemagick

The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file.

4.3
2017-01-18 CVE-2015-8684 Exponentcms Cross-site Scripting vulnerability in Exponentcms Exponent CMS

Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then accessing it via the elFinder functionality.

4.3
2017-01-18 CVE-2015-8667 Exponentcms Cross-site Scripting vulnerability in Exponentcms Exponent CMS

Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email.

4.3
2017-01-17 CVE-2017-5518 Metalgenix Server-Side Request Forgery (SSRF) vulnerability in Metalgenix Genixcms

The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address.

4.3
2017-01-17 CVE-2017-5516 Metalgenix Cross-site Scripting vulnerability in Metalgenix Genixcms

Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters.

4.3
2017-01-20 CVE-2016-8643 Moodle Improper Access Control vulnerability in Moodle

In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services.

4.0
2017-01-18 CVE-2016-3414 Zimbra
Synacor
Security vulnerability in Synacor Zimbra Collaboration Suite

Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 allows remote authenticated users to affect availability via unknown vectors, aka bug 102029.

4.0
2017-01-18 CVE-2016-3401 Zimbra
Synacor
Security vulnerability in Synacor Zimbra Collaboration Suite

Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to affect integrity via unknown vectors, aka bug 99810.

4.0
2017-01-18 CVE-2016-10148 Wordpress Improper Access Control vulnerability in Wordpress

The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-01-18 CVE-2016-7150 B2Evolution Cross-site Scripting vulnerability in B2Evolution

Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name.

3.5
2017-01-17 CVE-2017-5515 Metalgenix Cross-site Scripting vulnerability in Metalgenix Genixcms

Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names.

3.5
2017-01-18 CVE-2016-9844 Unzip Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Unzip Project Unzip 6.0

Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header.

2.1
2017-01-18 CVE-2014-9913 Unzip Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Unzip Project Unzip 6.0

Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method.

2.1
2017-01-16 CVE-2017-5223 Phpmailer Project Information Exposure vulnerability in PHPmailer Project PHPmailer

An issue was discovered in PHPMailer before 5.2.22.

2.1