High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- acrobat_dc | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing a malformed cross-reference table. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 9.3 | CVE-2017-2939 BID CONFIRM |
| ・・・acrobat_dc 他にも多数。中略・・・ | ||||
| adobe -- flash_player | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability in the JPEG XR codec. Successful exploitation could lead to arbitrary code execution. | 2017-01-10 | 10.0 | CVE-2017-2925 BID CONFIRM |
| bluestacks -- bluestacks | A local privilege escalation vulnerability exists in BlueStacks App Player. The BlueStacks App Player installer creates a registry key with weak permissions that allows users to execute arbitrary programs with SYSTEM privileges. | 2017-01-06 | 7.2 | CVE-2016-4288 Miscellaneous MISC |
| call-cc -- chicken | The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released). | 2017-01-10 | 7.5 | CVE-2016-6830 MLIST BID |
| codeigniter -- codeigniter | system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments. | 2017-01-12 | 7.5 | CVE-2016-10131 MISC MISC MISC |
| eclinicalworks -- population_health | eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input. | 2017-01-10 | 7.5 | CVE-2015-4592 MISC BUGTRAQ EXPLOIT-DB |
| eclinicalworks -- population_health | eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID. | 2017-01-10 | 7.5 | CVE-2015-4594 MISC BUGTRAQ EXPLOIT-DB |
| exponentcms -- exponent_cms | Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload 'php' file to the website through uploader_paste.php, then overwrite /framework/conf/config.php, which leads to arbitrary code execution. | 2017-01-12 | 7.5 | CVE-2016-7790 MLIST BID |
| exponentcms -- exponent_cms | Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload an evil 'exploit.tar.gz' file to the website, then extract it by visiting '/install/index.php?install_sa | 2017-01-12 | 7.5 | CVE-2016-7791 MLIST BID |
| google -- android | An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31350755. References: MT-ALPS02961424. | 2017-01-12 | 9.3 | CVE-2016-6784 CONFIRM |
| lexmark -- perceptive_document_filters | An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted Bzip2 document can lead to a stack-based buffer overflow causing an out-of-bounds write which under the right circumstance could potentially be leveraged by an attacker to gain arbitrary code execution. | 2017-01-06 | 7.5 | CVE-2016-4336 MISC |
| libtiff -- libtiff | LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value. | 2017-01-12 | 7.5 | CVE-2017-5225 CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30740545. References: QC-CR#1065916. | 2017-01-12 | 7.6 | CVE-2016-6755 CONFIRM |
| memcached -- memcached | An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution. | 2017-01-06 | 7.5 | CVE-2016-8704 BID MISC |
| memcached -- memcached | Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution. | 2017-01-06 | 7.5 | CVE-2016-8705 BID MISC |
| microsoft -- windows_vista | The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to cause a denial of service (reboot) via a crafted authentication request, aka "Local Security Authority Subsystem Service Denial of Service Vulnerability." | 2017-01-10 | 7.8 | CVE-2017-0004 MS BID |
| microsoft -- word | Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | 2017-01-10 | 9.3 | CVE-2017-0003 MS BID |
| php -- php | In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution. | 2017-01-11 | 7.5 | CVE-2016-7479 MISC MISC BID MISC MISC |
| php -- php | The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. | 2017-01-11 | 7.5 | CVE-2016-7480 MISC MISC MISC BID MISC MISC MISC |
| php -- php | Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. | 2017-01-11 | 7.5 | CVE-2017-5340 BID CONFIRM CONFIRM |
| pidgin -- pidgin | Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure. | 2017-01-06 | 7.5 | CVE-2016-2368 DEBIAN CONFIRM BID MISC UBUNTU |
| pivotal_software -- gemfire_for_pivotal_cloud_foun | An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because HTTPS communications are terminated at the gorouter, communications from the gorouter to GemFire clusters are unencrypted. An attacker could run any command available on gfsh and could cause denial of service, lost confidentiality of data, escalate privileges, or eavesdrop on other communications between the gorouter and the cluster. | 2017-01-06 | 7.5 | CVE-2016-9885 BID CONFIRM |
| python_software_foundation -- hpack | A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK dynamic header table into the dynamic header table. The attacker can then send a header block that is simply repeated requests to expand that field in the dynamic table. This can lead to a gigantic compression ratio of 4,096 or better, meaning that 16kB of data can decompress to 64MB of data on the target machine. | 2017-01-10 | 7.8 | CVE-2016-6581 BID CONFIRM |
| ruby-lang -- ruby | Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution. | 2017-01-06 | 7.5 | CVE-2016-2336 MISC |
| ruby-lang -- ruby | Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution. | 2017-01-06 | 7.5 | CVE-2016-2337 MISC |
| ruby-lang -- ruby | An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow. | 2017-01-06 | 7.5 | CVE-2016-2339 MISC |
| samsung -- samsung_mobile | Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app that it has embedded within it. The active install session of the embedded app is performed using the android.content.pm.PackageInst | 2017-01-09 | 7.1 | CVE-2017-5217 CONFIRM BID |
| samsung -- samsung_mobile | Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. The Samsung ID is SVE-2016-7650. | 2017-01-12 | 7.8 | CVE-2017-5351 CONFIRM |
| splunk -- splunk | Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via unspecified vectors, aka SPL-128840. | 2017-01-10 | 10.0 | CVE-2016-10126 CONFIRM |
| trane -- comfortlink_ii_firmware | A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system. | 2017-01-06 | 10.0 | CVE-2015-2867 BID MISC |
| trane -- comfortlink_ii_firmware | An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution. | 2017-01-06 | 10.0 | CVE-2015-2868 BID MISC |
No comments:
Post a Comment