Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| emc -- scaleio | An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate privileges to root on ScaleIO Data Client (SDC) servers. | 2017-01-06 | 4.6 | CVE-2016-9867 CONFIRM BID |
| f5 -- big-ip_access_policy_manager | Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of packets may cause the Traffic Management Microkernel (TMM) to restart. | 2017-01-10 | 4.3 | CVE-2016-9247 CONFIRM |
| foxitsoftware -- reader | A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR. | 2017-01-06 | 4.3 | CVE-2016-8334 BID MISC |
| freeimage_project -- freeimage | An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this vulnerability. | 2017-01-06 | 6.8 | CVE-2016-5684 BID MISC |
| google -- android | An elevation of privilege vulnerability in Telephony could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android. Versions: 6.0, 6.0.1, 7.0. Android ID: A-31566390. | 2017-01-12 | 6.8 | CVE-2016-6771 CONFIRM |
| hancom -- hancom_office_2014 | When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a block of data within the file. When calculating this length, the application will use a value from the file and add a constant to it without checking whether the addition of the constant will cause the integer to overflow which will cause the buffer to be undersized when the application tries to copy file data into it. This allows one to overwrite contiguous data in the heap which can lead to code-execution under the context of the application. | 2017-01-06 | 6.8 | CVE-2016-4290 BID MISC |
| ibm -- websphere_application_server | An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. The unexpected presence of path parameters can cause a constraint to be bypassed. Users of Apache Tomcat (all current versions) are not affected by this vulnerability since Tomcat follows the guidance previously provided by the Servlet Expert group and strips path parameters from the value returned by getContextPath(), getServletPath(), and getPathInfo(). Users of other Servlet containers based on Apache Tomcat may or may not be affected depending on whether or not the handling of path parameters has been modified. Users of IBM WebSphere Application Server 8.5.x are known to be affected. Users of other containers that implement the Servlet specification may be affected. | 2017-01-06 | 5.0 | CVE-2016-9879 BID CONFIRM |
| intel -- ethernet_controler_xl710_firmw | A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions. | 2017-01-09 | 4.3 | CVE-2016-8106 BID CONFIRM |
| isc -- bind | named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. | 2017-01-12 | 5.0 | CVE-2016-9131 BID CONFIRM |
| isc -- bind | named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets. | 2017-01-12 | 5.0 | CVE-2016-9147 CONFIRM |
| isc -- bind | named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer. | 2017-01-12 | 5.0 | CVE-2016-9444 CONFIRM |
| lexmark -- perceptive_document_filters | An exploitable buffer overflow exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a stack based buffer overflow resulting in remote code execution. | 2017-01-06 | 6.8 | CVE-2016-4335 BID MISC |
| lexmark -- perceptive_document_filters | An exploitable heap overflow vulnerability exists in the Compound Binary File Format (CBFF) parser functionality of Lexmark Perceptive Document Filters library. A specially crafted CBFF file can cause a code execution. An attacker can send a malformed file to trigger this vulnerability. | 2017-01-06 | 6.8 | CVE-2016-5646 MISC |
| libimobiledevice -- libplist | The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data. | 2017-01-11 | 6.4 | CVE-2017-5209 BID CONFIRM |
| libtiff -- libtiff | An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means. | 2017-01-06 | 6.8 | CVE-2016-5652 BID MISC |
| linux -- linux_kernel | An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31651010. | 2017-01-12 | 4.3 | CVE-2016-8405 CONFIRM |
| linuxcontainers -- lxc | An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container. | 2017-01-09 | 5.0 | CVE-2016-10124 CONFIRM |
| mantisbt -- mantisbt | Cross-site scripting (XSS) vulnerability in MantisBT Filter API in MantisBT versions before 1.2.19, and versions 2.0.0-beta1, 1.3.0-beta1 allows remote attackers to inject arbitrary web script or HTML via the 'view_type' parameter. | 2017-01-10 | 4.3 | CVE-2016-6837 BID SECTRACK CONFIRM CONFIRM |
| matroska -- libebml | A specially crafted unicode string in libebml master branch can cause an off-by-few read on the heap in unicode string parsing code in libebml. This issue can potentially be used for information leaks. | 2017-01-06 | 5.0 | CVE-2016-1514 BID MISC |
| matroska -- libebml | A use-after-free / double-free vulnerability can occur in libebml master branch while parsing Track elements of the MKV container. | 2017-01-06 | 5.0 | CVE-2016-1515 BID MISC |
| memcached -- memcached | An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution. | 2017-01-06 | 6.8 | CVE-2016-8706 BID MISC |
| metalgenix -- genixcms | SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax | 2017-01-12 | 6.5 | CVE-2017-5345 MISC MISC |
| microsoft -- edge | Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka "Microsoft Edge Elevation of Privilege Vulnerability." | 2017-01-10 | 6.8 | CVE-2017-0002 MS BID |
| netapp -- clustered_data_ontap | Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default privileged account which under certain conditions can be used for unauthorized information disclosure. | 2017-01-11 | 4.3 | CVE-2015-8020 BID CONFIRM |
| netapp -- metrocluster_tiebreaker | MetroCluster Tiebreaker for clustered Data ONTAP in versions before 1.2 discloses sensitive information in cleartext which may be viewed by an unauthenticated user. | 2017-01-11 | 5.0 | CVE-2016-6820 BID CONFIRM |
| netop -- remote_control | Stack-based buffer overflow vulnerability in Netop Remote Control versions 11.53, 12.21 and prior. The affected module in the Guest client is the "Import to Phonebook" option. When a specially designed malicious file containing special characters is loaded, the overflow occurs. 12.51 is the fixed version. The Support case ref is 00109744. | 2017-01-09 | 4.3 | CVE-2017-5216 CONFIRM BID |
| ntp -- ntp | An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f45900486 | 2017-01-06 | 5.0 | CVE-2016-1547 CONFIRM CONFIRM BID MISC |
| php -- php | Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. | 2017-01-11 | 5.0 | CVE-2016-7478 MISC MISC BID MISC MISC |
| pidgin -- pidgin | A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash. | 2017-01-06 | 4.3 | CVE-2016-2365 DEBIAN CONFIRM BID MISC UBUNTU |
| python_software_foundation -- python_priority_library | A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority information for each stream, and would therefore allocate unbounded amounts of memory. Attempting to actually use a tree like this would also cause extremely high CPU usage to maintain the tree. | 2017-01-10 | 5.0 | CVE-2016-6580 BID CONFIRM |
| samsung -- samsung_mobile | Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allow attackers to crash systemUI by leveraging incomplete exception handling. The Samsung ID is SVE-2016-7122. | 2017-01-12 | 5.0 | CVE-2017-5350 CONFIRM |
Severity Not Yet Assigned
|
No comments:
Post a Comment