Original release date: January 23, 2017
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary
Vendor -- Product
Description
Published
CVSS Score
Source & Patch Info
apache -- storm
The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors.
2017-01-13
10.0
CVE-2015-3188
MISC
BUGTRAQ
SECTRACK
artifex -- mujs
An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS before fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045. The attack requires a regular expression with nested repetition. A successful exploitation of this issue can lead to code execution or a denial of service (buffer overflow) condition.
2017-01-13
7.5
CVE-2016-10141
CONFIRM
CONFIRM
brocade -- network_advisor
A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.
2017-01-14
10.0
CVE-2016-8204
CONFIRM
brocade -- network_advisor
A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.
2017-01-14
10.0
CVE-2016-8205
CONFIRM
citrix -- provisioning_services
Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.
2017-01-18
7.5
CVE-2016-9676
BID
SECTRACK
CONFIRM
citrix -- provisioning_services
Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.
2017-01-18
7.5
CVE-2016-9678
BID
SECTRACK
CONFIRM
citrix -- provisioning_services
Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer.
2017-01-18
7.5
CVE-2016-9679
BID
SECTRACK
CONFIRM
fedoraproject -- fedora
Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.
2017-01-13
7.5
CVE-2016-2090
MLIST
MISC
CONFIRM
CONFIRM
FEDORA
FEDORA
fedoraproject -- fedora
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.
2017-01-19
7.2
CVE-2016-7543
MLIST
BID
FEDORA
FEDORA
FEDORA
MLIST
GENTOO
firejail -- firejail
Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
2017-01-19
7.2
CVE-2016-9016
MLIST
MLIST
BID
google -- android
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31676542. References: B-RB#26684.
2017-01-18
9.3
CVE-2014-9909
BID
CONFIRM
google -- android
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31746399. References: B-RB#26710.
2017-01-18
7.6
CVE-2014-9910
BID
CONFIRM
graphicsmagick -- graphicsmagick
Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.
2017-01-18
7.5
CVE-2016-7996
MLIST
MLIST
BID
intelliants -- subrion_cms
includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request.
2017-01-20
7.5
CVE-2017-5543
CONFIRM
metalgenix -- genixcms
SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter.
2017-01-17
7.5
CVE-2017-5517
BID
CONFIRM
metalgenix -- genixcms
SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.
2017-01-17
7.5
CVE-2017-5519
BID
CONFIRM
netbsd -- netbsd
CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program.
2017-01-19
7.5
CVE-2015-8212
NETBSD
SECTRACK
netbsd -- netbsd
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.
2017-01-20
7.2
CVE-2016-6253
MISC
NETBSD
MISC
MISC
BID
SECTRACK
EXPLOIT-DB
EXPLOIT-DB
ntp -- ntp
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
2017-01-13
7.1
CVE-2016-9311
CONFIRM
CONFIRM
CONFIRM
BID
CERT-VN
samsung -- samsung_mobile
The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object.
2017-01-18
9.3
CVE-2016-6526
CONFIRM
MLIST
BID
samsung -- samsung_mobile
The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object.
2017-01-18
9.3
CVE-2016-6527
CONFIRM
MLIST
BID
selinux_project -- selinux
SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
2017-01-19
7.2
CVE-2016-7545
REDHAT
MLIST
BID
CONFIRM
FEDORA
MLIST
sociomantic -- git-hub
sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository name.
2017-01-19
7.5
CVE-2016-7794
MLIST
BID
CONFIRM
Back to top
Medium Vulnerabilities
Primary
Vendor -- Product
Description
Published
CVSS Score
Source & Patch Info
apache -- groovy
main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.
2017-01-18
5.0
CVE-2016-6497
CONFIRM
MLIST
MISC
artifex -- mujs
The chartorune function in Artifex Software MuJS allows attackers to cause a denial of service (out-of-bounds read) via a * (asterisk) at the end of the input.
2017-01-18
5.0
CVE-2016-7563
MLIST
MLIST
CONFIRM
artifex -- mujs
Heap-based buffer overflow in the Fp_toString function in jsfunction.c in Artifex Software MuJS allows attackers to cause a denial of service (crash) via crafted input.
2017-01-18
5.0
CVE-2016-7564
MLIST
MLIST
CONFIRM
artifex -- mujs
Artifex Software MuJS allows attackers to cause a denial of service (crash) via vectors related to incomplete escape sequences. NOTE: this vulnerability exists due to an incomplete fix for CVE-2016-7563.
2017-01-18
5.0
CVE-2016-9109
MLIST
MLIST
MLIST
BID
CONFIRM
atlassian -- confluence
Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action.
2017-01-18
4.3
CVE-2016-6283
MISC
FULLDISC
FULLDISC
BID
EXPLOIT-DB
b2evolution -- b2evolution
Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function.
2017-01-18
4.3
CVE-2016-7149
MLIST
MLIST
BID
CONFIRM
b2evolution -- b2evolution
Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter.
2017-01-15
5.5
CVE-2017-5480
BID
CONFIRM
CONFIRM
blackberry -- enterprise_service
A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a device that was legitimately enrolled on the BES.
2017-01-13
6.4
CVE-2016-3128
CONFIRM
BID
SECTRACK
blackberry -- enterprise_service
An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt.
2017-01-13
4.3
CVE-2016-3130
CONFIRM
SECTRACK
blackberry -- vapp
A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link.
2017-01-13
4.3
CVE-2017-3890
CONFIRM
BID
brocade -- network_advisor
A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files.
2017-01-14
6.4
CVE-2016-8206
CONFIRM
brocade -- network_advisor
A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files including files with sensitive user information.
2017-01-14
5.0
CVE-2016-8207
CONFIRM
brocade -- virtual_traffic_manager
A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster.
2017-01-14
6.0
CVE-2016-8201
CONFIRM
bzrtp_project -- bzrtp
The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception.
2017-01-18
5.0
CVE-2016-6271
CONFIRM
ca -- service_desk_management
RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request.
2017-01-18
5.5
CVE-2016-10086
BID
SECTRACK
CONFIRM
citrix -- provisioning_services
Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors.
2017-01-18
5.0
CVE-2016-9677
BID
SECTRACK
CONFIRM
citrix -- provisioning_services
Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive information from kernel memory via unspecified vectors.
2017-01-18
5.0
CVE-2016-9680
BID
SECTRACK
CONFIRM
cloud_foundry -- capi-release
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a log aggregator via syslog.
2017-01-13
5.0
CVE-2016-9882
BID
CONFIRM
cmsmadesimple -- cms_made_simple
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request.
2017-01-16
6.0
CVE-2016-7904
MISC
MISC
BID
exponentcms -- exponent_cms
Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email.
2017-01-18
4.3
CVE-2015-8667
CONFIRM
MISC
exponentcms -- exponent_cms
Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then accessing it via the elFinder functionality.
2017-01-18
4.3
CVE-2015-8684
CONFIRM
MISC
foxitsoftware -- foxit_pdf_toolkit
Memory Corruption Vulnerability in Foxit PDF Toolkit v1.3 allows an attacker to cause Denial of Service and Remote Code Execution when the victim opens the specially crafted PDF file. The Vulnerability has been fixed in v2.0.
2017-01-13
6.8
CVE-2017-5364
CONFIRM
google -- android
An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service (device interoperability: completely permanent or requiring re-flashing the entire operating system). Product: Android. Versions: N/A. Android ID: A-30308784.
2017-01-13
4.9
CVE-2016-8467
BID
MISC
CONFIRM
google -- android
An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android IDs: A-32438594, A-32635664.
2017-01-13
4.3
CVE-2017-0398
BID
CONFIRM
google -- chrome
The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page.
2017-01-19
6.8
CVE-2016-5196
BID
CONFIRM
CONFIRM
google -- chrome
The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbitrary activity on the system via a crafted HTML page.
2017-01-19
6.8
CVE-2016-5197
BID
CONFIRM
CONFIRM
google -- chrome
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.
2017-01-19
6.8
CVE-2016-5198
BID
CONFIRM
CONFIRM
google -- chrome
An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
2017-01-19
6.8
CVE-2016-5199
BID
CONFIRM
CONFIRM
google -- chrome
V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android incorrectly applied type rules, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
2017-01-19
6.8
CVE-2016-5200
BID
CONFIRM
CONFIRM
google -- chrome
A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page.
2017-01-19
4.3
CVE-2016-5201
BID
CONFIRM
CONFIRM
google -- chrome
A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
2017-01-19
6.8
CVE-2016-5203
BID
CONFIRM
CONFIRM
google -- chrome
Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
2017-01-19
4.3
CVE-2016-5204
BID
CONFIRM
CONFIRM
google -- chrome
Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac, incorrectly handles deferred page loads, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
2017-01-19
4.3
CVE-2016-5205
BID
CONFIRM
CONFIRM
google -- chrome
The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.
2017-01-19
6.8
CVE-2016-5206
BID
CONFIRM
CONFIRM
google -- chrome
In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page.
2017-01-19
4.3
CVE-2016-5207
BID
CONFIRM
CONFIRM
google -- chrome
Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
2017-01-19
4.3
CVE-2016-5208
BID
CONFIRM
CONFIRM
google -- chrome
Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
2017-01-19
6.8
CVE-2016-5209
BID
CONFIRM
CONFIRM
google -- chrome
Heap buffer overflow during TIFF image parsing in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
2017-01-19
6.8
CVE-2016-5210
BID
CONFIRM
CONFIRM
google -- chrome
A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
2017-01-19
6.8
CVE-2016-5211
BID
CONFIRM
CONFIRM
google -- chrome
Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android insufficiently sanitized DevTools URLs, which allowed a remote attacker to read local files via a crafted HTML page.
2017-01-19
4.3
CVE-2016-5212
BID
CONFIRM
CONFIRM
google -- chrome
A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac,