CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2016

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-9644 264 2016-11-27 2017-01-06
9.3
None Remote Medium Not required Complete Complete Complete
The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this vulnerability exists because of incorrect backporting of the CVE-2016-9178 patch to older kernels.
2 CVE-2016-9567 200 +Info 2016-11-23 2016-11-29
4.3
None Remote Medium Not required Partial None None
The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exploited via a crafted application to eavesdrop after phone shutdown or record a conversation. The Samsung ID is SVE-2016-6343.
3 CVE-2016-9564 20 Overflow 2016-11-30 2016-12-02
5.0
None Remote Low Not required None None Partial
Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters.
4 CVE-2016-9563 284 2016-11-22 2016-11-29
6.0
None Remote Medium Single system Partial Partial Partial
BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909.
5 CVE-2016-9562 476 DoS 2016-11-22 2017-01-12
5.0
None Remote Low Not required None None Partial
SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835.
6 CVE-2016-9555 125 DoS 2016-11-27 2017-01-06
10.0
None Remote Low Not required Complete Complete Complete
The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data.
7 CVE-2016-9540 787 Overflow 2016-11-22 2016-12-09
7.5
None Remote Low Not required Partial Partial Partial
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."
8 CVE-2016-9539 125 2016-11-22 2016-12-09
7.5
None Remote Low Not required Partial Partial Partial
tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092.
9 CVE-2016-9538 190 Overflow 2016-11-22 2016-12-09
7.5
None Remote Low Not required Partial Partial Partial
tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100.
10 CVE-2016-9537 787 2016-11-22 2016-12-09
7.5
None Remote Low Not required Partial Partial Partial
tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097.
11 CVE-2016-9536 787 Overflow 2016-11-22 2016-12-09
7.5
None Remote Low Not required Partial Partial Partial
tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow."
12 CVE-2016-9535 119 Overflow 2016-11-22 2016-12-09
7.5
None Remote Low Not required Partial Partial Partial
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."
13 CVE-2016-9534 119 Overflow 2016-11-22 2016-12-09
7.5
None Remote Low Not required Partial Partial Partial
tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."
14 CVE-2016-9533 787 Overflow 2016-11-22 2016-12-09
7.5
None Remote Low Not required Partial Partial Partial
tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow."
15 CVE-2016-9481 89 Sql 2016-11-29 2016-12-02
7.5
None Remote Low Not required Partial Partial Partial
In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' used directly in SQL. Impact is a SQL injection.
16 CVE-2016-9480 119 DoS Overflow +Info 2016-11-29 2016-12-22
6.4
None Remote Low Not required Partial None Partial
libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component, aka DW201611-006.
17 CVE-2016-9452 20 DoS 2016-11-25 2016-11-29
4.3
None Remote Medium Not required None None Partial
The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL.
18 CVE-2016-9451 601 2016-11-25 2017-01-06
4.9
None Remote Medium Single system Partial Partial None
Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.
19 CVE-2016-9450 345 2016-11-25 2016-11-29
5.0
None Remote Low Not required None Partial None
The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.
20 CVE-2016-9449 200 +Info 2016-11-25 2017-01-06
4.0
None Remote Low Single system Partial None None
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.
21 CVE-2016-9376 399 2016-11-17 2017-01-10
4.3
None Remote Medium Not required None None Partial
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large.
22 CVE-2016-9375 20 2016-11-17 2017-01-10
4.3
None Remote Medium Not required None None Partial
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful.
23 CVE-2016-9374 119 Overflow 2016-11-17 2017-01-10
4.3
None Remote Medium Not required None None Partial
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable.
24 CVE-2016-9373 416 2016-11-17 2017-01-10
4.3
None Remote Medium Not required None None Partial
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings.
25 CVE-2016-9372 20 2016-11-17 2016-11-29
4.3
None Remote Medium Not required None None Partial
In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects.
26 CVE-2016-9318 611 2016-11-15 2016-11-29
6.8
None Remote Medium Not required Partial Partial Partial
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.
27 CVE-2016-9313 476 DoS 2016-11-27 2016-11-29
9.3
None Remote Medium Not required Complete Complete Complete
security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type.
28 CVE-2016-9296 476 DoS 2016-11-11 2016-11-29
5.0
None Remote Low Not required None None Partial
A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z applications, will cause a crash and a denial of service when decoding malformed 7z files.
29 CVE-2016-9294 476 DoS 2016-11-11 2016-11-29
5.0
None Remote Low Not required None None Partial
Artifex Software, Inc. MuJS before 5008105780c0b0182ea6eda83ad5598f225be3ee allows context-dependent attackers to conduct "denial of service (application crash)" attacks by using the "malformed labeled break/continue in JavaScript" approach, related to a "NULL pointer dereference" issue affecting the jscompile.c component.
30 CVE-2016-9288 89 Sql 2016-11-11 2016-11-29
7.5
None Remote Low Not required Partial Partial Partial
In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. The payload can be used like this: /navigation/DragnDropReRank/target/1.
31 CVE-2016-9287 89 Sql 2016-11-15 2016-11-29
7.5
None Remote Low Not required Partial Partial Partial
In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL injection.
32 CVE-2016-9286 200 +Info 2016-11-11 2016-11-29
5.0
None Remote Low Not required Partial None None
framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI.
33 CVE-2016-9285 200 +Info 2016-11-11 2016-11-29
5.0
None Remote Low Not required Partial None None
framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue.
34 CVE-2016-9284 200 +Info 2016-11-11 2016-11-29
5.0
None Remote Low Not required Partial None None
getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string.
35 CVE-2016-9283 89 Sql 2016-11-11 2016-11-29
5.0
None Remote Low Not required Partial None None
SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue.
36 CVE-2016-9282 89 Sql 2016-11-11 2016-11-29
5.0
None Remote Low Not required Partial None None
SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter.
37 CVE-2016-9277 190 DoS Overflow 2016-11-11 2016-11-29
7.8
None Remote Low Not required None None Complete
Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note devices allows attackers to cause a denial of service (UI restart) via vectors involving APIs and an activity that computes an out-of-bounds array index, aka SVE-2016-6906.
38 CVE-2016-9274 426 +Priv 2016-11-11 2016-12-05
4.4
None Local Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory. NOTE: 2.x is unaffected.
39 CVE-2016-9272 89 DoS Sql 2016-11-11 2016-11-29
6.4
None Remote Low Not required Partial None Partial
A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service.
40 CVE-2016-9268 434 Exec Code 2016-11-10 2016-11-29
9.0
None Remote Low Single system Complete Complete Complete
Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it via unspecified vectors.
41 CVE-2016-9242 89 Exec Code Sql 2016-11-07 2016-11-29
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter.
42 CVE-2016-9191 20 DoS 2016-11-27 2017-01-30
4.9
None Local Low Not required None None Complete
The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity.
43 CVE-2016-9190 284 Exec Code 2016-11-04 2017-01-10
6.8
None Remote Medium Not required Partial Partial Partial
Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.
44 CVE-2016-9189 190 Overflow +Info 2016-11-04 2017-01-10
4.3
None Remote Medium Not required Partial None None
Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component.
45 CVE-2016-9188 79 XSS 2016-11-04 2016-11-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and s_additionalhtmlfooter parameters.
46 CVE-2016-9187 434 Exec Code 2016-11-04 2016-11-29
6.5
None Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.
47 CVE-2016-9186 434 Exec Code 2016-11-04 2016-11-29
6.5
None Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.
48 CVE-2016-9185 200 +Info 2016-11-04 2016-11-29
4.0
None Remote Low Single system Partial None None
In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0.
49 CVE-2016-9184 89 Sql 2016-11-04 2016-11-29
5.0
None Remote Low Not required Partial None None
In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection. Impact is Information Disclosure.
50 CVE-2016-9183 200 Sql Bypass +Info 2016-11-04 2016-11-29
5.0
None Remote Low Not required Partial None None
In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. The method selectObjectsBySql of class mysqli_database uses the injectProof method to prevent SQL injection, but this filter can be bypassed easily: it only sanitizes user input if there are odd numbers of ' or " characters. Impact is Information Disclosure.
Total number of vulnerabilities : 386   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.