CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-8362 284 2017-01-23 2017-01-25
10.0
None Remote Low Not required Complete Complete Complete
Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm system and modify other security settings via the Web-enabled interface.
2 CVE-2015-2867 798 2017-01-06 2017-01-10
10.0
None Remote Low Not required Complete Complete Complete
A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system.
3 CVE-2015-2868 119 Exec Code Overflow 2017-01-06 2017-01-10
10.0
None Remote Low Not required Complete Complete Complete
An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution.
4 CVE-2015-3188 264 Exec Code 2017-01-13 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors.
5 CVE-2016-2242 94 Exec Code 2017-01-23 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php.
6 CVE-2016-2783 19 2017-01-23 2017-01-26
10.0
None Remote Low Not required Complete Complete Complete
Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I-SIS indexes, which allows remote attackers to obtain unauthorized access via crafted Ethernet frames.
7 CVE-2016-3149 Exec Code 2017-01-12 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Barco ClickShare CSC-1 devices with firmware before 01.09.03 and CSM-1 devices with firmware before 01.06.02 allow remote attackers to execute arbitrary code via unspecified vectors.
8 CVE-2016-6604 476 2017-01-30 2017-02-07
10.0
None Remote Low Not required Complete Complete Complete
NULL pointer dereference in Samsung Exynos fimg2d driver for Android L(5.0/5.1) and M(6.0) allows attackers to have unspecified impact via unknown vectors.
9 CVE-2016-6890 119 Exec Code Overflow XSS 2017-01-05 2017-01-06
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in MatrixSSL before 3.8.6 allows remote attackers to execute arbitrary code via a crafted Subject Alt Name in an X.509 certificate.
10 CVE-2016-7399 77 Exec Code 2017-01-04 2017-07-26
10.0
None Remote Low Not required Complete Complete Complete
scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense.
11 CVE-2016-8204 22 Dir. Trav. 2017-01-14 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.
12 CVE-2016-8205 22 Dir. Trav. 2017-01-14 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.
13 CVE-2016-8398 254 2017-01-12 2017-01-17
10.0
None Remote Low Not required Complete Complete Complete
Unauthenticated messages processed by the UE. Certain NAS messages are processed when no EPS security context exists in the UE. Product: Android. Versions: Kernel 3.18. Android ID: A-31548486. References: QC-CR#877705.
14 CVE-2016-8411 119 Overflow 2017-01-27 2017-02-07
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow vulnerability while processing QMI QOS TLVs. Product: Android. Versions: versions that have qmi_qos_srvc.c. Android ID: 31805216. References: QC CR#912775.
15 CVE-2016-8437 20 2017-01-12 2017-01-17
10.0
None Remote Low Not required Complete Complete Complete
Improper input validation in Access Control APIs. Access control API may return memory range checking incorrectly. Product: Android. Versions: Kernel 3.18. Android ID: A-31623057. References: QC-CR#1009695.
16 CVE-2016-8438 190 Overflow Bypass 2017-01-12 2017-01-17
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow leading to a TOCTOU condition in hypervisor PIL. An integer overflow exposes a race condition that may be used to bypass (Peripheral Image Loader) PIL authentication. Product: Android. Versions: Kernel 3.18. Android ID: A-31624565. References: QC-CR#1023638.
17 CVE-2016-8439 119 Overflow 2017-01-12 2017-01-17
10.0
None Remote Low Not required Complete Complete Complete
Possible buffer overflow in trust zone access control API. Buffer overflow may occur due to lack of buffer size checking. Product: Android. Versions: Kernel 3.18. Android ID: A-31625204. References: QC-CR#1027804.
18 CVE-2016-8440 119 Overflow 2017-01-12 2017-01-23
10.0
None Remote Low Not required Complete Complete Complete
Possible buffer overflow in SMMU system call. Improper input validation in ADSP SID2CB system call may result in hypervisor memory overwrite. Product: Android. Versions: Kernel 3.18. Android ID: A-31625306. References: QC-CR#1036747.
19 CVE-2016-8459 119 Overflow 2017-01-12 2017-01-17
10.0
None Remote Low Not required Complete Complete Complete
Possible buffer overflow in storage subsystem. Bad parameters as part of listener responses to RPMB commands could lead to buffer overflow. Product: Android. Versions: Kernel 3.18. Android ID: A-32577972. References: QC-CR#988462.
20 CVE-2016-10043 78 Exec Code 2017-01-31 2017-03-13
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM_MACRO_NAME POST parameter in /swms/ms.cgi was discovered to be vulnerable to OS command injection attacks. It is possible to use the pipe character (|) to inject arbitrary OS commands and retrieve the output in the application's responses. Attackers could execute unauthorized commands, which could then be used to disable the software, or read, write, and modify data for which the attacker does not have permissions to access directly. Since the targeted application is directly executing the commands instead of the attacker, any malicious activities may appear to come from the application or the application's owner (apache user).
21 CVE-2016-10107 77 2017-01-03 2017-01-04
10.0
Admin Remote Low Not required Complete Complete Complete
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header.
22 CVE-2016-10108 77 2017-01-03 2017-01-09
10.0
Admin Remote Low Not required Complete Complete Complete
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.
23 CVE-2016-10115 798 2017-01-04 2017-01-11
10.0
None Remote Low Not required Complete Complete Complete
NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default password of 12345678, which makes it easier for remote attackers to obtain access after a factory reset or in a factory configuration.
24 CVE-2016-10126 264 +Info 2017-01-10 2017-01-17
10.0
None Remote Low Not required Complete Complete Complete
Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via unspecified vectors, aka SPL-128840.
25 CVE-2016-10174 119 Exec Code Overflow 2017-01-29 2017-09-02
10.0
None Remote Low Not required Complete Complete Complete
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.
26 CVE-2016-10177 798 2017-01-29 2017-02-07
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234.
27 CVE-2016-10178 254 2017-01-29 2017-02-07
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command.
28 CVE-2016-10182 77 2017-01-29 2017-02-07
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on the D-Link DWR-932B router. qmiweb allows command injection with ` characters.
29 CVE-2017-2925 119 Exec Code Overflow Mem. Corr. 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability in the JPEG XR codec. Successful exploitation could lead to arbitrary code execution.
30 CVE-2017-2926 119 Exec Code Overflow Mem. Corr. 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to processing of atoms in MP4 files. Successful exploitation could lead to arbitrary code execution.
31 CVE-2017-2927 119 Exec Code Overflow 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.
32 CVE-2017-2928 119 Exec Code Overflow Mem. Corr. 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to setting visual mode effects. Successful exploitation could lead to arbitrary code execution.
33 CVE-2017-2930 119 Exec Code Overflow Mem. Corr. 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution.
34 CVE-2017-2931 119 Exec Code Overflow Mem. Corr. 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to the parsing of SWF metadata. Successful exploitation could lead to arbitrary code execution.
35 CVE-2017-2932 416 Exec Code 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution.
36 CVE-2017-2933 119 Exec Code Overflow 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability related to texture compression. Successful exploitation could lead to arbitrary code execution.
37 CVE-2017-2934 119 Exec Code Overflow 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when parsing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.
38 CVE-2017-2935 119 Exec Code Overflow 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing the Flash Video container file format. Successful exploitation could lead to arbitrary code execution.
39 CVE-2017-2936 416 Exec Code 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class. Successful exploitation could lead to arbitrary code execution.
40 CVE-2017-2937 416 Exec Code 2017-01-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class, when using class inheritance. Successful exploitation could lead to arbitrary code execution.
41 CVE-2014-9909 264 Exec Code 2017-01-18 2017-01-19
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31676542. References: B-RB#26684.
42 CVE-2016-6492 264 +Priv 2017-01-12 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
The MT6573FDVT_SetRegHW function in camera_fdvt.c in the MediaTek driver for Linux allows local users to gain privileges via a crafted application that makes an MT6573FDVTIOC_T_SET_FDCONF_CMD IOCTL call.
43 CVE-2016-6526 264 DoS +Priv 2017-01-18 2017-01-27
9.3
None Remote Medium Not required Complete Complete Complete
The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object.
44 CVE-2016-6527 264 DoS +Priv 2017-01-18 2017-01-27
9.3
None Remote Medium Not required Complete Complete Complete
The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object.
45 CVE-2016-6758 284 Exec Code +Priv 2017-01-12 2017-01-19
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148882. References: QC-CR#1071731.
46 CVE-2016-6759 284 Exec Code +Priv 2017-01-12 2017-01-19
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29982686. References: QC-CR#1055766.
47 CVE-2016-6760 284 Exec Code +Priv 2017-01-12 2017-01-19
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29617572. References: QC-CR#1055783.
48 CVE-2016-6761 284 Exec Code +Priv 2017-01-12 2017-01-19
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29421682. References: QC-CR#1055792.
49 CVE-2016-6772 264 Exec Code 2017-01-12 2017-01-19
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31856351.
50 CVE-2016-6775 284 Exec Code 2017-01-12 2017-10-18
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31222873. References: N-CVE-2016-6775.
Total number of vulnerabilities : 1085   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.