CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
551 CVE-2016-8695 476 DoS 2017-01-31 2017-02-05
4.3
None Remote Medium Not required None None Partial
The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8694 and CVE-2016-8696.
552 CVE-2016-8694 476 DoS 2017-01-31 2017-02-05
4.3
None Remote Medium Not required None None Partial
The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8695 and CVE-2016-8696.
553 CVE-2016-8686 119 Overflow 2017-01-31 2017-02-05
6.8
None Remote Medium Not required Partial Partial Partial
The bm_new function in bitmap.h in potrace 1.13 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
554 CVE-2016-8685 119 DoS Overflow 2017-01-31 2017-02-05
4.3
None Remote Medium Not required None None Partial
The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted BMP image.
555 CVE-2016-8671 200 XSS +Info 2017-01-13 2017-01-18
4.3
None Remote Medium Not required Partial None None
The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6887.
556 CVE-2016-8670 119 DoS Overflow 2017-01-04 2017-11-03
7.5
None Remote Low Not required Partial Partial Partial
Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.
557 CVE-2016-8644 264 2017-01-20 2017-01-25
5.0
None Remote Low Not required Partial None None
In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context.
558 CVE-2016-8643 284 2017-01-20 2017-01-25
4.0
None Remote Low Single system None Partial None
In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services.
559 CVE-2016-8642 284 2017-01-20 2017-01-25
5.0
None Remote Low Not required Partial None None
In Moodle 2.x and 3.x, the question engine allows access to files that should not be available.
560 CVE-2016-8606 284 Exec Code 2017-01-12 2017-01-18
7.5
None Remote Low Not required Partial Partial Partial
The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.
561 CVE-2016-8605 275 2017-01-12 2017-01-18
5.0
None Remote Low Not required None Partial None
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.
562 CVE-2016-8575 119 Overflow 2017-01-27 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482.
563 CVE-2016-8574 119 Overflow 2017-01-27 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print().
564 CVE-2016-8475 200 +Info 2017-01-12 2017-01-17
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the HTC input driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32591129.
565 CVE-2016-8474 200 +Info 2017-01-12 2017-01-17
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31799972.
566 CVE-2016-8473 200 +Info 2017-01-12 2017-01-17
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31795790.
567 CVE-2016-8472 200 +Info 2017-01-12 2017-01-17
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31531758. References: MT-ALPS02961384.
568 CVE-2016-8471 200 +Info 2017-01-12 2017-01-17
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31528890. References: MT-ALPS02961380.
569 CVE-2016-8470 200 +Info 2017-01-12 2017-01-17
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31528889. References: MT-ALPS02961395.
570 CVE-2016-8469 200 +Info 2017-01-12 2017-01-17
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31351206. References: N-CVE-2016-8469.
571 CVE-2016-8468 264 Exec Code 2017-01-12 2017-01-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in Binder could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.18. Android ID: A-32394425.
572 CVE-2016-8467 264 DoS Exec Code 2017-01-13 2017-01-17
4.9
None Local Low Not required None None Complete
An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service (device interoperability: completely permanent or requiring re-flashing the entire operating system). Product: Android. Versions: N/A. Android ID: A-30308784.
573 CVE-2016-8466 264 Exec Code 2017-01-12 2017-01-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31822524. References: B-RB#105268.
574 CVE-2016-8465 264 Exec Code 2017-01-12 2017-07-10
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32474971. References: B-RB#106053.
575 CVE-2016-8464 264 Exec Code 2017-01-12 2017-01-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29000183. References: B-RB#106314.
576 CVE-2016-8463 399 DoS 2017-01-12 2017-01-17
7.1
None Remote Medium Not required None None Complete
A denial of service vulnerability in the Qualcomm FUSE file system could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30786860. References: QC-CR#586855.
577 CVE-2016-8462 200 +Info 2017-01-12 2017-01-17
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access sensitive data. Product: Android. Versions: N/A. Android ID: A-32510383.
578 CVE-2016-8461 200 +Info 2017-01-12 2017-01-17
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access sensitive data. Product: Android. Versions: Kernel-3.18. Android ID: A-32369621.
579 CVE-2016-8460 200 +Info 2017-01-12 2017-01-17
4.3
None Remote Medium Not required None None Partial
An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31668540. References: N-CVE-2016-8460.
580 CVE-2016-8459 119 Overflow 2017-01-12 2017-01-17
10.0
None Remote Low Not required Complete Complete Complete
Possible buffer overflow in storage subsystem. Bad parameters as part of listener responses to RPMB commands could lead to buffer overflow. Product: Android. Versions: Kernel 3.18. Android ID: A-32577972. References: QC-CR#988462.
581 CVE-2016-8458 264 Exec Code 2017-01-12 2017-01-23
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31968442.
582 CVE-2016-8457 264 Exec Code 2017-01-12 2017-01-23
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32219453. References: B-RB#106116.
583 CVE-2016-8456 264 Exec Code 2017-01-12 2017-01-23
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32219255. References: B-RB#105580.
584 CVE-2016-8455 264 Exec Code 2017-01-12 2017-01-23
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32219121. References: B-RB#106311.
585 CVE-2016-8454 264 Exec Code 2017-01-12 2017-01-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32174590. References: B-RB#107142.
586 CVE-2016-8453 264 Exec Code 2017-01-12 2017-01-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-24739315. References: B-RB#73392.
587 CVE-2016-8452 264 Exec Code 2017-01-12 2017-01-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32506396. References: QC-CR#1050323.
588 CVE-2016-8451 264 Exec Code 2017-01-12 2017-01-18
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.4. Android ID: A-32178033.
589 CVE-2016-8450 264 Exec Code 2017-01-12 2017-01-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32450563. References: QC-CR#880388.
590 CVE-2016-8449 264 Exec Code 2017-01-12 2017-10-18
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31798848. References: N-CVE-2016-8449.
591 CVE-2016-8448 264 Exec Code 2017-01-12 2017-01-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31791148. References: MT-ALPS02982181.
592 CVE-2016-8447 264 Exec Code 2017-01-12 2017-01-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31749463. References: MT-ALPS02968886.
593 CVE-2016-8446 264 Exec Code 2017-01-12 2017-01-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31747749. References: MT-ALPS02968909.
594 CVE-2016-8445 264 Exec Code 2017-01-12 2017-01-23
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31747590. References: MT-ALPS02968983.
595 CVE-2016-8444 284 Exec Code 2017-01-12 2017-01-23
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31243641. References: QC-CR#1074310.
596 CVE-2016-8443 285 2017-01-12 2017-01-23
7.2
None Local Low Not required Complete Complete Complete
Possible unauthorized memory access in the hypervisor. Incorrect configuration provides access to subsystem page tables. Product: Android. Versions: Kernel 3.18. Android ID: A-32576499. References: QC-CR#964185.
597 CVE-2016-8442 20 2017-01-12 2017-01-23
7.2
None Local Low Not required Complete Complete Complete
Possible unauthorized memory access in the hypervisor. Lack of input validation could allow hypervisor memory to be accessed by the HLOS. Product: Android. Versions: Kernel 3.18. Android ID: A-31625910. QC-CR#1038173.
598 CVE-2016-8441 119 Overflow 2017-01-12 2017-01-23
7.2
None Local Low Not required Complete Complete Complete
Possible buffer overflow in the hypervisor. Inappropriate usage of a static array could lead to a buffer overrun. Product: Android. Versions: Kernel 3.18. Android ID: A-31625904. References: QC-CR#1027769.
599 CVE-2016-8440 119 Overflow 2017-01-12 2017-01-23
10.0
None Remote Low Not required Complete Complete Complete
Possible buffer overflow in SMMU system call. Improper input validation in ADSP SID2CB system call may result in hypervisor memory overwrite. Product: Android. Versions: Kernel 3.18. Android ID: A-31625306. References: QC-CR#1036747.
600 CVE-2016-8439 119 Overflow 2017-01-12 2017-01-17
10.0
None Remote Low Not required Complete Complete Complete
Possible buffer overflow in trust zone access control API. Buffer overflow may occur due to lack of buffer size checking. Product: Android. Versions: Kernel 3.18. Android ID: A-31625204. References: QC-CR#1027804.
Total number of vulnerabilities : 1085   Page : 1 2 3 4 5 6 7 8 9 10 11 12 (This Page)13 14 15 16 17 18 19 20 21 22
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.