CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
701 CVE-2016-7980 352 Exec Code CSRF 2017-01-18 2017-05-23
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code.
702 CVE-2016-7975 119 Overflow 2017-01-27 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print().
703 CVE-2016-7974 119 Overflow 2017-01-27 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions.
704 CVE-2016-7973 119 Overflow 2017-01-27 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions.
705 CVE-2016-7940 119 Overflow 2017-01-27 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions.
706 CVE-2016-7939 119 Overflow 2017-01-27 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions.
707 CVE-2016-7938 190 Overflow 2017-01-27 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame().
708 CVE-2016-7937 119 Overflow 2017-01-27 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print().
709 CVE-2016-7936 119 Overflow 2017-01-27 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print().
710 CVE-2016-7935 119 Overflow 2017-01-27 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print().
711 CVE-2016-7934 119 Overflow 2017-01-27 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcp_print().
712 CVE-2016-7933 119 Overflow 2017-01-27 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print-ppp.c:ppp_hdlc_if_print().
713 CVE-2016-7932 119 Overflow 2017-01-27 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum().
714 CVE-2016-7931 119 Overflow 2017-01-27 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mpls_print().
715 CVE-2016-7930 119 Overflow 2017-01-27 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print().
716 CVE-2016-7929 119 Overflow 2017-01-27 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniper_parse_header().
717 CVE-2016-7928 119 Overflow 2017-01-27 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcomp_print().
718 CVE-2016-7927 119 Overflow 2017-01-27 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in print-802_11.c:ieee802_11_radio_print().
719 CVE-2016-7926 119 Overflow 2017-01-27 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print().
720 CVE-2016-7925 119 Overflow 2017-01-27 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overflow in print-sl.c:sl_if_print().
721 CVE-2016-7924 119 Overflow 2017-01-27 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oam_print().
722 CVE-2016-7923 119 Overflow 2017-01-27 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print().
723 CVE-2016-7922 119 Overflow 2017-01-27 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print().
724 CVE-2016-7906 416 DoS 2017-01-18 2017-11-03
4.3
None Remote Medium Not required None None Partial
magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file.
725 CVE-2016-7904 352 CSRF 2017-01-16 2017-01-27
6.0
None Remote Medium Single system Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request.
726 CVE-2016-7903 264 2017-01-04 2017-01-06
4.3
None Remote Medium Not required None Partial None
Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header.
727 CVE-2016-7902 434 Exec Code 2017-01-04 2017-01-06
6.5
None Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstrated by .php.txt or .php%20.
728 CVE-2016-7799 125 DoS 2017-01-18 2017-11-03
4.3
None Remote Medium Not required None None Partial
MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
729 CVE-2016-7798 310 Bypass 2017-01-30 2018-07-14
5.0
None Remote Low Not required Partial None None
The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.
730 CVE-2016-7794 284 Exec Code 2017-01-19 2017-01-20
7.5
None Remote Low Not required Partial Partial Partial
sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository name.
731 CVE-2016-7793 284 Exec Code 2017-01-19 2017-01-20
6.8
None Remote Medium Not required Partial Partial Partial
sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL.
732 CVE-2016-7792 284 2017-01-23 2017-01-25
8.3
None Local Network Low Not required Complete Complete Complete
Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it.
733 CVE-2016-7791 20 Exec Code 2017-01-12 2017-01-13
7.5
None Remote Low Not required Partial Partial Partial
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload an evil 'exploit.tar.gz' file to the website, then extract it by visiting '/install/index.php?install_sample=../../files/exploit', which leads to arbitrary code execution.
734 CVE-2016-7790 20 Exec Code 2017-01-12 2017-01-13
7.5
None Remote Low Not required Partial Partial Partial
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload 'php' file to the website through uploader_paste.php, then overwrite /framework/conf/config.php, which leads to arbitrary code execution.
735 CVE-2016-7569 22 Dir. Trav. 2017-01-27 2017-02-05
4.3
None Remote Medium Not required None Partial None
Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. (dot dot) in the embedded layer data in an image.
736 CVE-2016-7567 119 Overflow 2017-01-23 2018-11-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string.
737 CVE-2016-7564 119 DoS Overflow 2017-01-18 2017-01-20
5.0
None Remote Low Not required None None Partial
Heap-based buffer overflow in the Fp_toString function in jsfunction.c in Artifex Software MuJS allows attackers to cause a denial of service (crash) via crafted input.
738 CVE-2016-7563 125 DoS 2017-01-18 2017-01-20
5.0
None Remote Low Not required None None Partial
The chartorune function in Artifex Software MuJS allows attackers to cause a denial of service (out-of-bounds read) via a * (asterisk) at the end of the input.
739 CVE-2016-7545 284 Exec Code 2017-01-19 2018-01-04
7.2
None Local Low Not required Complete Complete Complete
SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
740 CVE-2016-7544 399 2017-01-30 2017-02-07
5.0
None Remote Low Not required None None Partial
Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then the wrong pointer could be freed.
741 CVE-2016-7543 20 Exec Code 2017-01-19 2018-01-04
7.2
None Local Low Not required Complete Complete Complete
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.
742 CVE-2016-7480 119 DoS Exec Code Overflow 2017-01-11 2018-01-13
7.5
None Remote Low Not required Partial Partial Partial
The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.
743 CVE-2016-7479 416 Exec Code 2017-01-11 2018-05-03
7.5
None Remote Low Not required Partial Partial Partial
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.
744 CVE-2016-7478 DoS 2017-01-11 2018-01-13
5.0
None Remote Low Not required None None Partial
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.
745 CVE-2016-7434 20 DoS 2017-01-13 2017-11-20
5.0
None Remote Low Not required None None Partial
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
746 CVE-2016-7433 682 2017-01-13 2018-01-04
5.0
None Remote Low Not required None None Partial
NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."
747 CVE-2016-7431 20 Bypass 2017-01-13 2018-11-08
5.0
None Remote Low Not required None Partial None
NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.
748 CVE-2016-7429 18 DoS 2017-01-13 2018-01-04
4.3
None Remote Medium Not required None None Partial
NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.
749 CVE-2016-7428 400 DoS 2017-01-13 2019-01-24
3.3
None Local Network Low Not required None None Partial
ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.
750 CVE-2016-7427 400 DoS 2017-01-13 2019-01-24
3.3
None Local Network Low Not required None None Partial
The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.
Total number of vulnerabilities : 1085   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 (This Page)16 17 18 19 20 21 22
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.