LiveActive security incident?Get immediate response
CVE archive

December 2016

Browse CVE records published in December 2016, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 530 matching CVEs · Page 3 of 11.

Unknown · CVSS Not scored

CVE-2016-9858: An issue was discovered in phpMyAdmin.

An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

Published Dec 11, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9851: An issue was discovered in phpMyAdmin.

An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.

Published Dec 11, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9804: In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file.

In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "frm->ptr" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.

Published Dec 3, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9796: Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using...

Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJobSet, AddJob, and ExecuteNow) that can be used to run arbitrary commands on the server, with the privilege of NT AUTHORITY\SYSTEM on the server. NOTE: The discoverer states "The vendor position is to refer to the technical guidelines of the product security deployment to mitigate this issue, which means applying proper firewall rules to prevent unauthorised clients to connect to the OmniVista server."

Published Dec 3, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9755: The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 reassembly, which allows local users...

The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 reassembly, which allows local users to cause a denial of service (integer overflow, out-of-bounds write, and GPF) or possibly have unspecified other impact via a crafted application that makes socket, connect, and writev system calls, related to net/ipv6/netfilter/nf_conntrack_reasm.c and net/ipv6/netfilter/nf_defrag_ipv6_hooks.c.

Published Dec 28, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9864: An issue was discovered in phpMyAdmin.

An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

Published Dec 11, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9838: An issue was discovered in components/com_users/models/registration.php in Joomla!

An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group mappings, username, and password, as demonstrated by submitting a form that targets the `registration.register` task.

Published Dec 16, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9836: The file scanning mechanism of JFilterInput::isFileSafe() in Joomla!

The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7`, `.phtml`, and `.phpt` extensions. Additionally, JHelperMedia::canUpload() did not blacklist these file extensions as uploadable file types.

Published Dec 5, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9853: An issue was discovered in phpMyAdmin.

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the fopen wrapper issue.

Published Dec 11, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9849: An issue was discovered in phpMyAdmin.

An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

Published Dec 11, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9857: An issue was discovered in phpMyAdmin.

An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

Published Dec 11, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9850: An issue was discovered in phpMyAdmin.

An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

Published Dec 11, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9862: An issue was discovered in phpMyAdmin.

An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected.

Published Dec 11, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9861: An issue was discovered in phpMyAdmin.

An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

Published Dec 11, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative value...

The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option.

Published Dec 28, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9848: An issue was discovered in phpMyAdmin.

An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

Published Dec 11, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9777: KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not properly restrict the VCPU index,...

KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not properly restrict the VCPU index, which allows guest OS users to gain host OS privileges or cause a denial of service (out-of-bounds array access and host OS crash) via a crafted interrupt request, related to arch/x86/kvm/ioapic.c and arch/x86/kvm/ioapic.h.

Published Dec 28, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9776: QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable t...

QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this issue to crash the QEMU process on the host leading to DoS.

Published Dec 29, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9757: In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has...

In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag name field. Once this tag is viewed in the Tag Detail page of the Rapid7 Nexpose 6.4.12 UI by another authenticated user, the script is run in that user's browser context.

Published Dec 20, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9837: An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla!

An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view allow users to view articles that should not be publicly accessible, as demonstrated by an index.php?option=com_content&view=article&id=1&template=beez3 request.

Published Dec 16, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 al...

Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.

Published Dec 28, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9638: In BMC Patrol before 9.13.10.02, the binary "listguests64" is configured with the setuid bit.

In BMC Patrol before 9.13.10.02, the binary "listguests64" is configured with the setuid bit. However, when executing it, it will look for a binary named "virsh" using the PATH environment variable. The "listguests64" program will then run "virsh" using root privileges. This allows local users to elevate their privileges to root.

Published Dec 2, 2016 · Updated Aug 6, 2024