CVE-2016-7102
ownCloud Desktop before 2.2.3 allows local users to execute arbitrary and possibly gain privileges via a Trojan library in a "special path" in the C: drive.
Source: CVE-2016-7102
[월:] 2017년 01월
CVE-2016-9382
CVE-2016-9382
Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode.
Source: CVE-2016-9382
CVE-2016-7037
CVE-2016-7037
The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attack.
Source: CVE-2016-7037
CVE-2016-9380
CVE-2016-9380
The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.
Source: CVE-2016-9380
CVE-2016-7036
CVE-2016-7036
python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.
Source: CVE-2016-7036
CVE-2016-9081
CVE-2016-9081
Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors.
Source: CVE-2016-9081
CVE-2016-6920
CVE-2016-6920
Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions.
Source: CVE-2016-6920
CVE-2016-7792
CVE-2016-7792
Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it.
Source: CVE-2016-7792
CVE-2016-6668
CVE-2016-6668
The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages.
Source: CVE-2016-6668
CVE-2016-6603
CVE-2016-6603
ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header.
Source: CVE-2016-6603