CVE-2016-2564
published 2017-04-23CVE-2016-2564: Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag…
PriorityP427medium5.9CVSS 3.0
AVNACHPRNUINSUCHINAN
EPSS
1.27%
66.2th percentile
Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. Attackers can guess an Invision Power Board session cookie if they can predict the exact time of cookie generation.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| invisioncommunity | invision_power_board | <= 4.1.8.1 | — |
CVSS provenance
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w6pf-cx8p-259q: Invision Power Services (IPS) Community Suite before 4
ghsa_unreviewed·2022-05-13
CVE-2016-2564 [MEDIUM] CWE-331 GHSA-w6pf-cx8p-259q: Invision Power Services (IPS) Community Suite before 4
Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. Attackers can guess an Invision Power Board session cookie if they can predict the exact time of cookie generation.
Red Hat
chromium-browser: same-origin bypass in Blink and Sandbox escape in Chrome
vendor_redhat·2016-02-18·CVSS 9.8
CVE-2016-1629 [CRITICAL] chromium-browser: same-origin bypass in Blink and Sandbox escape in Chrome
chromium-browser: same-origin bypass in Blink and Sandbox escape in Chrome
Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors.
Red Hat
chromium-browser: various fixes from internal audits
vendor_redhat·2016-02-09·CVSS 8.8
CVE-2016-1627 [HIGH] chromium-browser: various fixes from internal audits
chromium-browser: various fixes from internal audits
The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL, related to browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js.
Red Hat
chromium-browser: same-origin bypass in DOM
vendor_redhat·2016-02-09·CVSS 8.8
CVE-2016-1623 [HIGH] chromium-browser: same-origin bypass in DOM
chromium-browser: same-origin bypass in DOM
The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp, HTMLFrameOwnerElement.h, LocalFrame.cpp, and WebLocalFrameImpl.cpp.
Red Hat
chromium-browser: same-origin bypass in Extensions
vendor_redhat·2016-02-09·CVSS 8.8
CVE-2016-1622 [HIGH] chromium-browser: same-origin bypass in Extensions
chromium-browser: same-origin bypass in Extensions
The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.
Red Hat
chromium-browser: out-of-bounds read in PDFium
vendor_redhat·2016-02-09·CVSS 6.3
CVE-2016-1628 [MEDIUM] CWE-125 chromium-browser: out-of-bounds read in PDFium
chromium-browser: out-of-bounds read in PDFium
pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted JPEG 2000 image in a PDF document, related to the opj_pi_next_rpcl, opj_pi_next_pcrl, and opj_pi_next_cprl functions.
Red Hat
chromium-browser: navigation bypass in Chrome Instant
vendor_redhat·2016-02-09·CVSS 4.3
CVE-2016-1625 [MEDIUM] chromium-browser: navigation bypass in Chrome Instant
chromium-browser: navigation bypass in Chrome Instant
The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page (NTP) navigation target is on the most-visited or suggestions list, which allows remote attackers to bypass intended restrictions via unspecified vectors, related to instant_service.cc and search_tab_helper.cc.
Red Hat
chromium-browser: out-of-bounds read in PDFium
vendor_redhat·2016-02-09·CVSS 4.3
CVE-2016-1626 [MEDIUM] chromium-browser: out-of-bounds read in PDFium
chromium-browser: out-of-bounds read in PDFium
The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.
Red Hat
chromium-browser: buffer overflow in Brotli
vendor_redhat·2016-02-09·CVSS 8.8
CVE-2016-1624 [HIGH] chromium-browser: buffer overflow in Brotli
chromium-browser: buffer overflow in Brotli
Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted data with brotli compression.
Red Hat
chromium-browser: Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17
vendor_redhat·2016-01-24·CVSS 9.8
CVE-2016-2051 [CRITICAL] chromium-browser: Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17
chromium-browser: Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17
Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Red Hat
chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6
vendor_redhat·2016-01-24·CVSS 7.6
CVE-2016-2052 [HIGH] chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6
chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6
Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947.
Package: harfbuzz (Red Hat Enterprise Linux 7) - Will not fix
Red Hat
chromium-browser: various fixes from internal audits
vendor_redhat·2016-01-20·CVSS 4.3
CVE-2016-1617 [MEDIUM] chromium-browser: various fixes from internal audits
chromium-browser: various fixes from internal audits
The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report.
Red Hat
chromium-browser: various fixes from internal audits
vendor_redhat·2016-01-20·CVSS 4.3
CVE-2016-1616 [MEDIUM] chromium-browser: various fixes from internal audits
chromium-browser: various fixes from internal audits
The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button.
Red Hat
chromium-browser: bad cast in V8
vendor_redhat·2016-01-20·CVSS 7.6
CVE-2016-1612 [HIGH] CWE-704 chromium-browser: bad cast in V8
chromium-browser: bad cast in V8
The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code.
Red Hat
chromium-browser: weak random number generator in Blink
vendor_redhat·2016-01-20·CVSS 6.5
CVE-2016-1618 [MEDIUM] CWE-338 chromium-browser: weak random number generator in Blink
chromium-browser: weak random number generator in Blink
Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
Red Hat
chromium-browser: various fixes from internal audits
vendor_redhat·2016-01-20·CVSS 8.8
CVE-2016-1620 [HIGH] chromium-browser: various fixes from internal audits
chromium-browser: various fixes from internal audits
Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Red Hat
chromium-browser: out-of-bounds read in PDFium
vendor_redhat·2016-01-20·CVSS 7.6
CVE-2016-1619 [HIGH] CWE-125 chromium-browser: out-of-bounds read in PDFium
chromium-browser: out-of-bounds read in PDFium
Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document.
Red Hat
chromium-browser: use-after-free in PDFium
vendor_redhat·2016-01-20·CVSS 7.6
CVE-2016-1613 [HIGH] CWE-416 chromium-browser: use-after-free in PDFium
chromium-browser: use-after-free in PDFium
Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects.
Red Hat
chromium-browser: origin confusion in Omnibox
vendor_redhat·2016-01-20·CVSS 6.5
CVE-2016-1615 [MEDIUM] chromium-browser: origin confusion in Omnibox
chromium-browser: origin confusion in Omnibox
The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors.
Red Hat
chromium-browser: information leak in Blink
vendor_redhat·2016-01-20·CVSS 4.3
CVE-2016-1614 [MEDIUM] CWE-200 chromium-browser: information leak in Blink
chromium-browser: information leak in Blink
The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.
No detection rules found.
No public exploits indexed.
https://invisionpower.com/release-notes/419-r37/https://medium.com/%40iancarroll/bypassing-authentication-in-invision-power-board-with-cve-2016-2564-9a24ea3655f9https://invisionpower.com/release-notes/419-r37/https://medium.com/%40iancarroll/bypassing-authentication-in-invision-power-board-with-cve-2016-2564-9a24ea3655f9
2017-04-23
Published