CVE-2016-6853
published 2016-12-15CVE-2016-6853: An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public…
PriorityP338medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
2.44%
82.3th percentile
An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later on using a specific URL, such script code might get executed. In case of injecting external websites, users might get lured into a phishing scheme. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| open-xchange | ox_guard | <= 2.4.2 | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6jmc-wgh2-9jr6: An issue was discovered in Open-Xchange OX Guard before 2
ghsa_unreviewed·2022-05-14
CVE-2016-6853 [MEDIUM] CWE-79 GHSA-6jmc-wgh2-9jr6: An issue was discovered in Open-Xchange OX Guard before 2
An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later on using a specific URL, such script code might get executed. In case of injecting external websites, users might get lured into a phishing scheme. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
Red Hat
kernel: Use After Free in /dev/fimg2d
vendor_redhat·2016-11-09·CVSS 7.5
CVE-2016-9279 [HIGH] CWE-416 kernel: Use After Free in /dev/fimg2d
kernel: Use After Free in /dev/fimg2d
Use-after-free vulnerability in the Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows attackers to obtain sensitive information via unspecified vectors. The Samsung ID is SVE-2016-6853.
Package: kernel (Red Hat Enterprise Linux 5) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 7) - Not affected
Package: realtime-kernel (Red Hat Enterprise MRG 2) - Not affected
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/138701/Open-Xchange-Guard-2.4.2-Cross-Site-Scripting.htmlhttp://www.securityfocus.com/archive/1/539395/100/0/threadedhttp://www.securityfocus.com/bid/92920https://www.exploit-db.com/exploits/40377/http://packetstormsecurity.com/files/138701/Open-Xchange-Guard-2.4.2-Cross-Site-Scripting.htmlhttp://www.securityfocus.com/archive/1/539395/100/0/threadedhttp://www.securityfocus.com/bid/92920https://www.exploit-db.com/exploits/40377/
2016-12-15
Published