Vulnerability Summary for the Week of February 27, 2017
Released
Mar 06, 2017
Document ID
SB17-065
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| atheme -- atheme | Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service. This is fixed in 7.2.8. | 2017-03-02 | 7.8 | CVE-2017-6384 CONFIRM CONFIRM |
| dropbear_ssh_project -- dropbear_ssh | Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument. | 2017-03-03 | 10.0 | CVE-2016-7406 MLIST BID CONFIRM CONFIRM GENTOO |
| dropbear_ssh_project -- dropbear_ssh | The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file. | 2017-03-03 | 10.0 | CVE-2016-7407 MLIST BID CONFIRM CONFIRM GENTOO |
| fedoraproject -- fedora | Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow. | 2017-02-28 | 7.5 | CVE-2017-5885 MLIST MLIST BID CONFIRM CONFIRM FEDORA |
| iceni -- argus | An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF to XML a stack variable will be left uninitialized which will later be used to fetch a length that is used in a copy operation. In most cases this will allow an aggressor to write outside the bounds of a stack buffer which is used to contain colors. This can lead to code execution under the context of the account running the tool. | 2017-02-27 | 9.3 | CVE-2016-8385 BID MISC |
| iceni -- argus | An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a PDF containing a malformed font to XML, the tool will attempt to use a size out of the font to search through a linked list of buffers to return. Due to a signedness issue, a buffer smaller than the requested size will be returned. Later when the tool tries to populate this buffer, the overflow will occur which can lead to code execution under the context of the user running the tool. | 2017-02-27 | 9.3 | CVE-2016-8386 BID MISC |
| iceni -- argus | An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF with an object encoded w/ multiple encoding types terminating with an LZW encoded type, an overflow may occur due to a lack of bounds checking by the LZW decoder. This can lead to code execution under the context of the account of the user running it. | 2017-02-27 | 9.3 | CVE-2016-8387 BID MISC |
| iceni -- argus | An exploitable arbitrary heap-overwrite vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will explicitly trust an index within the specific font object and use it to write the font's name to a single object within an array of objects. | 2017-02-28 | 9.3 | CVE-2016-8388 BID MISC |
| iceni -- argus | An exploitable integer-overflow vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will attempt to convert each character from a font into a polygon and then attempt to rasterize these shapes. As the application attempts to iterate through the rows and initializing the polygon shape in the buffer, it will write outside of the bounds of said buffer. This can lead to code execution under the context of the account running it. | 2017-02-28 | 9.3 | CVE-2016-8389 BID MISC |
| justsystems -- ichitaro | When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. If both of these values are larger than the size of the buffer, the application will choose the smaller of the two and trust it to copy data from the file. This value is larger than the buffer size, which leads to a heap-based buffer overflow. This overflow corrupts an offset in the heap used in pointer arithmetic for writing data and can lead to code execution under the context of the application. | 2017-02-24 | 7.5 | CVE-2017-2789 BID MISC |
| justsystems -- ichitaro | When processing a record type of 0x3c from a Workbook stream from an Excel file (.xls), JustSystems Ichitaro Office trusts that the size is greater than zero, subtracts one from the length, and uses this result as the size for a memcpy. This results in a heap-based buffer overflow and can lead to code execution under the context of the application. | 2017-02-24 | 7.5 | CVE-2017-2790 BID MISC |
| libdwarf_project -- libdwarf | (1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a "negation overflow." | 2017-02-28 | 7.5 | CVE-2016-9558 MLIST MLIST BID MISC CONFIRM CONFIRM |
| linux -- linux_kernel | The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission. | 2017-03-01 | 7.2 | CVE-2017-6347 CONFIRM CONFIRM MLIST BID CONFIRM CONFIRM |
| microsoft -- internet_explorer | Microsoft Internet Explorer 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element. | 2017-02-26 | 7.6 | CVE-2017-0037 BID MISC |
| plone -- plone | Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors. | 2017-02-24 | 7.5 | CVE-2016-4041 MLIST CONFIRM |
| revive-adserver -- revive_adserver | Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts. | 2017-03-03 | 7.5 | CVE-2017-5830 MLIST CONFIRM |
| rubyzip -- rubyzip | The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem. | 2017-02-27 | 7.5 | CVE-2017-5946 BID CONFIRM CONFIRM |
| veritas -- netbackup_appliance | An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur. | 2017-03-02 | 7.2 | CVE-2017-6399 CONFIRM |
| veritas -- netbackup_appliance | An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system). | 2017-03-02 | 7.2 | CVE-2017-6400 CONFIRM |
| veritas -- netbackup_appliance | An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password. | 2017-03-02 | 7.5 | CVE-2017-6403 CONFIRM |
| veritas -- netbackup_appliance | An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occur. | 2017-03-02 | 7.2 | CVE-2017-6406 CONFIRM |
| veritas -- netbackup_appliance | An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur. | 2017-03-02 | 7.2 | CVE-2017-6407 CONFIRM |
| veritas -- netbackup_appliance | An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access. | 2017-03-02 | 7.5 | CVE-2017-6409 CONFIRM |
| vim -- vim | An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. | 2017-02-27 | 7.5 | CVE-2017-6349 BID MISC MISC MISC |
| vim -- vim | An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. | 2017-02-27 | 7.5 | CVE-2017-6350 BID MISC MISC MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cisco -- netflow_generation_appliance_software | A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) with software before 1.1(1a) could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial of service (DoS) condition. The vulnerability is due to incomplete validation of SCTP packets being monitored on the NGA data ports. An attacker could exploit this vulnerability by sending malformed SCTP packets on a network that is monitored by an NGA data port. SCTP packets addressed to the IP address of the NGA itself will not trigger this vulnerability. An exploit could allow the attacker to cause the appliance to become unresponsive or reload, causing a DoS condition. User interaction could be needed to recover the device using the reboot command from the CLI. The following Cisco NetFlow Generation Appliances are vulnerable: NGA 3140, NGA 3240, NGA 3340. Cisco Bug IDs: CSCvc83320. | 2017-03-01 | 5.0 | CVE-2017-3826 BID CONFIRM |
| dropbear_ssh_project -- dropbear_ssh | The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument. | 2017-03-03 | 6.5 | CVE-2016-7408 MLIST BID CONFIRM CONFIRM GENTOO |
| fedoraproject -- fedora | Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors. | 2017-03-03 | 5.0 | CVE-2016-7970 MLIST BID CONFIRM CONFIRM CONFIRM FEDORA FEDORA FEDORA GENTOO |
| fedoraproject -- fedora | gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile. | 2017-02-28 | 6.8 | CVE-2017-5884 MLIST MLIST BID CONFIRM CONFIRM FEDORA |
| gnu -- glibc | The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service. | 2017-03-01 | 4.3 | CVE-2016-10228 CONFIRM BID CONFIRM |
| gnu -- libiberty | Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow. | 2017-02-24 | 6.8 | CVE-2016-2226 MLIST CONFIRM |
| gnu -- libiberty | Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "btypevec." | 2017-02-24 | 4.3 | CVE-2016-4487 MLIST CONFIRM |
| gnu -- libiberty | Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "ktypevec." | 2017-02-24 | 4.3 | CVE-2016-4488 MLIST CONFIRM |
| gnu -- libiberty | Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the "demangling of virtual tables." | 2017-02-24 | 4.3 | CVE-2016-4489 MLIST CONFIRM |
| gnu -- libiberty | Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths. | 2017-02-24 | 4.3 | CVE-2016-4490 MLIST CONFIRM |
| gnu -- libiberty | The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having "itself as ancestor more than once." | 2017-02-24 | 4.3 | CVE-2016-4491 MLIST CONFIRM MLIST |
| gnu -- libiberty | Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary. | 2017-02-24 | 4.3 | CVE-2016-4492 MLIST CONFIRM MLIST |
| gnu -- libiberty | The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary. | 2017-02-24 | 4.3 | CVE-2016-4493 MLIST CONFIRM MLIST |
| grails -- pdf_plugin | XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document. | 2017-02-27 | 4.3 | CVE-2017-6344 BID MISC |
| graphicsmagick -- graphicsmagick | The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file. | 2017-02-27 | 4.3 | CVE-2016-5240 CONFIRM CONFIRM MLIST MLIST MLIST BID |
| hashover_project -- hashover | An issue was discovered in HashOver 2.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the 'hashover/scripts/widget-output.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-03-02 | 4.3 | CVE-2017-6395 CONFIRM |
| hesiod_project -- hesiod | The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the (1) HESIOD_CONFIG or (2) HES_DOMAIN environment variable and leveraging certain SUID/SGUID binary. | 2017-03-01 | 6.9 | CVE-2016-10151 MLIST BID CONFIRM CONFIRM |
| ibm -- dashboard_application_services_hub | IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1998714. | 2017-02-24 | 6.8 | CVE-2016-9975 CONFIRM BID |
| ibm -- kenexa_lcms_premier | IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067. | 2017-03-01 | 6.5 | CVE-2016-9992 CONFIRM |
| ibm -- kenexa_lcms_premier | IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067. | 2017-03-01 | 6.5 | CVE-2016-9993 CONFIRM |
| ibm -- kenexa_lcms_premier | IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1976805. | 2017-03-01 | 6.5 | CVE-2016-9994 CONFIRM |
| ibm -- tivoli_storage_manager | IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference #: 1998747. | 2017-02-24 | 6.0 | CVE-2016-8998 CONFIRM BID |
| ibm -- websphere_mq | IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. IBM Reference #: 1998647. | 2017-02-24 | 4.0 | CVE-2016-9009 CONFIRM BID |
| iceni -- argus | An exploitable heap corruption vulnerability exists in the loadTrailer functionality of Iceni Argus version 6.6.05. A specially crafted PDF file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide a malicious PDF file to trigger this vulnerability. | 2017-02-28 | 6.8 | CVE-2016-8715 BID MISC |
| imagemagick -- imagemagick | The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file. | 2017-02-27 | 4.3 | CVE-2015-8900 CONFIRM CONFIRM CONFIRM MLIST MLIST CONFIRM CONFIRM |
| imagemagick -- imagemagick | ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file. | 2017-02-27 | 4.3 | CVE-2015-8901 CONFIRM CONFIRM MLIST MLIST CONFIRM |
| imagemagick -- imagemagick | The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file. | 2017-02-27 | 4.3 | CVE-2015-8902 CONFIRM CONFIRM MLIST MLIST CONFIRM |
| imagemagick -- imagemagick | The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file. | 2017-02-27 | 4.3 | CVE-2015-8903 CONFIRM CONFIRM MLIST MLIST CONFIRM |
| imagemagick -- imagemagick | The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file. | 2017-03-03 | 4.3 | CVE-2016-10061 MLIST BID CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick | The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or other unspecified impact via a crafted file. | 2017-03-03 | 6.8 | CVE-2016-10065 SUSE MLIST BID CONFIRM CONFIRM MISC |
| imagemagick -- imagemagick | Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a crafted file. | 2017-03-03 | 4.3 | CVE-2016-10066 MLIST BID CONFIRM CONFIRM |
| imagemagick -- imagemagick | Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file. | 2017-03-03 | 4.3 | CVE-2016-10070 SUSE SUSE MLIST BID MISC CONFIRM CONFIRM |
| imagemagick -- imagemagick | coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image. | 2017-03-01 | 4.3 | CVE-2016-9559 MLIST MLIST BID MISC CONFIRM CONFIRM |
| intel -- celeron_n2840 | Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. | 2017-02-27 | 5.0 | CVE-2017-5925 MISC BID MISC |
| intel -- celeron_n2840 | Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. | 2017-02-27 | 5.0 | CVE-2017-5926 MISC BID MISC |
| intel -- celeron_n2840 | Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. | 2017-02-27 | 5.0 | CVE-2017-5927 MISC BID MISC |
| intel -- x710_series_driver | Drivers for the Intel Ethernet Controller X710 and Intel Ethernet Controller XL710 families before version 22.0 are vulnerable to a denial of service in certain layer 2 network configurations. | 2017-02-27 | 6.1 | CVE-2016-8105 BID CONFIRM |
| jasper_project -- jasper | libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | 2017-03-01 | 4.3 | CVE-2017-5498 BID MISC |
| jasper_project -- jasper | Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file. | 2017-03-01 | 4.3 | CVE-2017-5499 BID MISC |
| jasper_project -- jasper | libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | 2017-03-01 | 4.3 | CVE-2017-5500 BID MISC |
| jasper_project -- jasper | Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file. | 2017-03-01 | 4.3 | CVE-2017-5501 BID MISC |
| jasper_project -- jasper | libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | 2017-03-01 | 4.3 | CVE-2017-5502 BID MISC |
| jasper_project -- jasper | The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image. | 2017-03-01 | 4.3 | CVE-2017-5503 MLIST MLIST BID MISC |
| jasper_project -- jasper | The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image. | 2017-03-01 | 4.3 | CVE-2017-5504 BID MISC |
| justsystems -- ichitaro | JustSystems Ichitaro 2016 Trial contains a vulnerability that exists when trying to open a specially crafted PowerPoint file. Due to the application incorrectly handling the error case for a function's result, the application will use this result in a pointer calculation for reading file data into. Due to this, the application will read data from the file into an invalid address thus corrupting memory. Under the right conditions, this can lead to code execution under the context of the application. | 2017-02-24 | 6.8 | CVE-2017-2791 BID MISC |
| kaltura -- kaltura_server | An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "admin_console/web/tools/SimpleJWPlayer.php" URL, the "admin_console/web/tools/AkamaiBroadcaster.php" URL, the "admin_console/web/tools/bigRedButton.php" URL, and the "admin_console/web/tools/bigRedButtonPtsPoc.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-03-02 | 4.3 | CVE-2017-6391 CONFIRM CONFIRM |
| kaltura -- kaltura_server | An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "server-Lynx-12.11.0/admin_console/web/tools/XmlJWPlayer.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-03-02 | 4.3 | CVE-2017-6392 CONFIRM CONFIRM |
| kde -- kdelibs | kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file. | 2017-03-02 | 4.3 | CVE-2017-6410 CONFIRM |
| kodi -- kodi | Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd. | 2017-02-28 | 5.0 | CVE-2017-5982 MISC FULLDISC BID EXPLOIT-DB |
| lenovo -- xclarity_administrator | Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. | 2017-03-01 | 5.0 | CVE-2016-8233 BID CONFIRM |
| libav -- libav | libavcodec/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | 2017-03-01 | 4.3 | CVE-2016-9819 BID MISC |
| libav -- libav | libavcodec/mpegvideo_motion.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | 2017-03-01 | 4.3 | CVE-2016-9820 BID MISC |
| libav -- libav | Integer overflow in libavcodec/mpegvideo_parser.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file. | 2017-03-01 | 4.3 | CVE-2016-9821 BID MISC |
| libav -- libav | Integer overflow in libavcodec/mpeg12dec.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file. | 2017-03-01 | 4.3 | CVE-2016-9822 BID MISC |
| libav -- libav | libavcodec/x86/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file. | 2017-03-01 | 4.3 | CVE-2016-9823 BID MISC |
| libav -- libav | Integer overflow in libswscale/x86/swscale.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file. | 2017-03-01 | 4.3 | CVE-2016-9824 BID MISC |
| libav -- libav | libswscale/utils.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | 2017-03-01 | 4.3 | CVE-2016-9825 BID MISC |
| libav -- libav | libavcodec/ituh263dec.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | 2017-03-01 | 4.3 | CVE-2016-9826 BID MISC |
| libdwarf_project -- libdwarf | dwarf_form.c in libdwarf 20160115 allows remote attackers to cause a denial of service (crash) via a crafted elf file. | 2017-02-24 | 4.3 | CVE-2016-5027 MLIST MLIST CONFIRM |
| libimobiledevice -- libplist | The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file. | 2017-03-03 | 4.3 | CVE-2017-5834 MLIST MLIST CONFIRM |
| libimobiledevice -- libplist | libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero. | 2017-03-03 | 5.0 | CVE-2017-5835 MLIST MLIST CONFIRM |
| libimobiledevice -- libplist | The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free. | 2017-03-03 | 5.0 | CVE-2017-5836 MLIST MLIST CONFIRM |
| libmp3splt_project -- libmp3splt | The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | 2017-03-01 | 4.3 | CVE-2017-5665 BID MISC |
| libtiff -- libtiff | Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image. | 2017-03-01 | 6.8 | CVE-2016-10092 CONFIRM CONFIRM MLIST MLIST BID MISC CONFIRM |
| libtiff -- libtiff | Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow. | 2017-03-01 | 6.8 | CVE-2016-10093 CONFIRM MLIST MLIST BID MISC CONFIRM |
| libtiff -- libtiff | Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image. | 2017-03-01 | 6.8 | CVE-2016-10094 CONFIRM MLIST MLIST BID MISC CONFIRM |
| libtiff -- libtiff | Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file. | 2017-03-01 | 4.3 | CVE-2016-10095 CONFIRM MLIST MLIST BID MISC |
| linux -- linux_kernel | The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls. | 2017-03-01 | 4.6 | CVE-2017-6345 CONFIRM CONFIRM MLIST BID CONFIRM |
| linux -- linux_kernel | Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls. | 2017-03-01 | 6.9 | CVE-2017-6346 CONFIRM CONFIRM MLIST BID CONFIRM |
| linux -- linux_kernel | The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on IrDA devices. | 2017-03-01 | 4.9 | CVE-2017-6348 CONFIRM CONFIRM MLIST BID CONFIRM |
| linux -- linux_kernel | net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986. | 2017-03-01 | 4.9 | CVE-2017-6353 CONFIRM MLIST BID CONFIRM |
| mp3splt_project -- mp3splt | The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (invalid free and crash) via a crafted file. | 2017-03-01 | 4.3 | CVE-2017-5666 BID MISC |
| mp3splt_project -- mp3splt | The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | 2017-03-01 | 4.3 | CVE-2017-5851 BID MISC |
| nagvis -- nagvis | An issue was discovered in NagVis 1.9b12. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "nagvis-master/share/userfiles/gadgets/std_table.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-03-02 | 4.3 | CVE-2017-6393 CONFIRM |
| openemr -- openemr | An issue was discovered in OpenEMR 5.0.1-dev. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "openemr-master/gacl/admin/object_search.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-03-02 | 4.3 | CVE-2017-6394 MISC |
| opensuse_project -- opensuse | The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization." | 2017-03-03 | 5.0 | CVE-2016-7969 SUSE MLIST BID CONFIRM CONFIRM CONFIRM FEDORA FEDORA FEDORA GENTOO |
| opensuse_project -- opensuse | The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors. | 2017-03-03 | 5.0 | CVE-2016-7972 SUSE MLIST BID CONFIRM CONFIRM CONFIRM FEDORA FEDORA FEDORA GENTOO |
| opensuse_project -- opensuse | The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image. | 2017-03-01 | 4.3 | CVE-2016-9830 CONFIRM SUSE DEBIAN MLIST BID MISC CONFIRM |
| pingidentity -- mod_auth_openidc | The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic. | 2017-03-02 | 5.0 | CVE-2017-6062 CONFIRM CONFIRM CONFIRM |
| pingidentity -- mod_auth_openidc | The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic. | 2017-03-02 | 5.0 | CVE-2017-6413 CONFIRM CONFIRM CONFIRM |
| plone -- plone | Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors. | 2017-02-24 | 5.0 | CVE-2016-4042 MLIST CONFIRM |
| podofo_project -- podofo | The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file. | 2017-03-01 | 4.3 | CVE-2017-5852 MLIST MLIST MISC |
| podofo_project -- podofo | Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. | 2017-03-01 | 6.8 | CVE-2017-5853 BID MISC |
| podofo_project -- podofo | base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | 2017-03-01 | 4.3 | CVE-2017-5854 MLIST MLIST BID MISC |
| podofo_project -- podofo | The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | 2017-03-01 | 4.3 | CVE-2017-5855 BID MISC |
| podofo_project -- podofo | Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. | 2017-03-01 | 6.8 | CVE-2017-5886 BID MISC |
| radare -- radare2 | The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file. | 2017-03-01 | 6.8 | CVE-2017-6319 BID CONFIRM CONFIRM |
| radare -- radare2 | The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file. | 2017-03-01 | 4.3 | CVE-2017-6387 BID CONFIRM CONFIRM |
| radare -- radare2 | The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DEX file. | 2017-03-01 | 4.3 | CVE-2017-6415 BID CONFIRM CONFIRM |
| revive-adserver -- revive_adserver | Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID. | 2017-03-03 | 5.5 | CVE-2017-5831 MLIST CONFIRM |
| revive-adserver -- revive_adserver | Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 2017-03-03 | 4.3 | CVE-2017-5833 MLIST CONFIRM |
| siemens -- ruggedcom_network_management_software | A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining administrative permissions. | 2017-02-27 | 4.3 | CVE-2017-2683 BID CONFIRM |
| soruly -- whatanime.ga | An issue was discovered in whatanime.ga before c334dd8499a681587dd4199e90b0aa0eba814c1d. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "whatanime.ga-master/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-03-02 | 4.3 | CVE-2017-6390 CONFIRM CONFIRM |
| tigervnc -- tigervnc | The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early. | 2017-02-28 | 5.0 | CVE-2016-10207 SUSE MLIST MLIST BID CONFIRM CONFIRM |
| tigervnc -- tigervnc | Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries. | 2017-02-28 | 6.8 | CVE-2017-5581 MLIST MLIST BID CONFIRM CONFIRM CONFIRM |
| veritas -- netbackup_appliance | An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat. | 2017-03-02 | 4.6 | CVE-2017-6401 CONFIRM |
| veritas -- netbackup_appliance | An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur. | 2017-03-02 | 4.0 | CVE-2017-6402 CONFIRM |
| veritas -- netbackup_appliance | An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing. | 2017-03-02 | 5.0 | CVE-2017-6405 CONFIRM |
| veritas -- netbackup_appliance | An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured. | 2017-03-02 | 4.4 | CVE-2017-6408 CONFIRM |
| webpagetest_project -- webpagetest | An issue was discovered in WPO-Foundation WebPageTest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "webpagetest-master/www/compare-cf.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-03-02 | 4.3 | CVE-2017-6396 CONFIRM |
| xen -- xen | Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort. | 2017-02-27 | 4.9 | CVE-2016-9815 MLIST MLIST BID CONFIRM CONFIRM |
| xen -- xen | Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2. | 2017-02-27 | 4.9 | CVE-2016-9816 MLIST MLIST BID CONFIRM CONFIRM |
| xen -- xen | Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set. | 2017-02-27 | 4.9 | CVE-2016-9817 MLIST MLIST BID CONFIRM CONFIRM CONFIRM |
| xen -- xen | Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP. | 2017-02-27 | 4.9 | CVE-2016-9818 MLIST MLIST BID CONFIRM CONFIRM |
| yandex -- yandex_browser | Yandex Browser for iOS before 16.10.0.2357 does not properly restrict processing of facetime:// URLs, which allows remote attackers to initiate facetime-call without user's approval and obtain video and audio data from a device via a crafted web site. | 2017-03-01 | 4.3 | CVE-2016-8507 BID CONFIRM |
| yandex -- yandex_browser | Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for prevention Protect warning on own malicious web-site. | 2017-03-01 | 4.3 | CVE-2016-8508 BID CONFIRM |
| ysurac -- flightairmap | An issue was discovered in FlightAirMap v1.0-beta.10. The vulnerability exists due to insufficient filtration of user-supplied data in multiple parameters passed to several *-sub-menu.php pages. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-03-02 | 4.3 | CVE-2017-6397 CONFIRM |
| zziplib_project -- zziplib | Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. | 2017-03-01 | 4.3 | CVE-2017-5974 MLIST MISC |
| zziplib_project -- zziplib | Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. | 2017-03-01 | 4.3 | CVE-2017-5975 MLIST MISC |
| zziplib_project -- zziplib | Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. | 2017-03-01 | 4.3 | CVE-2017-5976 MLIST MISC |
| zziplib_project -- zziplib | The zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted ZIP file. | 2017-03-01 | 4.3 | CVE-2017-5977 MLIST MISC |
| zziplib_project -- zziplib | The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file. | 2017-03-01 | 4.3 | CVE-2017-5978 MISC |
| zziplib_project -- zziplib | The prescan_entry function in fseeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file. | 2017-03-01 | 4.3 | CVE-2017-5979 MISC |
| zziplib_project -- zziplib | The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file. | 2017-03-01 | 4.3 | CVE-2017-5980 MISC |
| zziplib_project -- zziplib | seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file. | 2017-03-01 | 4.3 | CVE-2017-5981 MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| dropbear_ssh_project -- dropbear_ssh | The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident. | 2017-03-03 | 2.1 | CVE-2016-7409 MLIST BID CONFIRM CONFIRM GENTOO |
| ibm -- connections | IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998294. | 2017-03-01 | 3.5 | CVE-2016-5932 CONFIRM BID |
| ibm -- qradar_security_information_and_event_manager | IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference #: 1997341. | 2017-03-01 | 2.1 | CVE-2016-2879 CONFIRM BID |
| ibm -- qradar_security_information_and_event_manager | IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340. | 2017-03-01 | 2.1 | CVE-2016-2880 CONFIRM |
| plone -- plone | Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates. | 2017-02-24 | 3.5 | CVE-2016-4043 MLIST CONFIRM |
| qemu -- qemu | The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0. | 2017-02-27 | 2.1 | CVE-2016-10028 CONFIRM MLIST MLIST BID SECTRACK MLIST |
| qemu -- qemu | The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a scanout id in a VIRTIO_GPU_CMD_SET_SCANOUT command larger than num_scanouts. | 2017-02-27 | 2.1 | CVE-2016-10029 CONFIRM CONFIRM MLIST MLIST BID SECTRACK |
| revive-adserver -- revive_adserver | Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address. | 2017-03-03 | 3.5 | CVE-2017-5832 MLIST CONFIRM |
| tenable -- log_correlation_engine | Cross-site scripting (XSS) vulnerability in Tenable Log Correlation Engine (aka LCE) before 4.8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2017-02-28 | 3.5 | CVE-2016-9261 CONFIRM |
| tenable -- nessus | Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2017-02-28 | 3.5 | CVE-2016-9259 SECTRACK CONFIRM |
| veritas -- netbackup_appliance | An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data. | 2017-03-02 | 2.1 | CVE-2017-6404 CONFIRM |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple -- macos | The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide crafted responses to license activation requests via a self-signed certificate. NOTE: this issue can be combined with CVE-2016-0718 to execute arbitrary code remotely as root. | 2017-03-02 | not yet calculated | CVE-2016-9892 MISC FULLDISC CONFIRM BID |
| blackberry_limited -- blackberry | An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining access to certain diagnostic log files through either a valid logon or an unrelated compromise of the server. | 2017-03-03 | not yet calculated | CVE-2016-3127 CONFIRM |
| cgi -- cgi | Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file. | 2017-03-03 | not yet calculated | CVE-2017-5613 MLIST MISC |
| cgi -- cgi | Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter. | 2017-03-03 | not yet calculated | CVE-2017-5616 MLIST MISC |
| cgi -- cgi | cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location. | 2017-03-03 | not yet calculated | CVE-2017-5615 MLIST MISC |
| cgi -- cgi | Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter. | 2017-03-03 | not yet calculated | CVE-2017-5614 MLIST MISC |
| citrix -- citrix_license_server | Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 2017-03-03 | not yet calculated | CVE-2017-5571 CONFIRM |
| dahua -- dahua | The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash without knowledge of the corresponding password, a different vulnerability than CVE-2013-6117. | 2017-02-27 | not yet calculated | CVE-2017-6343 BID MISC |
| dahua -- dahua | An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19. When SmartPSS Software is launched, while on the login screen, the software in the background automatically logs in as admin. This allows sniffing sensitive information identified in CVE-2017-6341 without prior knowledge of the password. This is a different vulnerability than CVE-2013-6117. | 2017-02-27 | not yet calculated | CVE-2017-6342 BID MISC |
| dahua -- dahua | Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application interfaces, which allows remote attackers to obtain sensitive information by sniffing the network, a different vulnerability than CVE-2013-6117. | 2017-02-27 | not yet calculated | CVE-2017-6341 BID MISC MISC |
| ibm -- lenovo | Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77. | 2017-03-03 | not yet calculated | CVE-2016-8236 CONFIRM |
| ibm -- lenovo | Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information. | 2017-03-01 | not yet calculated | CVE-2016-8232 BID XF CONFIRM |
| imagemagick -- imagemagick
| coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file. | 2017-03-02 | not yet calculated | CVE-2016-10071 MLIST BID CONFIRM CONFIRM |
| imagemagick -- imagemagick | The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | 2017-03-02 | not yet calculated | CVE-2016-10060 MLIST BID CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick
| The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | 2017-03-02 | not yet calculated | CVE-2016-10062 MLIST BID CONFIRM CONFIRM |
| imagemagick -- imagemagick
| Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | 2017-03-02 | not yet calculated | CVE-2016-10064 SUSE MLIST BID CONFIRM CONFIRM |
| imagemagick -- imagemagick
| magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving "too many exceptions," which trigger a buffer overflow. | 2017-03-02 | not yet calculated | CVE-2016-10067 MLIST BID CONFIRM CONFIRM |
| imagemagick -- imagemagick | The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file. | 2017-03-02 | not yet calculated | CVE-2016-10068 SUSE SUSE MLIST BID CONFIRM CONFIRM MISC |
| imagemagick -- imagemagick
| Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity. | 2017-03-02 | not yet calculated | CVE-2016-10063 MLIST BID CONFIRM CONFIRM |
| imagemagick -- imagemagick
| coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames. | 2017-03-02 | not yet calculated | CVE-2016-10069 SUSE MLIST BID CONFIRM CONFIRM |
| intel -- intel | Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, and Intel Threading Building Blocks before 2017 Update 2 allows an attacker to launch a process with escalated privileges. | 2017-02-28 | not yet calculated | CVE-2017-5682 BID CONFIRM |
| irssi -- irssi | Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via vectors involving strings that are not UTF8. | 2017-03-03 | not yet calculated | CVE-2017-5196 MLIST CONFIRM |
| irssi -- irssi | Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (]). | 2017-03-03 | not yet calculated | CVE-2017-5356 MLIST MLIST MISC CONFIRM |
| irssi -- irssi | The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file. | 2017-02-27 | not yet calculated | CVE-2016-7553 MLIST MLIST BID CONFIRM CONFIRM FEDORA |
| irssi -- irssi | Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ANSI x8 color code. | 2017-03-03 | not yet calculated | CVE-2017-5195 MLIST CONFIRM |
| irssi -- irssi | The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick. | 2017-03-03 | not yet calculated | CVE-2017-5193 MLIST CONFIRM |
| irssi -- irssi | Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message. | 2017-03-03 | not yet calculated | CVE-2017-5194 MLIST CONFIRM |
| magento -- magento | The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value. | 2017-03-01 | not yet calculated | CVE-2016-6485 MLIST MLIST |
| matrixssl -- matrixssl | TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before 3.8.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted message. | 2017-03-03 | not yet calculated | CVE-2016-6884 MLIST CONFIRM |
| matrixssl -- matrixssl | MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack. | 2017-03-03 | not yet calculated | CVE-2016-6882 MLIST MISC CONFIRM MISC |
| matrixssl -- matrixssl | MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack. | 2017-03-03 | not yet calculated | CVE-2016-6883 MLIST CONFIRM |
| mikrotik -- mikrotik | The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret. | 2017-02-27 | not yet calculated | CVE-2017-6297 BID MISC |
| netapp -- ontap | The NetApp ONTAP Select Deploy administration utility 2.0 through 2.2.1 might allow remote attackers to obtain sensitive information via unspecified vectors. | 2017-03-01 | not yet calculated | CVE-2017-5995 BID CONFIRM |
| netapp -- ontap | NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry. | 2017-03-01 | not yet calculated | CVE-2016-5374 BID CONFIRM |
| owncloud -- owncloud_server | The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensitive information via unspecified vectors. | 2017-03-03 | not yet calculated | CVE-2017-5866 CONFIRM |
| owncloud -- owncloud_server | The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts. | 2017-03-03 | not yet calculated | CVE-2017-5865 CONFIRM |
| owncloud -- owncloud_server | ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to cause a denial of service (server hang and logfile flooding) via a one bit BMP file. | 2017-03-03 | not yet calculated | CVE-2017-5867 CONFIRM |
| php -- php | An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validate_permission=1 setting. The vulnerability details are as follows. In PHP SAPIs where PHP interpreters share a common parent process, Zend OpCache creates a shared memory object owned by the common parent during initialization. Child PHP processes inherit the SHM descriptor, using it to cache and retrieve compiled script bytecode ("opcode" in PHP jargon). Cache keys vary depending on configuration, but filename is a central key component, and compiled opcode can generally be run if a script's filename is known or can be guessed. Many common shared-hosting configurations change EUID in child processes to enforce privilege separation among hosted users (for example using mod_ruid2 for the Apache HTTP Server, or php-fpm user settings). In these scenarios, the default Zend OpCache behavior defeats script file permissions by sharing a single SHM cache among all child PHP processes. PHP scripts often contain sensitive information: Think of CMS configurations where reading or running another user's script usually means gaining privileges to the CMS database. | 2017-03-02 | not yet calculated | CVE-2015-8994 MISC MISC MISC MISC MISC MISC MISC |
| puppet_enterprise -- puppet | On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco puppet" run. Puppet Enterprise users are not affected. This is resolved in mcollective-puppet-agent 1.12.1. | 2017-03-03 | not yet calculated | CVE-2017-2290 CONFIRM |
| pysaml2 -- pysaml2 | PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response. | 2017-03-03 | not yet calculated | CVE-2016-10127 MLIST MISC MISC MISC MISC |
| rapid7 -- appspider_pro | Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | 2017-03-02 | not yet calculated | CVE-2017-5233 CONFIRM |
| rapid7 -- insight_collector | Rapid7 Insight Collector installers prior to version 1.0.16 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | 2017-03-02 | not yet calculated | CVE-2017-5234 CONFIRM |
| rapid7 -- metasploit | Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | 2017-03-02 | not yet calculated | CVE-2017-5235 CONFIRM |
| rapid7 -- metasploit | All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance. | 2017-03-02 | not yet calculated | CVE-2017-5228 CONFIRM |
| rapid7 -- metasploit
| All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance. | 2017-03-02 | not yet calculated | CVE-2017-5231 CONFIRM |
| rapid7 -- metasploit | All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance. | 2017-03-02 | not yet calculated | CVE-2017-5229 CONFIRM |
| rapid7 -- nexpose | All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | 2017-03-02 | not yet calculated | CVE-2017-5232 CONFIRM |
| rapid7 -- nexpose | The Java keystore in all versions and editions of Rapid7 Nexpose is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk. | 2017-03-02 | not yet calculated | CVE-2017-5230 CONFIRM |
| ruby -- ruby | The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the speak, save, bytes or bytes_wav method in lib/espeak/speech.rb. | 2017-03-03 | not yet calculated | CVE-2016-10193 MLIST MLIST CONFIRM |
| ruby -- ruby | The festivaltts4r gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the (1) to_speech or (2) to_mp3 method in lib/festivaltts4r/festival4r.rb. | 2017-03-03 | not yet calculated | CVE-2016-10194 MLIST MLIST MISC |
| siemens -- ruggedcom | The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to trigger a malicious request. | 2017-02-27 | not yet calculated | CVE-2017-2682 BID CONFIRM |
| siemens -- sinumerkik | Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack. | 2017-03-01 | not yet calculated | CVE-2017-2685 BID CONFIRM |
| umbraco -- umbraco | Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demonstrated by editing user account information in the templates.asmx.cs file. | 2017-03-03 | not yet calculated | CVE-2015-8814 CONFIRM MLIST CONFIRM |
| umbraco -- umbraco | Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or (3) the form page. | 2017-03-03 | not yet calculated | CVE-2015-8815 CONFIRM MLIST |
| umbraco -- umbraco | The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter. | 2017-03-03 | not yet calculated | CVE-2015-8813 CONFIRM MLIST MLIST MLIST MLIST CONFIRM |
| w3c -- w3c | The W3C High Resolution Time API, as implemented in various web browsers, does not consider that memory-reference times can be measured by a performance.now "Time to Tick" approach even with the https://bugzilla.mozilla.org/show_bug.cgi?id=1167489#c9 protection mechanism in place, which makes it easier for remote attackers to conduct AnC attacks via crafted JavaScript code. | 2017-02-27 | not yet calculated | CVE-2017-5928 MISC MISC |
| wireshark -- wireshark | In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness. | 2017-03-03 | not yet calculated | CVE-2017-6470 CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value. | 2017-03-03 | not yet calculated | CVE-2017-6472 CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file. This was addressed in wiretap/k12.c by validating the relationships between lengths and offsets. | 2017-03-03 | not yet calculated | CVE-2017-6473 CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by changing the restrictions on file size. | 2017-03-03 | not yet calculated | CVE-2017-6467 CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records. | 2017-03-03 | not yet calculated | CVE-2017-6468 CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record sizes. | 2017-03-03 | not yet calculated | CVE-2017-6474 CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure. | 2017-03-03 | not yet calculated | CVE-2017-6469 CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validating the capability length. | 2017-03-03 | not yet calculated | CVE-2017-6471 CONFIRM CONFIRM CONFIRM |
| wordpress -- wordpress | Persistent XSS in wordpress plugin rockhoist-badges v1.2.2. | 2017-03-02 | not yet calculated | CVE-2017-6102 MISC |
| wordpress -- wordpress | Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1. | 2017-03-02 | not yet calculated | CVE-2017-6103 MISC |
| wordpress -- wordpress | Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0. | 2017-03-02 | not yet calculated | CVE-2017-6104 MISC |
| zoneminder -- zoneminder | Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php. | 2017-03-03 | not yet calculated | CVE-2016-10201 MLIST MISC |
| zoneminder -- zoneminder | Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor. | 2017-03-03 | not yet calculated | CVE-2016-10203 MLIST MISC |
| zoneminder -- zoneminder | SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php. | 2017-03-03 | not yet calculated | CVE-2016-10204 MLIST MISC |
| zoneminder -- zoneminder | Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie. | 2017-03-03 | not yet calculated | CVE-2016-10205 MLIST MISC |
| zoneminder -- zoneminder | Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php. | 2017-03-03 | not yet calculated | CVE-2016-10206 MLIST MISC |
| zoneminder -- zoneminder | Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php. | 2017-03-03 | not yet calculated | CVE-2016-10202 MLIST MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.