Vulnerability Summary for the Week of March 20, 2017
Released
Mar 27, 2017
Document ID
SB17-086
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| canonical -- ubuntu_linux | The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions." | 2017-03-20 | 7.5 | CVE-2014-9841 SUSE SUSE SUSE MLIST UBUNTU CONFIRM CONFIRM |
| canonical -- ubuntu_linux | The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors. | 2017-03-20 | 7.5 | CVE-2014-9843 SUSE SUSE SUSE MLIST UBUNTU CONFIRM CONFIRM |
| canonical -- ubuntu_linux | Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. | 2017-03-20 | 7.5 | CVE-2014-9846 SUSE SUSE SUSE SUSE SUSE SUSE SUSE SUSE MLIST UBUNTU CONFIRM CONFIRM |
| canonical -- ubuntu_linux | The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact. | 2017-03-20 | 7.5 | CVE-2014-9847 SUSE SUSE SUSE SUSE SUSE SUSE MLIST UBUNTU CONFIRM CONFIRM |
| cerberus -- cerberus_ftp_server | Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command. | 2017-03-17 | 7.5 | CVE-2017-6880 EXPLOIT-DB |
| chef_manage_project -- chef_manage | The user-account creation feature in Chef Manage 2.1.0 through 2.4.4 allows remote attackers to execute arbitrary code. This is fixed in 2.4.5. | 2017-03-17 | 7.5 | CVE-2017-7174 CONFIRM |
| erlang -- erlang/otp | An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to. | 2017-03-18 | 7.5 | CVE-2016-10253 MISC |
| gnu -- binutils | ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects. | 2017-03-21 | 7.5 | CVE-2014-9939 MISC CONFIRM CONFIRM |
| gnu -- screen | GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions. | 2017-03-20 | 7.2 | CVE-2017-5618 CONFIRM CONFIRM CONFIRM MLIST BID MLIST |
| ibm -- power_hardware_management_console | IBM Power Hardware Management Console (HMC) 3.3.2 and 4.1 could allow a local user to escalate their privileges to gain root access. IBM Reference #: 1998459. | 2017-03-20 | 7.2 | CVE-2017-1134 CONFIRM BID |
| ibm -- websphere_mq | IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #: 1999672. | 2017-03-20 | 7.8 | CVE-2017-1145 CONFIRM BID |
| imagemagick -- imagemagick | distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors. | 2017-03-17 | 7.5 | CVE-2014-9852 SUSE SUSE SUSE MLIST CONFIRM CONFIRM |
| imagemagick -- imagemagick | Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file. | 2017-03-23 | 7.1 | CVE-2016-10047 MLIST BID CONFIRM CONFIRM |
| imagemagick -- imagemagick | Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file. | 2017-03-23 | 7.1 | CVE-2016-10058 MLIST BID CONFIRM CONFIRM |
| juniper -- junos_space | Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authentication. | 2017-03-20 | 7.5 | CVE-2016-4926 BID CONFIRM |
| juniper -- junos_space | Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user. | 2017-03-20 | 9.0 | CVE-2016-4929 BID CONFIRM |
| kinsey -- infor-lawson | Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData. | 2017-03-20 | 7.5 | CVE-2017-6550 MISC FULLDISC BID EXPLOIT-DB |
| linux -- linux_kernel | The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function. | 2017-03-20 | 7.2 | CVE-2017-7187 BID MISC MISC |
| netiq -- access_governance_suite | A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could escalate privileges to administrator. | 2017-03-23 | 9.0 | CVE-2016-1597 CONFIRM |
| netiq -- access_manager | iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials. | 2017-03-23 | 7.5 | CVE-2016-5757 CONFIRM |
| oneplus -- oxygenos | An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem boot_mode {rf/wlan/ftm/normal} command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any security-sensitive operation to be run unless the bootloader is unlocked. | 2017-03-19 | 7.2 | CVE-2017-5623 BID MISC |
| openinfosecfoundation -- suricata | The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request. | 2017-03-20 | 7.5 | CVE-2015-8954 CONFIRM CONFIRM CONFIRM |
| pluck-cms -- pluck | Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form feature. | 2017-03-17 | 7.5 | CVE-2014-8708 MISC MISC |
| qdpm -- qdpm | Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/attachments/ or uploads/users/. | 2017-03-17 | 7.5 | CVE-2015-3884 MISC MISC |
| wondercms -- wondercms | Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local files via a crafted theme. | 2017-03-17 | 7.5 | CVE-2014-8704 MISC |
| wondercms -- wondercms | PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers to execute arbitrary PHP code via a URL in the hook parameter. | 2017-03-17 | 7.5 | CVE-2014-8705 MISC MISC |
| xrdp -- xrdp | xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass. | 2017-03-17 | 7.5 | CVE-2017-6967 MISC MISC MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- tomcat | The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. | 2017-03-20 | 6.8 | CVE-2016-6816 BID CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apng2gif_project -- apng2gif | An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer over-read, related to the load_apng function and the imagesize variable. | 2017-03-17 | 5.0 | CVE-2017-6960 MISC |
| apng2gif_project -- apng2gif | An issue was discovered in apng2gif 1.7. There is improper sanitization of user input causing huge memory allocations, resulting in a crash. This is related to the read_chunk function using the pChunk->size value (within the PNG file) to determine the amount of memory to allocate. | 2017-03-17 | 4.3 | CVE-2017-6961 MISC |
| apng2gif_project -- apng2gif | An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer overflow. This is related to the read_chunk function making an unchecked addition of 12. | 2017-03-17 | 5.0 | CVE-2017-6962 MISC |
| artifex -- ghostscript | The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document. | 2017-03-21 | 4.3 | CVE-2017-7207 CONFIRM BID CONFIRM |
| audiofile -- audiofile | The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. | 2017-03-20 | 4.3 | CVE-2017-6829 MLIST MISC MISC MISC |
| audiofile -- audiofile | Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. | 2017-03-20 | 4.3 | CVE-2017-6830 MLIST MISC MISC MISC |
| audiofile -- audiofile | Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. | 2017-03-20 | 4.3 | CVE-2017-6831 MLIST MISC MISC MISC |
| audiofile -- audiofile | Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. | 2017-03-20 | 4.3 | CVE-2017-6832 MLIST MISC MISC MISC |
| audiofile -- audiofile | The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file. | 2017-03-20 | 4.3 | CVE-2017-6833 MLIST MISC MISC MISC |
| audiofile -- audiofile | Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. | 2017-03-20 | 4.3 | CVE-2017-6834 MLIST MISC MISC MISC |
| audiofile -- audiofile | The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file. | 2017-03-20 | 4.3 | CVE-2017-6835 MLIST MISC MISC MISC |
| audiofile -- audiofile | Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. | 2017-03-20 | 4.3 | CVE-2017-6836 MLIST MISC MISC MISC |
| audiofile -- audiofile | WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients. | 2017-03-20 | 4.3 | CVE-2017-6837 MLIST MISC MISC MISC |
| audiofile -- audiofile | Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. | 2017-03-20 | 4.3 | CVE-2017-6838 MLIST MISC MISC MISC |
| audiofile -- audiofile | Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. | 2017-03-20 | 4.3 | CVE-2017-6839 MLIST MISC MISC MISC |
| buddypress -- buddypress_plugin | An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper permissions. | 2017-03-17 | 4.0 | CVE-2017-6954 CONFIRM CONFIRM |
| ca -- unified_infrastructure_management | The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors. | 2017-03-20 | 5.0 | CVE-2016-9165 BID MISC CONFIRM |
| canonical -- ubuntu_linux | Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | 2017-03-20 | 5.0 | CVE-2014-9842 SUSE SUSE SUSE SUSE MLIST CONFIRM CONFIRM |
| canonical -- ubuntu_linux | The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. | 2017-03-20 | 4.3 | CVE-2014-9844 SUSE SUSE SUSE SUSE SUSE SUSE MLIST UBUNTU CONFIRM CONFIRM |
| canonical -- ubuntu_linux | The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. | 2017-03-20 | 4.3 | CVE-2014-9845 SUSE SUSE SUSE SUSE SUSE SUSE SUSE SUSE MLIST UBUNTU CONFIRM CONFIRM |
| canonical -- ubuntu_linux | Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption). | 2017-03-20 | 5.0 | CVE-2014-9848 SUSE SUSE SUSE SUSE SUSE MLIST UBUNTU CONFIRM |
| canonical -- ubuntu_linux | The png coder in ImageMagick allows remote attackers to cause a denial of service (crash). | 2017-03-20 | 5.0 | CVE-2014-9849 SUSE SUSE SUSE SUSE MLIST UBUNTU CONFIRM |
| canonical -- ubuntu_linux | Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption). | 2017-03-20 | 5.0 | CVE-2014-9850 SUSE SUSE SUSE MLIST UBUNTU CONFIRM CONFIRM |
| canonical -- ubuntu_linux | ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash). | 2017-03-20 | 5.0 | CVE-2014-9851 SUSE SUSE SUSE SUSE MLIST UBUNTU CONFIRM CONFIRM |
| cisco -- adaptive_security_appliance_software | A vulnerability in the Border Gateway Protocol (BGP) Bidirectional Forwarding Detection (BFD) implementation of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to bypass the access control list (ACL) for specific TCP and UDP traffic. More Information: CSCvc68229. Known Affected Releases: 9.6(2). Known Fixed Releases: 99.1(20.1) 99.1(10.2) 98.1(12.7) 98.1(1.49) 97.1(6.58) 97.1(0.134) 96.2(0.109) 9.7(1.1) 9.6(2.99) 9.6(2.8). | 2017-03-17 | 5.0 | CVE-2017-3867 BID CONFIRM |
| cisco -- nx-os | An Access-Control Filtering Mechanisms Bypass vulnerability in certain access-control filtering mechanisms on Cisco Nexus 7000 Series Switches could allow an unauthenticated, remote attacker to bypass defined traffic configured within an access control list (ACL) on the affected system. More Information: CSCtz59354. Known Affected Releases: 5.2(4) 6.1(3)S5 6.1(3)S6 6.2(1.121)S0 7.2(1)D1(1) 7.3(0)ZN(0.161) 7.3(1)N1(0.1). Known Fixed Releases: 7.3(0)D1(1) 6.2(2) 6.1(5) 8.3(0)KMT(0.24) 8.3(0)CV(0.337) 7.3(1)N1(1) 7.3(0)ZN(0.210) 7.3(0)ZN(0.177) 7.3(0)ZD(0.194) 7.3(0)TSH(0.99) 7.3(0)SC(0.14) 7.3(0)RSP(0.7) 7.3(0)N1(1) 7.3(0)N1(0.193) 7.3(0)IZN(0.13) 7.3(0)IB(0.102) 7.3(0)GLF(0.44) 7.3(0)D1(0.178) 7.1(0)D1(0.14) 7.0(3)ITI2(1.6) 7.0(3)ISH1(2.13) 7.0(3)IFD6(0.78) 7.0(3)IFD6(0) 7.0(3)IDE6(0.12) 7.0(3)IDE6(0) 7.0(3)I2(1) 7.0(3)I2(0.315) 7.0(1)ZD(0.3) 7.0(0)ZD(0.84) 6.2(1.149)S0 6.2(0.285) 6.1(5.32)S0 6.1(4.97)S0 6.1(2.30)S0. | 2017-03-17 | 5.0 | CVE-2017-3875 BID CONFIRM |
| cisco -- nx-os | A Denial of Service vulnerability in the Telnet remote login functionality of Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a Telnet process used for login to terminate unexpectedly and the login attempt to fail. There is no impact to user traffic flowing through the device. Affected Products: This vulnerability affects Cisco Nexus 9000 Series Switches that are running Cisco NX-OS Software and are configured to allow remote Telnet connections to the device. More Information: CSCux46778. Known Affected Releases: 7.0(3)I3(0.170). Known Fixed Releases: 7.0(3)I3(1) 7.0(3)I3(0.257) 7.0(3)I3(0.255) 7.0(3)I2(2e) 7.0(3)F1(1.22) 7.0(3)F1(1). | 2017-03-17 | 5.0 | CVE-2017-3878 BID CONFIRM |
| cisco -- nx-os | A Denial of Service vulnerability in the remote login functionality for Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a process used for login to terminate unexpectedly and the login attempt to fail. There is no impact to user traffic flowing through the device. The attacker could use either a Telnet or an SSH client for the remote login attempt. Affected Products: This vulnerability affects Cisco Nexus 9000 Series Switches that are running Cisco NX-OS Software and are configured to allow remote Telnet connections to the device. More Information: CSCuy25824. Known Affected Releases: 7.0(3)I3(1) 8.3(0)CV(0.342) 8.3(0)CV(0.345). Known Fixed Releases: 8.3(0)CV(0.362) 8.0(1) 7.0(3)IED5(0.19) 7.0(3)IED5(0) 7.0(3)I4(1) 7.0(3)I4(0.8) 7.0(3)I2(2e) 7.0(3)F1(1.22) 7.0(3)F1(1) 7.0(3)F1(0.230). | 2017-03-17 | 5.0 | CVE-2017-3879 BID CONFIRM |
| cisco -- prime_infrastructure | An API Credentials Management vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API that should be restricted to a privileged user. The attacker needs to have valid credentials. More Information: CSCuy36192. Known Affected Releases: 3.1(1) 3.1(1). | 2017-03-17 | 5.5 | CVE-2017-3869 BID CONFIRM |
| cisco -- prime_optical | A RADIUS Secret Disclosure vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive information in the configuration generated for a device. The attacker must have valid credentials for the device. More Information: CSCvc65257. Known Affected Releases: 10.6(0.1). | 2017-03-17 | 4.0 | CVE-2017-3871 BID CONFIRM |
| cisco -- prime_service_catalog | A vulnerability in the web framework code of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvc79842 CSCvc79846 CSCvc79855 CSCvc79873 CSCvc79882 CSCvc79891. Known Affected Releases: 11.1.2. | 2017-03-17 | 4.3 | CVE-2017-3866 BID CONFIRM |
| cisco -- telepresence_server_software | An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. Affected Products: This vulnerability affects Cisco TelePresence Server MSE 8710 Processors that are running a software release prior to Cisco TelePresence Software Release 4.3 and are running in locally managed mode. The vulnerable API was deprecated in Cisco TelePresence Software Release 4.3. More Information: CSCvc37616. | 2017-03-17 | 5.0 | CVE-2017-3815 BID CONFIRM |
| cisco -- unified_communications_manager | A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. More Information: CSCvc21620. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.641) 12.0(0.98000.500) 12.0(0.98000.219). | 2017-03-17 | 4.3 | CVE-2017-3872 BID CONFIRM |
| cisco -- unified_communications_manager | A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web interface of the affected software. More Information: CSCvb70021. Known Affected Releases: 11.5(1.11007.2). | 2017-03-17 | 4.3 | CVE-2017-3877 BID CONFIRM |
| cisco -- unified_computing_system_director | A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc44344. Known Affected Releases: 6.0(0.0). | 2017-03-17 | 4.3 | CVE-2017-3868 BID CONFIRM |
| cisco -- web_security_appliance | A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA), both virtual and hardware appliances, that are configured with URL filters for email scanning. More Information: CSCvc69700. Known Affected Releases: 8.5.3-069 9.1.1-074 9.1.2-010. | 2017-03-17 | 5.0 | CVE-2017-3870 BID CONFIRM |
| cisco -- webex_meetings_server | An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc39165. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.2054. | 2017-03-17 | 4.0 | CVE-2017-3811 BID CONFIRM |
| cisco -- webex_meetings_server | An Authentication Bypass vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access limited meeting information on the Cisco WebEx Meetings Server. More Information: CSCvd50728. Known Affected Releases: 2.6 2.7 2.8 CWMS-2.5MR1 Orion1.1.2.patch T29_orion_merge. | 2017-03-17 | 6.4 | CVE-2017-3880 BID CONFIRM |
| cloudflare-scrape_project -- cloudflare-scrape | An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0. | 2017-03-23 | 6.8 | CVE-2017-7235 CONFIRM CONFIRM |
| d-link -- dir-600m_firmware | CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact. | 2017-03-22 | 6.8 | CVE-2017-5874 CONFIRM BID |
| debian -- debian_linux | The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. | 2017-03-23 | 4.3 | CVE-2016-9556 SUSE DEBIAN MLIST MLIST MLIST BID MISC CONFIRM CONFIRM |
| deluge -- deluge | CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin. | 2017-03-18 | 6.8 | CVE-2017-7178 CONFIRM MISC MISC MISC BID CONFIRM |
| fedoraproject -- fedora | Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow. | 2017-03-17 | 4.3 | CVE-2015-4645 FEDORA FEDORA BID CONFIRM MISC GENTOO |
| ffmpeg -- ffmpeg | Libavcodec in FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code. | 2017-03-20 | 6.8 | CVE-2012-5361 BID XF MS CONFIRM |
| gamepanelx -- gamepanelx-v3 | A Cross-Site Scripting (XSS) was discovered in GamePanelX-V3 3.0.12. The vulnerability exists due to insufficient filtration of user-supplied data (a) passed to the "GamePanelX-V3-master/ajax/ajax.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-03-21 | 4.3 | CVE-2017-7205 BID CONFIRM |
| get-simple -- getsimple_cms | GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml. | 2017-03-17 | 5.0 | CVE-2014-8722 MISC MISC |
| get-simple -- getsimple_cms | GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message. | 2017-03-17 | 5.0 | CVE-2014-8723 MISC MISC |
| git_project -- git | contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution. | 2017-03-19 | 6.8 | CVE-2014-9938 CONFIRM MISC |
| gnu -- binutils | readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow. | 2017-03-17 | 4.3 | CVE-2017-6965 CONFIRM |
| gnu -- binutils | readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations. | 2017-03-17 | 4.3 | CVE-2017-6966 CONFIRM |
| gnu -- binutils | readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well. | 2017-03-17 | 6.4 | CVE-2017-6969 CONFIRM |
| gnu -- binutils | The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash. | 2017-03-21 | 4.3 | CVE-2017-7209 BID CONFIRM |
| gnu -- binutils | objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash. | 2017-03-21 | 4.3 | CVE-2017-7210 BID CONFIRM |
| gnu -- binutils | GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash. | 2017-03-22 | 5.0 | CVE-2017-7223 CONFIRM |
| gnu -- binutils | The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash. | 2017-03-22 | 4.3 | CVE-2017-7224 CONFIRM |
| gnu -- binutils | The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash. | 2017-03-22 | 5.0 | CVE-2017-7225 CONFIRM |
| gnu -- binutils | The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well. | 2017-03-22 | 6.4 | CVE-2017-7226 CONFIRM |
| gnu -- binutils | GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l. | 2017-03-22 | 5.0 | CVE-2017-7227 CONFIRM |
| gnu -- glibc | Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow. | 2017-03-20 | 6.8 | CVE-2015-8983 MLIST BID CONFIRM CONFIRM MLIST |
| gnu -- glibc | The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read. | 2017-03-20 | 4.3 | CVE-2015-8984 MLIST MLIST BID CONFIRM CONFIRM MLIST |
| gnu -- glibc | The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing. | 2017-03-20 | 4.3 | CVE-2015-8985 MLIST BID CONFIRM |
| google -- android | The Qualcomm SPCom driver in Android before 7.0 allows local users to execute arbitrary code within the context of the kernel via a crafted application, aka Android internal bug 34386529 and Qualcomm internal bug CR#1094140. | 2017-03-20 | 6.9 | CVE-2016-5857 SECTRACK MISC |
| huawei -- document_security_management | The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button. | 2017-03-20 | 4.0 | CVE-2016-2406 CONFIRM |
| ibm -- algo_one | IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request. IBM Reference #: 1999754. | 2017-03-20 | 4.0 | CVE-2017-1155 CONFIRM BID |
| ibm -- rational_rhapsody_design_manager | IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960. | 2017-03-20 | 4.0 | CVE-2016-8973 CONFIRM BID |
| ibm -- websphere_application_server | IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293. | 2017-03-20 | 6.8 | CVE-2017-1151 CONFIRM BID |
| imagemagick -- imagemagick | Heap overflow in ImageMagick 6.8.9-9 via a crafted pcx file. | 2017-03-22 | 6.8 | CVE-2014-9832 MLIST MLIST |
| imagemagick -- imagemagick | Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file. | 2017-03-22 | 6.8 | CVE-2014-9833 MLIST MLIST |
| imagemagick -- imagemagick | Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file. | 2017-03-22 | 6.8 | CVE-2014-9834 MLIST MLIST |
| imagemagick -- imagemagick | Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file. | 2017-03-22 | 6.8 | CVE-2014-9835 MLIST MLIST |
| imagemagick -- imagemagick | ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file. | 2017-03-22 | 4.3 | CVE-2014-9836 MLIST MLIST |
| imagemagick -- imagemagick | magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash). | 2017-03-22 | 4.3 | CVE-2014-9838 MLIST |
| imagemagick -- imagemagick | magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access). | 2017-03-22 | 5.0 | CVE-2014-9839 MLIST MLIST |
| imagemagick -- imagemagick | ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file. | 2017-03-22 | 4.3 | CVE-2014-9840 MLIST MLIST |
| imagemagick -- imagemagick | Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. | 2017-03-17 | 4.3 | CVE-2014-9853 SUSE SUSE SUSE SUSE SUSE SUSE SUSE SUSE MLIST UBUNTU CONFIRM |
| imagemagick -- imagemagick | coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image." | 2017-03-17 | 5.0 | CVE-2014-9854 CONFIRM SUSE SUSE SUSE SUSE MLIST UBUNTU CONFIRM CONFIRM |
| imagemagick -- imagemagick | Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM profile. | 2017-03-23 | 4.3 | CVE-2014-9915 MLIST CONFIRM |
| imagemagick -- imagemagick | Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file. | 2017-03-23 | 4.3 | CVE-2016-10046 MLIST BID CONFIRM CONFIRM |
| imagemagick -- imagemagick | Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file. | 2017-03-23 | 6.8 | CVE-2016-10049 MLIST BID CONFIRM CONFIRM MISC |
| imagemagick -- imagemagick | Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | 2017-03-23 | 6.8 | CVE-2016-10052 SUSE SUSE MLIST BID CONFIRM CONFIRM |
| imagemagick -- imagemagick | The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. | 2017-03-23 | 4.3 | CVE-2016-10053 MLIST BID CONFIRM CONFIRM |
| imagemagick -- imagemagick | Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | 2017-03-23 | 6.8 | CVE-2016-10054 MLIST BID CONFIRM CONFIRM |
| imagemagick -- imagemagick | Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | 2017-03-23 | 6.8 | CVE-2016-10055 MLIST BID CONFIRM CONFIRM |
| imagemagick -- imagemagick | Buffer overflow in the sixel_decode function in coders/sixel.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | 2017-03-23 | 6.8 | CVE-2016-10056 MLIST BID BID CONFIRM CONFIRM |
| imagemagick -- imagemagick | Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | 2017-03-23 | 6.8 | CVE-2016-10057 MLIST BID CONFIRM CONFIRM |
| imagemagick -- imagemagick | Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file. | 2017-03-23 | 6.8 | CVE-2016-10059 SUSE MLIST BID CONFIRM CONFIRM |
| imdbphp_project -- imdbphp | A Cross-Site Scripting (XSS) was discovered in imdbphp 5.1.1. The vulnerability exists due to insufficient filtration of user-supplied data (name) passed to the "imdbphp-master/demo/search.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-03-21 | 4.3 | CVE-2017-7204 BID CONFIRM |
| jasper_project -- jasper | The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. | 2017-03-23 | 4.3 | CVE-2016-8885 MLIST MLIST MLIST BID MISC CONFIRM FEDORA FEDORA |
| juniper -- junos_space | Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices. | 2017-03-20 | 6.8 | CVE-2016-4927 BID CONFIRM |
| juniper -- junos_space | Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space. | 2017-03-20 | 6.8 | CVE-2016-4928 BID CONFIRM |
| juniper -- junos_space | Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform certain administrative actions. | 2017-03-20 | 4.3 | CVE-2016-4930 BID CONFIRM |
| juniper -- junos_space | XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service. | 2017-03-20 | 4.0 | CVE-2016-4931 BID CONFIRM |
| libav -- libav | The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file. | 2017-03-21 | 5.8 | CVE-2017-7206 BID CONFIRM |
| libav -- libav | The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file. | 2017-03-21 | 5.8 | CVE-2017-7208 BID CONFIRM |
| libtiff -- libtiff | LibTIFF allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file. | 2017-03-17 | 4.3 | CVE-2015-7313 MLIST BID CONFIRM GENTOO |
| mantisbt -- mantisbt | A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged access to MantisBT configuration management pages (i.e., administrator access rights) or altering the system configuration file (config_inc.php). | 2017-03-22 | 4.3 | CVE-2017-7222 CONFIRM CONFIRM |
| mantisbt -- mantisbt_source_integration_plugin | An XSS vulnerability in the MantisBT Source Integration Plugin (before 2.0.2) search result page allows an attacker to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by crafting any valid parameter. | 2017-03-17 | 4.3 | CVE-2017-6958 CONFIRM |
| meteocontrol -- weblog | A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function. | 2017-03-21 | 6.8 | CVE-2016-4504 MISC |
| misp -- misp | Cross site scripting in some view elements in the index filter tool in app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp of MISP before 2.4.69 allows remote attackers to inject arbitrary web script or HTML. | 2017-03-21 | 4.3 | CVE-2017-7215 MISC BID CONFIRM CONFIRM CONFIRM CONFIRM |
| mobatek -- mobaxterm | Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command. | 2017-03-20 | 5.0 | CVE-2017-6805 MISC MISC FULLDISC BID EXPLOIT-DB |
| netiq -- access_manager | The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users. | 2017-03-23 | 6.5 | CVE-2016-5750 CONFIRM |
| netiq -- access_manager | An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials. | 2017-03-23 | 4.3 | CVE-2016-5751 CONFIRM |
| netiq -- access_manager | The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original requester. | 2017-03-23 | 5.0 | CVE-2016-5752 CONFIRM |
| netiq -- access_manager | Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before SP2. | 2017-03-23 | 5.0 | CVE-2016-5754 CONFIRM |
| netiq -- access_manager | NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting. | 2017-03-23 | 4.3 | CVE-2016-5755 CONFIRM |
| netiq -- access_manager | Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Reflected Cross Site Scripting attacks which could be used to hijack user sessions: nps/servlet/frameservice, nps/servlet/webacc, roma/admin/cntl, roma/jsp/admin/appliance/devicedetail_edit.jsp, roma/jsp/admin/managementip/mgmt_ip_details_frameset.jsp, roma/jsp/admin/managementip/mgmt_ip_details_middleframe.jsp, roma/jsp/volsc/monitoring/appliance.jsp, and roma/jsp/volsc/monitoring/graph.jsp. | 2017-03-23 | 4.3 | CVE-2016-5756 CONFIRM |
| netiq -- access_manager | A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load. | 2017-03-23 | 6.8 | CVE-2016-5758 BID CONFIRM |
| novell -- groupwise | A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks. | 2017-03-23 | 4.3 | CVE-2016-9169 CONFIRM |
| novell -- leap | saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet. | 2017-03-20 | 5.0 | CVE-2017-6318 MLIST MLIST SUSE BID CONFIRM MLIST |
| opendaylight -- l2switch | hosttracker in OpenDaylight l2switch allows remote attackers to change the host location information by spoofing the MAC address, aka "topology spoofing." | 2017-03-20 | 5.0 | CVE-2015-1610 MISC BID CONFIRM |
| openinfosecfoundation -- suricata | Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching. | 2017-03-18 | 5.0 | CVE-2017-7177 BID CONFIRM CONFIRM |
| openstack -- nova | An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens. | 2017-03-21 | 5.0 | CVE-2017-7214 BID CONFIRM |
| opensuse_project -- leap | Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors. | 2017-03-23 | 5.0 | CVE-2016-10048 SUSE SUSE MLIST BID CONFIRM CONFIRM |
| opensuse_project -- leap | Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file. | 2017-03-23 | 6.8 | CVE-2016-10050 SUSE SUSE MLIST BID CONFIRM CONFIRM |
| opensuse_project -- leap | Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | 2017-03-23 | 6.8 | CVE-2016-10051 SUSE SUSE MLIST BID CONFIRM CONFIRM CONFIRM |
| palo_alto_networks -- terminal_services_agent | Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 before 8.0.1 uses weak permissions for unspecified resources, which allows attackers to obtain sensitive session information via unknown vectors. | 2017-03-20 | 5.0 | CVE-2017-6356 CONFIRM BID |
| pcre -- pcre | libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup. | 2017-03-19 | 5.0 | CVE-2017-7186 BID MISC CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| pluck-cms -- pluck | Pluck CMS 4.7.2 allows remote attackers to obtain sensitive information by (1) changing "PHPSESSIS" to an array; (2) adding non-aplhanumeric chars to "PHPSESSID"; (3) changing the image parameter to array; or (4) changing the image parameter to a string, which reveals the installation path in an error message. | 2017-03-17 | 5.0 | CVE-2014-8706 MISC MISC |
| pluck-cms -- pluck | Cross-site scripting (XSS) vulnerability in TinyMCE in Pluck CMS 4.7.2 allows remote authenticated users to inject arbitrary web script or HTML via the "edit HTML source" option. | 2017-03-17 | 4.0 | CVE-2014-8707 MISC MISC |
| qdpm -- qdpm | Information disclosure issue in qdPM 8.3 allows remote attackers to obtain sensitive information via a direct request to (1) core/config/databases.yml, (2) core/log/qdPM_prod.log, or (3) core/apps/qdPM/config/settings.yml. | 2017-03-17 | 5.0 | CVE-2015-3881 MISC MISC |
| qdpm -- qdpm | qdPM 8.3 allows remote attackers to obtain sensitive information via invalid ID value to index.php/users/info/id/[ID], which reveals the installation path in an error message. | 2017-03-17 | 5.0 | CVE-2015-3882 MISC MISC |
| qdpm -- qdpm | Multiple cross-site scripting (XSS) vulnerabilities in qdPM 8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) search[keywords] parameter to index.php/users page; the (2) "Name of application" on index.php/configuration; (3) a new project name on index.php/projects; (4) the task name on index.php/tasks; (5) ticket name on index.php/tickets; (6) discussion name on index.php/discussions; (7) report name on index.php/projectReports; or (8) event name on index.php/scheduler/personal. | 2017-03-17 | 4.3 | CVE-2015-3883 MISC MISC |
| qemu -- qemu | Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN stripping. | 2017-03-20 | 5.0 | CVE-2017-6058 CONFIRM MLIST BID SECTRACK CONFIRM MLIST |
| sitecore -- experience_platform | Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or Description parameter. This is fixed in 8.2 Update-2. | 2017-03-19 | 4.3 | CVE-2016-8855 MISC EXPLOIT-DB |
| slims -- slims7_cendana | Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana before 2017-03-16. The vulnerabilities exist due to insufficient filtration of user-supplied data (id) passed to the 'slims7_cendana-master/template/default/detail_template.php' and 'slims7_cendana-master/template/default-rtl/detail_template.php' URLs. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-03-21 | 4.3 | CVE-2017-7202 BID CONFIRM |
| solarwinds -- ftp_voyager | Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the scheduler, or (3) possibly execute arbitrary commands via crafted requests to Admin/XML/Result.xml. | 2017-03-20 | 6.8 | CVE-2017-6803 MISC MISC BID EXPLOIT-DB |
| teleogistic -- invite_anyone_plugin | An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. A user is able to change the subject and the body of the invitation mail that should be immutable, which facilitates a social engineering attack. | 2017-03-17 | 5.0 | CVE-2017-6955 BID CONFIRM CONFIRM |
| typo3 -- typo3 | TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields. | 2017-03-17 | 5.0 | CVE-2017-6370 MISC |
| usbpcap_project -- usbpcap | The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference. | 2017-03-20 | 4.6 | CVE-2017-6178 MISC BID EXPLOIT-DB |
| virglrenderer_project -- virglrenderer | Memory leak in the virgl_resource_attach_backing function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands. | 2017-03-20 | 4.9 | CVE-2016-10214 MLIST BID CONFIRM MLIST |
| wondercms -- wondercms | Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5 hashed password. | 2017-03-17 | 5.0 | CVE-2014-8701 MISC MISC |
| wondercms -- wondercms | Wonder CMS 2014 allows remote attackers to obtain sensitive information by logging into the application with an array for the password, which reveals the installation path in an error message. | 2017-03-17 | 5.0 | CVE-2014-8702 MISC MISC |
| wondercms -- wondercms | Cross-site scripting (XSS) vulnerability in Wonder CMS 2014 allows remote attackers to inject arbitrary web script or HTML. | 2017-03-17 | 4.3 | CVE-2014-8703 MISC MISC |
| zoneminder -- zoneminder | A Cross-Site Scripting (XSS) was discovered in ZoneMinder 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-03-21 | 4.3 | CVE-2017-7203 BID CONFIRM |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cisco -- unified_communications_manager | A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. More Information: CSCvb70033. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.507) 11.0(1.23900.5) 11.0(1.23900.3) 10.5(2.15900.2). | 2017-03-17 | 3.5 | CVE-2017-3874 BID CONFIRM |
| ibm -- content_navigator | IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999736. | 2017-03-20 | 3.5 | CVE-2017-1146 CONFIRM BID |
| ibm -- rational_collaborative_lifecycle_management | An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. IBM Reference #: 1999965. | 2017-03-20 | 2.1 | CVE-2016-2981 CONFIRM MISC |
| ibm -- rational_rhapsody_design_manager | IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999960. | 2017-03-20 | 3.5 | CVE-2016-9694 CONFIRM BID |
| ibm -- rational_rhapsody_design_manager | IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM Reference #: 1999960. | 2017-03-20 | 3.5 | CVE-2016-9696 CONFIRM BID |
| ibm -- rational_rhapsody_design_manager | An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack. A JSON Hijacking Attack may expose to an attacker information passed between the server and the browser. IBM Reference #: 1999960. | 2017-03-20 | 2.1 | CVE-2016-9697 CONFIRM BID |
| netiq -- access_manager | External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users. | 2017-03-23 | 2.1 | CVE-2016-5748 CONFIRM |
| netiq -- access_manager | NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack. | 2017-03-23 | 2.1 | CVE-2016-5749 CONFIRM |
| opensuse_project -- leap | The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check. | 2017-03-20 | 3.5 | CVE-2017-5930 SUSE MLIST MLIST BID CONFIRM CONFIRM MLIST |
| qemu -- qemu | The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer. | 2017-03-20 | 2.1 | CVE-2017-5987 CONFIRM MLIST BID CONFIRM MLIST |
| virglrenderer_project -- virglrenderer | The vrend_draw_vbo function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors involving vertext_buffer_index. | 2017-03-20 | 2.1 | CVE-2017-5956 MLIST BID CONFIRM MLIST |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| alcatel-lucent -- motive_home_device_manager | Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager (HDM) before 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceTypeID parameter to DeviceType/getDeviceType.do; the (2) policyActionClass or (3) policyActionName parameter to PolicyAction/findPolicyActions.do; the deviceID parameter to (4) SingleDeviceMgmt/getDevice.do or (5) device/editDevice.do; the operation parameter to (6) ajax.do or (7) xmlHttp.do; or the (8) policyAction, (9) policyClass, or (10) policyName parameter to policy/findPolicies.do. | 2017-03-23 | not yet calculated | CVE-2015-8687 FULLDISC |
| alienvault -- alienvault | Unspecified vulnerability in AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 has unknown impact and attack vectors, aka AlienVault ID ENG-104945. This is different from CVE-2017-6970 and CVE-2017-6971, and less directly relevant. (Additional details are expected to be released in a new public reference.) | 2017-03-22 | not yet calculated | CVE-2017-6972 BID CONFIRM CONFIRM |
| alienvault -- alienvault | AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862. | 2017-03-22 | not yet calculated | CVE-2017-6971 CONFIRM CONFIRM CONFIRM |
| alienvault -- alienvault | AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863. | 2017-03-22 | not yet calculated | CVE-2017-6970 CONFIRM CONFIRM CONFIRM |
| amd -- amd_ryzen_processor | The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service (system hang) via an application that makes a long series of FMA3 instructions, as demonstrated by the Flops test suite. | 2017-03-24 | not yet calculated | CVE-2017-7262 MISC MISC MISC MISC |
| apache -- apache_poi | Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack. | 2017-03-24 | not yet calculated | CVE-2017-5644 CONFIRM |
| apngdis -- apngdis | Buffer overflow in APNGDis 2.8 and below allows a remote attacker to execute arbitrary code via a crafted filename. | 2017-03-23 | not yet calculated | CVE-2017-6191 BID EXPLOIT-DB MISC |
| apparmor -- apparmor | An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intended to be confined by AppArmor. This is due to the common logic to handle 'restart' operations removing AppArmor profiles that aren't found in the typical filesystem locations, such as /etc/apparmor.d/. Userspace projects that manage their own AppArmor profiles in atypical directories, such as what's done by LXD and Docker, are affected by this flaw in the AppArmor init script logic. | 2017-03-24 | not yet calculated | CVE-2017-6507 CONFIRM CONFIRM CONFIRM CONFIRM |
| artifex_software -- mujs | regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation. | 2017-03-24 | not yet calculated | CVE-2016-10132 CONFIRM MLIST MLIST CONFIRM FEDORA |
| artifex_software -- mujs | Heap-based buffer overflow in the js_stackoverflow function in jsrun.c in Artifex Software, Inc. MuJS allows attackers to have unspecified impact by leveraging an error when dropping extra arguments to lightweight functions. | 2017-03-24 | not yet calculated | CVE-2016-10133 CONFIRM MLIST MLIST CONFIRM FEDORA |
| avast -- security_products | Code injection vulnerability in Avast Premier 12.3 (and earlier), Internet Security 12.3 (and earlier), Pro Antivirus 12.3 (and earlier), and Free Antivirus 12.3 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avast process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack. | 2017-03-21 | not yet calculated | CVE-2017-5567 MISC MISC BID |
| avg -- security_products | Code injection vulnerability in AVG Ultimate 17.1 (and earlier), AVG Internet Security 17.1 (and earlier), and AVG AntiVirus FREE 17.1 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any AVG process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack. | 2017-03-21 | not yet calculated | CVE-2017-5566 MISC MISC BID |
| avira -- security_products | Code injection vulnerability in Avira Total Security Suite 15.0 (and earlier), Optimization Suite 15.0 (and earlier), Internet Security Suite 15.0 (and earlier), and Free Security Suite 15.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avira process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack. | 2017-03-21 | not yet calculated | CVE-2017-6417 MISC MISC BID |
| bitdefender -- security_products | Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Bitdefender process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack. | 2017-03-21 | not yet calculated | CVE-2017-6186 MISC MISC BID |
| cisco -- ios_ios_xe_software | A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893. | 2017-03-17 | not yet calculated | CVE-2017-3881 BID CONFIRM |
| cisco -- ios_ios_xe_software | A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software (15.4 through 15.6) and Cisco IOS XE Software (3.7 through 3.18, and 16) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to a device that is running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature. A device must meet two conditions to be affected by this vulnerability: (1) the device must be running a version of Cisco IOS Software or Cisco IOS XE Software that supports ANI (regardless of whether ANI is configured); and (2) the device must have a reachable IPv6 interface. An exploit could allow the attacker to cause the affected device to reload. Cisco Bug IDs: CSCvc42729. | 2017-03-21 | not yet calculated | CVE-2017-3850 BID CONFIRM |
| cisco -- ios_ios_xe_software | A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0 through 15.6) and Cisco IOS XE (3.3 through 3.7) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability occurs during the parsing of a crafted DHCP packet. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that is configured as a DHCP client. A successful exploit could allow the attacker to cause a reload of an affected device, resulting in a DoS condition. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or IOS XE Software and using a specific DHCP client configuration. Cisco Bug IDs: CSCuu43892. | 2017-03-22 | not yet calculated | CVE-2017-3864 BID CONFIRM |
| cisco -- ios_ios_xe_software | A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of L2TP packets. An attacker could exploit this vulnerability by sending a crafted L2TP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or Cisco IOS XE Software if the L2TP feature is enabled for the device and the device is configured as an L2TP Version 2 (L2TPv2) or L2TP Version 3 (L2TPv3) endpoint. By default, the L2TP feature is not enabled. Cisco Bug IDs: CSCuy82078. | 2017-03-22 | not yet calculated | CVE-2017-3857 BID CONFIRM |
| cisco -- ios_ios_xe_software | A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted autonomic network channel discovery packet to a device that has all the following characteristics: (1) running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature; (2) configured as an autonomic registrar; (3) has a whitelist configured. An exploit could allow the attacker to cause the affected device to reload. Note: Autonomic networking should be configured with a whitelist. Do not remove the whitelist as a workaround. Cisco Bug IDs: CSCvc42717. | 2017-03-21 | not yet calculated | CVE-2017-3849 BID CONFIRM |
| cisco -- ios_xe_software | A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a format string vulnerability when processing a crafted DHCP packet for Zero Touch Provisioning. An attacker could exploit this vulnerability by sending a specially crafted DHCP packet to an affected device. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco ASR 920 Series Aggregation Services Routers that are running an affected release of Cisco IOS XE Software (3.13 through 3.18) and are listening on the DHCP server port. By default, the devices do not listen on the DHCP server port. Cisco Bug IDs: CSCuy56385. | 2017-03-22 | not yet calculated | CVE-2017-3859 BID CONFIRM |
| cisco -- ios_xe_software | A vulnerability in the web user interface of Cisco IOS XE 3.1 through 3.17 could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient resource handling by the affected software when the web user interface is under a high load. An attacker could exploit this vulnerability by sending a high number of requests to the web user interface of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. To exploit this vulnerability, the attacker must have access to the management interface of the affected software, which is typically connected to a restricted management network. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the web user interface of the software is enabled. By default, the web user interface is not enabled. Cisco Bug IDs: CSCup70353. | 2017-03-22 | not yet calculated | CVE-2017-3856 BID CONFIRM |
| cisco -- ios_xe_software | A vulnerability in the web framework of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of HTTP parameters supplied by the user. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected web page parameter. The user must be authenticated to access the affected parameter. A successful exploit could allow the attacker to execute commands with root privileges. This vulnerability affects Cisco devices running Cisco IOS XE Software Release 16.2.1, if the HTTP Server feature is enabled for the device. The newly redesigned, web-based administration interface was introduced in the Denali 16.2 Release of Cisco IOS XE Software. The web-based administration interface in earlier releases of Cisco IOS XE Software is not affected by this vulnerability. Cisco Bug IDs: CSCuy83069. | 2017-03-22 | not yet calculated | CVE-2017-3858 BID CONFIRM |
| cisco -- iox_software | A vulnerability in the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance running on the affected device. The vulnerability is due to insufficient input validation of user-supplied application packages. An attacker who can upload a malicious package within Cisco IOx could exploit the vulnerability to modify arbitrary files. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. Cisco IOx Releases 1.0.0.0 and 1.1.0.0 are vulnerable. Cisco Bug IDs: CSCuy52317. | 2017-03-22 | not yet calculated | CVE-2017-3852 BID CONFIRM |
| cisco -- iox_software | A Directory Traversal vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting crafted requests to the CAF web interface. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. Cisco IOx Releases 1.0.0.0 and 1.1.0.0 are vulnerable. Cisco Bug IDs: CSCuy52302. | 2017-03-22 | not yet calculated | CVE-2017-3851 BID CONFIRM |
| cisco -- iox_software | A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual instance running on an affected device. The vulnerability is due to insufficient bounds checking in the DMo process. An attacker could exploit this vulnerability by sending crafted packets that are forwarded to the DMo process for evaluation. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. This vulnerability affects the following Cisco 800 Series Industrial Integrated Services Routers: Cisco IR809 and Cisco IR829. Cisco IOx Releases 1.0.0.0 and 1.1.0.0 are vulnerable. Cisco Bug IDs: CSCuy52330. | 2017-03-22 | not yet calculated | CVE-2017-3853 BID CONFIRM |
| cloudera -- cloudera | Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as demonstrated by yarn.keytab or ssl-server.xml in /var/run/cloudera-scm-agent/process. | 2017-03-23 | not yet calculated | CVE-2015-2263 CONFIRM |
| cloudera -- cloudera | Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command. | 2017-03-23 | not yet calculated | CVE-2014-0229 CONFIRM |
| cloudera -- cloudera | Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attackers to have unspecified impact via vectors related to loss of an encryption key. | 2017-03-23 | not yet calculated | CVE-2015-4166 CONFIRM |
| cloudera -- cloudera | The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs. | 2017-03-23 | not yet calculated | CVE-2013-6446 CONFIRM |
| cloudera -- cloudera | Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). | 2017-03-23 | not yet calculated | CVE-2015-4078 CONFIRM |
| cms_made_simple -- cms_made_simple | XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter. Someone must login to conduct the attack. | 2017-03-24 | not yet calculated | CVE-2017-7255 MISC |
| cms_made_simple -- cms_made_simple | XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter. Someone must login to conduct the attack. | 2017-03-24 | not yet calculated | CVE-2017-7256 MISC |
| cms_made_simple -- cms_made_simple | XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. Someone must login to conduct the attack. | 2017-03-24 | not yet calculated | CVE-2017-7257 MISC |
| debian -- ubuntu | The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to obtain sensitive information or gain root privileges via a symlink attack on the Catalina localhost directory. | 2017-03-23 | not yet calculated | CVE-2016-9774 DEBIAN DEBIAN MLIST MLIST BID UBUNTU UBUNTU CONFIRM |
| debian -- ubuntu | The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to gain root privileges via a setgid program in the Catalina directory, as demonstrated by /etc/tomcat8/Catalina/attack. | 2017-03-23 | not yet calculated | CVE-2016-9775 DEBIAN DEBIAN MLIST MLIST BID UBUNTU UBUNTU CONFIRM |
| disk_sorter -- disk_sorter_enterprise | A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and earlier allows remote attackers to execute arbitrary code via a GET request. | 2017-03-22 | not yet calculated | CVE-2017-7230 EXPLOIT-DB |
| eclipse_iot -- eclipse_iot | Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause a denial of service (DTLS peer crash) by sending a "Change cipher spec" packet without pre-handshake. | 2017-03-24 | not yet calculated | CVE-2017-7243 MISC MISC |
| elfutils -- elfutils | The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure. | 2017-03-23 | not yet calculated | CVE-2016-10255 MLIST MISC CONFIRM MLIST |
| elfutils -- elfutils | The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure. | 2017-03-23 | not yet calculated | CVE-2016-10254 MLIST MISC MLIST |
| emc -- emc_recoverpoint | EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to compromise the affected system. | 2017-03-21 | not yet calculated | CVE-2016-6650 CONFIRM BID |
| eyesofnetwork -- eyesofnetwork | EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3) ownDisown function in module/monitoring_ged/ged_functions.php or the (4) module parameter to module/index.php. | 2017-03-24 | not yet calculated | CVE-2017-6087 MLIST CONFIRM |
| f5 -- big-ip | An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic. This vulnerability affects virtual servers associated with TCP profiles when the BIG-IP system's tm.tcpprogressive db variable value is set to non-default setting "enabled". The default value for the tm.tcpprogressive db variable is "negotiate". An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group. | 2017-03-23 | not yet calculated | CVE-2016-7468 CONFIRM |
| firebird -- firebird | Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so. | 2017-03-24 | not yet calculated | CVE-2017-6369 CONFIRM |
| firejail -- firejail | Firejail before 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the --shell argument. | 2017-03-23 | not yet calculated | CVE-2017-5207 MLIST CONFIRM CONFIRM CONFIRM GENTOO |
| firejail -- firejail | Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument. | 2017-03-23 | not yet calculated | CVE-2017-5206 MLIST MISC CONFIRM CONFIRM GENTOO |
| gazelle -- gazelle | Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. The vulnerabilities exist due to insufficient filtration of user-supplied data (torrents, size) passed to the 'Gazelle-master/sections/tools/managers/multiple_freeleech.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-03-23 | not yet calculated | CVE-2017-7247 CONFIRM CONFIRM |
| gazelle -- gazelle | Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. The vulnerabilities exist due to insufficient filtration of user-supplied data (action, userid) passed to the 'Gazelle-master/sections/tools/data/ocelot_info.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-03-23 | not yet calculated | CVE-2017-7249 CONFIRM CONFIRM |
| gazelle -- gazelle | A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data (type) passed to the 'Gazelle-master/sections/better/transcode.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-03-23 | not yet calculated | CVE-2017-7248 CONFIRM CONFIRM |
| gazelle -- gazelle | A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data (action) passed to the 'Gazelle-master/sections/tools/finances/bitcoin_balance.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-03-23 | not yet calculated | CVE-2017-7250 CONFIRM CONFIRM |
| gentoo -- qemu | Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1. | 2017-03-24 | not yet calculated | CVE-2015-8556 MISC GENTOO EXPLOIT-DB |
| gnutls -- gnutls | Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. | 2017-03-24 | not yet calculated | CVE-2017-5334 SUSE MLIST MLIST BID SECTRACK CONFIRM CONFIRM GENTOO |
| gnutls -- gnutls | Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. | 2017-03-24 | not yet calculated | CVE-2017-5336 SUSE MLIST MLIST BID SECTRACK MISC CONFIRM CONFIRM GENTOO |
| gnutls -- gnutls | Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. | 2017-03-24 | not yet calculated | CVE-2017-5337 SUSE MLIST MLIST BID SECTRACK MISC MISC CONFIRM CONFIRM GENTOO |
| gnutls -- gnutls | The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. | 2017-03-24 | not yet calculated | CVE-2017-5335 SUSE MLIST MLIST BID SECTRACK MISC CONFIRM CONFIRM GENTOO |
| huawei -- ar3200_routers | Huawei AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted packet. | 2017-03-24 | not yet calculated | CVE-2016-6206 CONFIRM BID |
| huawei -- p8_smartphones | The ION driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows remote attackers to cause a denial of service (crash) via a crafted application. | 2017-03-24 | not yet calculated | CVE-2015-8678 CONFIRM |
| imagemagick -- imagemagick | Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | 2017-03-24 | not yet calculated | CVE-2016-10146 MLIST MLIST BID CONFIRM CONFIRM |
| imagemagick -- imagemagick | Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy. | 2017-03-24 | not yet calculated | CVE-2016-10145 MLIST MLIST BID CONFIRM CONFIRM |
| imagemagick -- imagemagick | coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check. | 2017-03-24 | not yet calculated | CVE-2016-10144 MLIST MLIST BID CONFIRM CONFIRM |
| imagemagick -- imagemagick | coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write. | 2017-03-24 | not yet calculated | CVE-2017-5509 MLIST MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick | Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file. | 2017-03-24 | not yet calculated | CVE-2017-5506 MLIST MLIST BID CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick | coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow. | 2017-03-24 | not yet calculated | CVE-2017-5511 MLIST MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick | Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file. | 2017-03-24 | not yet calculated | CVE-2017-5508 MLIST MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick | Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache. | 2017-03-24 | not yet calculated | CVE-2017-5507 MLIST MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick | coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write. | 2017-03-24 | not yet calculated | CVE-2017-5510 MLIST MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM |
| jasper -- jasper | The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | 2017-03-23 | not yet calculated | CVE-2016-9393 MLIST BID MISC CONFIRM CONFIRM |
| jasper -- jasper | The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference). | 2017-03-23 | not yet calculated | CVE-2016-8887 MLIST MLIST BID MISC CONFIRM CONFIRM FEDORA FEDORA |
| jasper -- jasper | The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | 2017-03-23 | not yet calculated | CVE-2016-9394 MLIST BID MISC CONFIRM CONFIRM |
| jasper -- jasper | The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | 2017-03-23 | not yet calculated | CVE-2016-9397 MLIST BID MISC CONFIRM |
| jasper -- jasper | The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | 2017-03-23 | not yet calculated | CVE-2016-9398 SUSE SUSE MLIST BID MISC CONFIRM |
| jasper -- jasper | The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | 2017-03-23 | not yet calculated | CVE-2016-9399 MLIST BID MISC CONFIRM |
| jasper -- jasper | Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file. | 2017-03-23 | not yet calculated | CVE-2016-9557 MLIST BID MISC CONFIRM CONFIRM |
| jasper -- jasper | Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure. | 2017-03-23 | not yet calculated | CVE-2016-9387 MLIST BID MISC CONFIRM CONFIRM |
| jasper -- jasper | The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. | 2017-03-23 | not yet calculated | CVE-2016-9388 MLIST BID MISC CONFIRM CONFIRM |
| jasper -- jasper | The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure. | 2017-03-23 | not yet calculated | CVE-2016-8886 MLIST MLIST BID MISC CONFIRM FEDORA FEDORA |
| jasper -- jasper | The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer. | 2017-03-23 | not yet calculated | CVE-2016-9391 MLIST BID MISC CONFIRM CONFIRM |
| jasper -- jasper | The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. | 2017-03-23 | not yet calculated | CVE-2016-9390 MLIST BID MISC CONFIRM CONFIRM |
| jasper -- jasper | The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure). | 2017-03-23 | not yet calculated | CVE-2016-9389 MLIST BID MISC CONFIRM CONFIRM |
| jasper -- jasper | The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | 2017-03-23 | not yet calculated | CVE-2016-9395 SUSE SUSE MLIST BID MISC CONFIRM CONFIRM |
| jasper -- jasper | The JPC_NOMINALGAIN function in jpc_t1cod.c in JasPer before 1.900.12 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | 2017-03-23 | not yet calculated | CVE-2016-9396 MLIST BID MISC CONFIRM |
| jasper -- jasper | The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | 2017-03-23 | not yet calculated | CVE-2016-9392 MLIST BID MISC CONFIRM CONFIRM |
| jasper -- jasper | Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities. | 2017-03-23 | not yet calculated | CVE-2016-9262 MLIST BID MISC CONFIRM CONFIRM |
| joomla -- kunena_extension | In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum message subject (aka topic subject) accepts JavaScript, leading to XSS. Six files are affected: crypsis/layouts/message/item/default.php, crypsis/layouts/message/item/top/default.php, crypsis/layouts/message/item/bottom/default.php, crypsisb3/layouts/message/item/default.php, crypsisb3/layouts/message/item/top/default.php, and crypsisb3/layouts/message/item/bottom/default.php. This is fixed in 5.0.5. | 2017-03-22 | not yet calculated | CVE-2017-5673 MISC |
| konke -- smart_plug_k | The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23. | 2017-03-23 | not yet calculated | CVE-2014-7279 EXPLOIT-DB |
| libdwarf -- libdwarf | The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read). | 2017-03-23 | not yet calculated | CVE-2016-9276 MLIST BID MISC CONFIRM CONFIRM |
| libdwarf -- libdwarf | Heap-based buffer overflow in the _dwarf_skim_forms function in libdwarf/dwarf_macro5.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read). | 2017-03-23 | not yet calculated | CVE-2016-9275 MLIST BID MISC CONFIRM CONFIRM |
| libgit2 -- libgit2 | The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable. | 2017-03-24 | not yet calculated | CVE-2016-10130 SUSE SUSE SUSE MLIST MLIST CONFIRM CONFIRM CONFIRM |
| libgit2 -- libgit2 | The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line. | 2017-03-24 | not yet calculated | CVE-2016-10129 SUSE SUSE SUSE MLIST MLIST CONFIRM CONFIRM CONFIRM |
| libgit2 -- libgit2 | Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet. | 2017-03-24 | not yet calculated | CVE-2016-10128 SUSE SUSE SUSE MLIST MLIST CONFIRM CONFIRM CONFIRM |
| libming -- libming | Buffer overflow in the printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file. | 2017-03-23 | not yet calculated | CVE-2016-9264 MLIST BID MISC |
| libming -- libming | listmp3.c in libming 0.4.7 allows remote attackers to unspecified impact via a crafted mp3 file, which triggers an invalid left shift. | 2017-03-23 | not yet calculated | CVE-2016-9266 MLIST BID MISC |
| libming -- libming | The printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file. | 2017-03-23 | not yet calculated | CVE-2016-9265 MLIST BID MISC |
| libtiff -- libtiff | tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13. | 2017-03-24 | not yet calculated | CVE-2016-10271 MISC MISC |
| libtiff -- libtiff | LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22. | 2017-03-24 | not yet calculated | CVE-2016-10270 MISC MISC |
| libtiff -- libtiff | LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 512" and libtiff/tif_unix.c:340:2. | 2017-03-24 | not yet calculated | CVE-2016-10269 MISC MISC |
| libtiff -- libtiff | tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23. | 2017-03-24 | not yet calculated | CVE-2016-10268 MISC MISC |
| libtiff -- libtiff | LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9. | 2017-03-24 | not yet calculated | CVE-2016-10272 MISC MISC |
| libtiff -- libtiff | LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22. | 2017-03-24 | not yet calculated | CVE-2016-10266 MISC MISC |
| libtiff -- libtiff | LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. | 2017-03-24 | not yet calculated | CVE-2016-10267 MISC MISC |
| libwmf -- libwmf | The wmf_malloc function in api.c in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (application crash) via a crafted wmf file, which triggers a memory allocation failure. | 2017-03-23 | not yet calculated | CVE-2016-9011 MLIST BID MISC CONFIRM |
| linux -- linux_kernel | The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device. | 2017-03-24 | not yet calculated | CVE-2017-7261 MISC MISC MISC |
| linux -- linux_kernel | The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access. | 2017-03-23 | not yet calculated | CVE-2017-5897 MLIST BID SECTRACK CONFIRM |
| linux -- linux_kernel | The linux-image-* package 4.8.0.41.52 for the Linux kernel on Ubuntu 16.10 allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via unspecified vectors, as demonstrated during a Pwn2Own competition at CanSecWest 2017. | 2017-03-19 | not yet calculated | CVE-2017-7184 MISC BID MISC MISC |
| mediawiki -- mediawiki | Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to a page named "javascript:alert('XSS!')." | 2017-03-23 | not yet calculated | CVE-2015-8622 MLIST MLIST MLIST CONFIRM |
| mediawiki -- mediawiki | The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8623. | 2017-03-23 | not yet calculated | CVE-2015-8624 MLIST MLIST MLIST CONFIRM |
| mediawiki -- mediawiki | MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an IP address that was not supposed to have been allowed. | 2017-03-23 | not yet calculated | CVE-2015-8627 MLIST MLIST MLIST CONFIRM |
| mediawiki -- mediawiki | The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack. | 2017-03-23 | not yet calculated | CVE-2015-8626 MLIST MLIST MLIST CONFIRM |
| mediawiki -- mediawiki | MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in unspecified POST array parameters. | 2017-03-23 | not yet calculated | CVE-2015-8625 MLIST MLIST MLIST CONFIRM |
| mediawiki -- mediawiki | The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624. | 2017-03-23 | not yet calculated | CVE-2015-8623 MLIST MLIST CONFIRM MLIST CONFIRM |
| mediawiki -- mediawiki | The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics. | 2017-03-23 | not yet calculated | CVE-2015-8628 MLIST MLIST MLIST CONFIRM |
| microsoft -- skype | Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.The specific flaw exists within the handling of DLL (api-ms-win-core-winrt-string-l1-1-0.dll) loading by the Skype.exe process. | 2017-03-23 | not yet calculated | CVE-2017-6517 MISC FULLDISC BID CONFIRM MISC MISC |
| miele_professional -- pg_8528_pst10 | An issue was discovered on Miele Professional PG 8528 PST10 devices. The corresponding embedded webserver "PST10 WebServer" typically listens to port 80 and is prone to a directory traversal attack; therefore, an unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks. A Proof of Concept is GET /../../../../../../../../../../../../etc/shadow HTTP/1.1. | 2017-03-24 | not yet calculated | CVE-2017-7240 MISC |
| minissdpd -- minissdpd | The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (invalid free and daemon crash) via vectors related to error handling. | 2017-03-24 | not yet calculated | CVE-2016-3179 MISC MLIST CONFIRM CONFIRM |
| minissdpd -- minissdpd | The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (out-of-bounds memory access and daemon crash) via vectors involving a negative length value. | 2017-03-24 | not yet calculated | CVE-2016-3178 MISC MLIST CONFIRM CONFIRM |
| netiq -- idm_servicenow_driver | An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1 could expose cryptographic attributes to logged-in users. | 2017-03-23 | not yet calculated | CVE-2016-1603 CONFIRM |
| netiq -- novell_edirectory | NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL. | 2017-03-23 | not yet calculated | CVE-2016-9167 CONFIRM |
| netiq -- novell_edirectory | A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies. | 2017-03-23 | not yet calculated | CVE-2016-5747 CONFIRM |
| netiq -- novell_edirectory | A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking. | 2017-03-23 | not yet calculated | CVE-2016-9168 CONFIRM |
| nuxeo -- nuxeo_platform | Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in the X-File-Name header. | 2017-03-24 | not yet calculated | CVE-2017-5869 MLIST |
| openstack -- glance | An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service. | 2017-03-21 | not yet calculated | CVE-2017-7200 BID CONFIRM CONFIRM CONFIRM |
| pacemaker -- pacemaker | Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. | 2017-03-24 | not yet calculated | CVE-2016-7797 CONFIRM SUSE SUSE SUSE REDHAT MLIST BID CONFIRM |
| pcre -- pcre | The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file. | 2017-03-23 | not yet calculated | CVE-2017-7244 MISC |
| pcre -- pcre | Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file. | 2017-03-23 | not yet calculated | CVE-2017-7246 MISC |
| pcre -- pcre | Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file. | 2017-03-23 | not yet calculated | CVE-2017-7245 MISC |
| percona -- percona_xtrabackup | xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394. | 2017-03-23 | not yet calculated | CVE-2016-6225 SUSE SUSE CONFIRM CONFIRM CONFIRM FEDORA FEDORA CONFIRM |
| phpmemcachedadmin -- phpmemcachedadmin | PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in webroot. | 2017-03-23 | not yet calculated | CVE-2014-8731 MISC BUGTRAQ BUGTRAQ BID XF |
| pitivi -- pitivi | The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path. | 2017-03-23 | not yet calculated | CVE-2015-0855 MLIST CONFIRM CONFIRM |
| plone -- plone | Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method. | 2017-03-23 | not yet calculated | CVE-2017-5524 MLIST BID CONFIRM |
| pngdefry -- pngdefry | pngdefry through 2017-03-22 is prone to a heap-based buffer-overflow vulnerability because it fails to properly process a specially crafted png file. This issue affects the 'process()' function of the 'pngdefry.c' source file. | 2017-03-22 | not yet calculated | CVE-2017-7231 BID MISC |
| pysaml2 -- pysaml2 | XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAMPL XML request or response. | 2017-03-24 | not yet calculated | CVE-2016-10149 DEBIAN MLIST CONFIRM CONFIRM MISC CONFIRM |
| qnap -- qnap_qts | QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration file. | 2017-03-23 | not yet calculated | CVE-2017-5227 BID SECTRACK MISC CONFIRM CONFIRM |
| qnap -- qnap_qts | QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors. | 2017-03-23 | not yet calculated | CVE-2017-6359 SECTRACK CONFIRM CONFIRM |
| qnap -- qnap_qts | QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors. | 2017-03-23 | not yet calculated | CVE-2017-6361 SECTRACK CONFIRM |
| qnap -- qnap_qts | QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors. | 2017-03-23 | not yet calculated | CVE-2017-6360 SECTRACK CONFIRM CONFIRM |
| raspberry_pi -- pi_engine | A Cross-Site Scripting (XSS) was discovered in pi-engine/pi 2.5.0. The vulnerability exists due to insufficient filtration of user-supplied data (preview) passed to the "pi-develop/www/script/editor/markitup/preview/markdown.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-03-23 | not yet calculated | CVE-2017-7251 CONFIRM |
| samsung -- multiple_devices | The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka SVE-2016-6362. | 2017-03-23 | not yet calculated | CVE-2017-5538 CONFIRM MLIST MLIST BID |
| samsung -- smart_tvs | The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and Xpress M288OFW printers generate weak WPA2 PSK keys, which makes it easier for remote attackers to obtain sensitive information or bypass authentication via a brute-force attack. | 2017-03-23 | not yet calculated | CVE-2015-5729 MISC MISC FULLDISC BID SECTRACK SECTRACK |
| sap_se -- sap | SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616. | 2017-03-23 | not yet calculated | CVE-2017-6950 BID MISC |
| slims_7 -- slims_7_cendana | Multiple Cross-Site Scripting (XSS) were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkout_item.php, bibliography/dl_print.php, bibliography/item.php, bibliography/item_barcode_generator.php, bibliography/printed_card.php, circulation/loan_rules.php, master_file/author.php, master_file/coll_type.php, and master_file/doc_language.php and the quickReturnID field to circulation/ajax_action.php. | 2017-03-23 | not yet calculated | CVE-2017-7242 MISC |
| solarwinds -- lem | SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh. | 2017-03-24 | not yet calculated | CVE-2017-5198 MISC |
| solarwinds -- lem | The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl. | 2017-03-24 | not yet calculated | CVE-2017-5199 MISC |
| suse -- suse_linux | A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root). | 2017-03-23 | not yet calculated | CVE-2016-1602 CONFIRM |
| tenable -- nessus | Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue. | 2017-03-23 | not yet calculated | CVE-2017-7199 CONFIRM |
| trend_micro -- security_products | Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 11.0 (and earlier), and Antivirus+ Security 11.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Trend Micro process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack. | 2017-03-21 | not yet calculated | CVE-2017-5565 MISC MISC BID |
| uclibc-ng -- uclibc-ng | The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via a crafted packet. | 2017-03-24 | not yet calculated | CVE-2016-2225 CONFIRM MLIST MLIST BID CONFIRM |
| uclibc-ng -- uclibc-ng | The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via vectors involving compressed items in a reply. | 2017-03-24 | not yet calculated | CVE-2016-2224 CONFIRM MLIST MLIST BID CONFIRM |
| usb_pratirodh -- usb_pratirodh | USB Pratirodh is prone to sensitive information disclosure. It stores sensitive information such as username and password in simple usb.xml. An attacker with physical access to the system can modify the file according his own requirements that may aid in further attack. | 2017-03-23 | not yet calculated | CVE-2017-6911 MISC FULLDISC BUGTRAQ BID |
| usb_pratirodh -- usb_pratirodh | USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data in usb.xml. | 2017-03-23 | not yet calculated | CVE-2017-6895 MISC FULLDISC BID MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.