Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-22 | CVE-2017-3856 | Resource Exhaustion vulnerability in Cisco IOS XE A vulnerability in the web user interface of Cisco IOS XE 3.1 through 3.17 could allow an unauthenticated, remote attacker to cause an affected device to reload. | 7.5 |
| 2017-03-22 | CVE-2017-3853 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOX 1.1.0/1.1(0) A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual instance running on an affected device. | 9.8 |
| 2017-03-22 | CVE-2017-3852 | Improper Input Validation vulnerability in Cisco IOX 1.1.0/1.1(0) A vulnerability in the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance running on the affected device. | 8.1 |
| 2017-03-22 | CVE-2017-3851 | Path Traversal vulnerability in Cisco IOX 1.1.0/1.1(0) A Directory Traversal vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the affected device. | 7.5 |
| 2017-03-22 | CVE-2017-7231 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Pngdefry Project Pngdefry 20170322 pngdefry through 2017-03-22 is prone to a heap-based buffer-overflow vulnerability because it fails to properly process a specially crafted png file. | 7.8 |
| 2017-03-22 | CVE-2017-7230 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Disksorter Disk Sorter 9.5.12 A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and earlier allows remote attackers to execute arbitrary code via a GET request. | 9.8 |
| 2017-03-22 | CVE-2017-5673 | Cross-site Scripting vulnerability in Kunena 5.0.2/5.0.3/5.0.4 In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum message subject (aka topic subject) accepts JavaScript, leading to XSS. | 6.1 |
| 2017-03-22 | CVE-2017-7227 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.28 GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. | 7.5 |
| 2017-03-22 | CVE-2017-7226 | Out-of-bounds Read vulnerability in GNU Binutils 2.28 The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. | 9.1 |
| 2017-03-22 | CVE-2017-7225 | NULL Pointer Dereference vulnerability in GNU Binutils 2.28 The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash. | 7.5 |