Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-20 | CVE-2017-6833 | Divide By Zero vulnerability in Audiofile 0.3.6 The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file. | 5.5 |
| 2017-03-20 | CVE-2017-6832 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file. | 5.5 |
| 2017-03-20 | CVE-2017-6831 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file. | 5.5 |
| 2017-03-20 | CVE-2017-6830 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Audiofile 0.3.6 Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. | 5.5 |
| 2017-03-20 | CVE-2017-6829 | Out-of-bounds Read vulnerability in Audiofile 0.3.6 The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. | 5.5 |
| 2017-03-20 | CVE-2017-6805 | Path Traversal vulnerability in Mobatek Mobaxterm 9.4 Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. | 5.3 |
| 2017-03-20 | CVE-2017-6803 | Cross-Site Request Forgery (CSRF) vulnerability in Solarwinds FTP Voyager 16.2.0 Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the scheduler, or (3) possibly execute arbitrary commands via crafted requests to Admin/XML/Result.xml. | 8.8 |
| 2017-03-20 | CVE-2017-6550 | SQL Injection vulnerability in Kinsey Infor-Lawson Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData. | 9.8 |
| 2017-03-20 | CVE-2017-6356 | Incorrect Permission Assignment for Critical Resource vulnerability in Paloaltonetworks Terminal Services Agent 6.0/7.0/8.0 Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 before 8.0.1 uses weak permissions for unspecified resources, which allows attackers to obtain sensitive session information via unknown vectors. | 5.3 |
| 2017-03-20 | CVE-2017-6318 | Information Exposure vulnerability in multiple products saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet. | 7.5 |