Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-24 | CVE-2016-4488 | Use After Free vulnerability in GNU Libiberty Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "ktypevec." | 5.5 |
| 2017-02-24 | CVE-2016-4487 | Use After Free vulnerability in GNU Libiberty Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "btypevec." | 5.5 |
| 2017-02-24 | CVE-2016-4043 | Permissions, Privileges, and Access Controls vulnerability in Plone Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates. | 4.9 |
| 2017-02-24 | CVE-2016-4042 | Information Exposure vulnerability in Plone Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors. | 5.3 |
| 2017-02-24 | CVE-2016-4041 | Permissions, Privileges, and Access Controls vulnerability in Plone Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors. | 7.3 |
| 2017-02-24 | CVE-2016-2226 | Integer Overflow or Wraparound vulnerability in GNU Libiberty Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow. | 7.8 |
| 2017-02-24 | CVE-2016-9975 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Dashboard Application Services HUB 3.1.2.1/3.1.3 IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-02-24 | CVE-2016-9009 | Improper Input Validation vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. | 3.1 |
| 2017-02-24 | CVE-2016-8998 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Tivoli Storage Manager IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. | 7.2 |
| 2017-02-24 | CVE-2017-5669 | The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context. | 7.8 |