Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-24 | CVE-2017-6300 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in ytnef before 1.9.1. | 7.8 |
| 2017-02-24 | CVE-2017-6299 | Infinite Loop vulnerability in multiple products An issue was discovered in ytnef before 1.9.1. | 5.5 |
| 2017-02-24 | CVE-2017-6298 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in ytnef before 1.9.1. | 7.8 |
| 2017-02-24 | CVE-2017-6197 | NULL Pointer Dereference vulnerability in Radare Radare2 1.2.1 The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function. | 5.5 |
| 2017-02-24 | CVE-2017-6196 | Use After Free vulnerability in Artifex Afpl Ghostscript Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document. | 7.8 |
| 2017-02-24 | CVE-2017-6099 | Cross-site Scripting vulnerability in Paypal Merchant-Sdk-PHP 3.9.1 Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter. | 6.1 |
| 2017-02-24 | CVE-2017-6076 | Information Exposure vulnerability in Wolfssl In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine. | 5.5 |
| 2017-02-24 | CVE-2014-9916 | Cross-site Scripting vulnerability in Bilboplanet 2.0 Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) tribe_name or (2) tags parameter in a tribes page request to user/ or the (3) user_id or (4) fullname parameter to signup.php. | 6.1 |
| 2017-02-23 | CVE-2016-10109 | Use After Free vulnerability in multiple products Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function. | 7.5 |
| 2017-02-23 | CVE-2017-6100 | Exposure of Resource to Wrong Sphere vulnerability in Tcpdf Project Tcpdf tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP. | 7.5 |