Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-17 | CVE-2016-6874 | Unspecified vulnerability in Facebook Hhvm The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion. | 9.8 |
| 2017-02-17 | CVE-2016-6873 | Unspecified vulnerability in Facebook Hhvm Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | 9.8 |
| 2017-02-17 | CVE-2016-6872 | Integer Overflow or Wraparound vulnerability in Facebook Hhvm Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | 9.8 |
| 2017-02-17 | CVE-2016-6871 | Integer Overflow or Wraparound vulnerability in Facebook Hhvm Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow. | 9.8 |
| 2017-02-17 | CVE-2016-6870 | Out-of-bounds Write vulnerability in Facebook Hhvm Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | 9.8 |
| 2017-02-17 | CVE-2016-6252 | Integer Overflow or Wraparound vulnerability in Shadow Project Shadow 4.2.1 Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. | 7.8 |
| 2017-02-17 | CVE-2016-6191 | Cross-site Scripting vulnerability in Alinto Sogo Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Description, (2) Location, (3) URL, or (4) Title field. | 6.1 |
| 2017-02-17 | CVE-2016-6190 | Information Exposure vulnerability in Inverse-Inc Sogo SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users. | 4.3 |
| 2017-02-17 | CVE-2016-6189 | Incomplete Blacklist vulnerability in Alinto Sogo Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds. | 4.3 |
| 2017-02-17 | CVE-2016-5364 | Cross-site Scripting vulnerability in Mantisbt Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter. | 6.1 |