Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-02 | CVE-2017-6384 | Missing Release of Resource after Effective Lifetime vulnerability in Atheme 7.2.7 Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service. | 7.5 |
| 2017-03-02 | CVE-2017-6062 | Improper Authentication vulnerability in Openidc MOD Auth Openidc The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic. | 8.6 |
| 2017-03-02 | CVE-2015-8994 | Permissions, Privileges, and Access Controls vulnerability in PHP An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. | 7.5 |
| 2017-03-02 | CVE-2017-6415 | NULL Pointer Dereference vulnerability in Radare Radare2 1.2.1 The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DEX file. | 5.5 |
| 2017-03-02 | CVE-2017-6387 | Out-of-bounds Read vulnerability in Radare Radare2 1.2.1 The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file. | 5.5 |
| 2017-03-02 | CVE-2017-6319 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Radare Radare2 1.2.1 The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file. | 7.8 |
| 2017-03-02 | CVE-2016-10228 | Improper Input Validation vulnerability in GNU Glibc The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service. | 5.9 |
| 2017-03-01 | CVE-2016-8233 | Information Exposure Through Log Files vulnerability in Lenovo Xclarity Administrator Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. | 9.8 |
| 2017-03-01 | CVE-2017-3826 | Improper Input Validation vulnerability in Cisco Netflow Generation Appliance Software A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) with software before 1.1(1a) could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial of service (DoS) condition. | 7.5 |
| 2017-03-01 | CVE-2016-9994 | SQL Injection vulnerability in IBM Kenexa Lcms Premier IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. | 7.1 |