Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-06 | CVE-2016-7447 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors. | 9.8 |
| 2017-02-06 | CVE-2016-7446 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. | 9.8 |
| 2017-02-06 | CVE-2016-5102 | Improper Input Validation vulnerability in Libtiff Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file. | 5.5 |
| 2017-02-06 | CVE-2017-5879 | SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.1 An issue was discovered in Exponent CMS 2.4.1. | 9.8 |
| 2017-02-06 | CVE-2017-5877 | Cross-site Scripting vulnerability in Dotcms 3.7.0 XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /about-us/locations/index direction parameter. | 6.1 |
| 2017-02-06 | CVE-2017-5876 | Cross-site Scripting vulnerability in Dotcms 3.7.0 XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /news-events/events date parameter. | 6.1 |
| 2017-02-06 | CVE-2017-5875 | Cross-site Scripting vulnerability in Dotcms 3.7.0 XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter. | 5.4 |
| 2017-02-06 | CVE-2015-2794 | Permissions, Privileges, and Access Controls vulnerability in Dotnetnuke The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx. | 9.8 |
| 2017-02-06 | CVE-2017-5577 | 7PK - Errors vulnerability in Linux Kernel The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) via inconsistent size values in a VC4_SUBMIT_CL ioctl call. | 5.5 |
| 2017-02-06 | CVE-2017-5576 | Integer Overflow or Wraparound vulnerability in Linux Kernel Integer overflow in the vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted size value in a VC4_SUBMIT_CL ioctl call. | 7.8 |