Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-03-10 CVE-2017-6314 Infinite Loop vulnerability in multiple products
The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
local
low complexity
gnome fedoraproject debian CWE-835
5.5
2017-03-10 CVE-2017-6313 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.
local
low complexity
gnome fedoraproject debian CWE-191
7.1
2017-03-10 CVE-2017-6312 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.
local
low complexity
gnome fedoraproject debian CWE-190
5.5
2017-03-10 CVE-2017-6311 NULL Pointer Dereference vulnerability in multiple products
gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message.
network
low complexity
gnome fedoraproject CWE-476
7.5
2017-03-10 CVE-2017-5872 Improper Input Validation vulnerability in Unisys Clearpath MCP 57.1/58.1/59.1
The TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 57.1 before 57.152, 58.1 before 58.142, or 59.1 before 59.172, when running a TLS 1.2 service, allows remote attackers to cause a denial of service (network connectivity disruption) via a client hello with a signature_algorithms extension above those defined in RFC 5246, which triggers a full memory dump.
network
low complexity
unisys CWE-20
7.5
2017-03-10 CVE-2015-2330 Improper Certificate Validation vulnerability in Webkitgtk
Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies.
network
low complexity
webkitgtk CWE-295
7.5
2017-03-10 CVE-2017-6465 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ftpshell Client 6.53
Remote Code Execution was discovered in FTPShell Client 6.53.
network
low complexity
ftpshell CWE-119
critical
9.8
2017-03-10 CVE-2017-4960 An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26.
network
low complexity
pivotal-software cloudfoundry
7.5
2017-03-10 CVE-2017-6797 Cross-site Scripting vulnerability in Mantisbt
A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter.
network
low complexity
mantisbt CWE-79
6.1
2017-03-09 CVE-2017-6591 Cross-site Scripting vulnerability in Django-Epiceditor Project Django-Epiceditor 0.2.3
There is a cross-site scripting vulnerability in django-epiceditor 0.2.3 via crafted content in a form field.
network
low complexity
django-epiceditor-project CWE-79
6.1