Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-10 | CVE-2017-6314 | Infinite Loop vulnerability in multiple products The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file. | 5.5 |
| 2017-03-10 | CVE-2017-6313 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file. | 7.1 |
| 2017-03-10 | CVE-2017-6312 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations. | 5.5 |
| 2017-03-10 | CVE-2017-6311 | NULL Pointer Dereference vulnerability in multiple products gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message. | 7.5 |
| 2017-03-10 | CVE-2017-5872 | Improper Input Validation vulnerability in Unisys Clearpath MCP 57.1/58.1/59.1 The TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 57.1 before 57.152, 58.1 before 58.142, or 59.1 before 59.172, when running a TLS 1.2 service, allows remote attackers to cause a denial of service (network connectivity disruption) via a client hello with a signature_algorithms extension above those defined in RFC 5246, which triggers a full memory dump. | 7.5 |
| 2017-03-10 | CVE-2015-2330 | Improper Certificate Validation vulnerability in Webkitgtk Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies. | 7.5 |
| 2017-03-10 | CVE-2017-6465 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ftpshell Client 6.53 Remote Code Execution was discovered in FTPShell Client 6.53. | 9.8 |
| 2017-03-10 | CVE-2017-4960 | An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. | 7.5 |
| 2017-03-10 | CVE-2017-6797 | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter. | 6.1 |
| 2017-03-09 | CVE-2017-6591 | Cross-site Scripting vulnerability in Django-Epiceditor Project Django-Epiceditor 0.2.3 There is a cross-site scripting vulnerability in django-epiceditor 0.2.3 via crafted content in a form field. | 6.1 |