Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-03 | CVE-2017-5867 | Resource Exhaustion vulnerability in Owncloud ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to cause a denial of service (server hang and logfile flooding) via a one bit BMP file. | 6.5 |
| 2017-03-03 | CVE-2017-5866 | Information Exposure vulnerability in Owncloud The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensitive information via unspecified vectors. | 4.3 |
| 2017-03-03 | CVE-2017-5865 | Information Exposure vulnerability in Owncloud The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts. | 3.7 |
| 2017-03-03 | CVE-2017-5836 | Double Free vulnerability in Libimobiledevice Libplist The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free. | 7.5 |
| 2017-03-03 | CVE-2017-5835 | Allocation of Resources Without Limits or Throttling vulnerability in Libimobiledevice Libplist libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero. | 7.5 |
| 2017-03-03 | CVE-2017-5834 | Out-of-bounds Read vulnerability in Libimobiledevice Libplist The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file. | 5.5 |
| 2017-03-03 | CVE-2017-5833 | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 6.1 |
| 2017-03-03 | CVE-2017-5832 | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address. | 5.4 |
| 2017-03-03 | CVE-2017-5831 | Session Fixation vulnerability in Revive-Adserver Revive Adserver Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID. | 5.9 |
| 2017-03-03 | CVE-2017-5830 | Deserialization of Untrusted Data vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts. | 9.8 |