Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-28 | CVE-2017-5885 | Integer Overflow or Wraparound vulnerability in multiple products Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow. | 9.8 |
| 2017-02-28 | CVE-2017-5884 | Range Error vulnerability in multiple products gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile. | 7.8 |
| 2017-02-28 | CVE-2017-5581 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tigervnc Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries. | 9.8 |
| 2017-02-28 | CVE-2016-9558 | Integer Overflow or Wraparound vulnerability in Libdwarf Project Libdwarf (1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a "negation overflow." | 9.8 |
| 2017-02-28 | CVE-2016-9261 | Cross-site Scripting vulnerability in Tenable LOG Correlation Engine 4.8.0 Cross-site scripting (XSS) vulnerability in Tenable Log Correlation Engine (aka LCE) before 4.8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2017-02-28 | CVE-2016-9259 | Cross-site Scripting vulnerability in Tenable Nessus Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2017-02-28 | CVE-2016-10207 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early. | 7.5 |
| 2017-02-28 | CVE-2016-8715 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Iceni Argus 6.6.05 An exploitable heap corruption vulnerability exists in the loadTrailer functionality of Iceni Argus version 6.6.05. | 7.8 |
| 2017-02-28 | CVE-2016-8389 | Integer Overflow or Wraparound vulnerability in Iceni Argus 6.6.04 An exploitable integer-overflow vulnerability exists within Iceni Argus. | 7.8 |
| 2017-02-28 | CVE-2016-8388 | Out-of-bounds Read vulnerability in Iceni Argus 6.6.04 An exploitable arbitrary heap-overwrite vulnerability exists within Iceni Argus. | 7.8 |