Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-07 | CVE-2015-5677 | Information Exposure vulnerability in Freebsd 10.1/10.2/9.3 bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readable permissions on the snmpd.config file, which allows local users to obtain the secret key for USM authentication by reading the file. | 5.5 |
| 2017-02-07 | CVE-2016-10044 | Permissions, Privileges, and Access Controls vulnerability in multiple products The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call. | 7.8 |
| 2017-02-07 | CVE-2014-9914 | Use After Free vulnerability in multiple products Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets. | 7.8 |
| 2017-02-06 | CVE-2017-5677 | Unspecified vulnerability in Pear Html Ajax PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. | 9.8 |
| 2017-02-06 | CVE-2017-5595 | Information Exposure vulnerability in Zoneminder A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the web server user (www-data). | 5.5 |
| 2017-02-06 | CVE-2017-5368 | Cross-Site Request Forgery (CSRF) vulnerability in Zoneminder 1.29.0/1.30.0 ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. | 8.8 |
| 2017-02-06 | CVE-2017-5367 | Cross-site Scripting vulnerability in Zoneminder 1.29.0/1.30.0 Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. | 6.1 |
| 2017-02-06 | CVE-2016-9772 | Information Exposure vulnerability in Openafs OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses. | 5.3 |
| 2017-02-06 | CVE-2016-9532 | Out-of-bounds Read vulnerability in multiple products Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file. | 5.5 |
| 2017-02-06 | CVE-2016-7800 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow. | 7.5 |