Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-17 | CVE-2017-6014 | Infinite Loop vulnerability in multiple products In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. | 7.5 |
| 2017-02-17 | CVE-2017-5012 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2017-02-17 | CVE-2017-5009 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2017-02-17 | CVE-2017-5357 | Use After Free vulnerability in multiple products regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free. | 7.5 |
| 2017-02-17 | CVE-2016-9831 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libming Heap-based buffer overflow in the parseSWF_RGBA function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file. | 7.8 |
| 2017-02-17 | CVE-2016-9829 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libming Heap-based buffer overflow in the parseSWF_DEFINEFONT function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file. | 7.8 |
| 2017-02-17 | CVE-2016-9637 | Permissions, Privileges, and Access Controls vulnerability in Citrix Xenserver The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access. | 7.5 |
| 2017-02-17 | CVE-2016-5417 | Resource Management Errors vulnerability in GNU Glibc Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures. | 7.5 |
| 2017-02-17 | CVE-2016-4312 | XXE vulnerability in Wso2 Identity Server 5.1.0 XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery (SSRF) attacks, or have unspecified other impact via a crafted XACML request to entitlement/eval-policy-submit.jsp. | 7.5 |
| 2017-02-17 | CVE-2016-4311 | Cross-Site Request Forgery (CSRF) vulnerability in Wso2 Identity Server 5.1.0 Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that process XACML requests via an entitlement/eval-policy-submit.jsp request. | 8.8 |