Weekly Vulnerabilities Reports > February 20 to 26, 2017

Overview

262 new vulnerabilities reported during this period, including 27 critical vulnerabilities and 35 high severity vulnerabilities. This weekly summary report vulnerabilities in 103 products from 45 vendors including Apple, Cisco, Debian, IBM, and Webkitgtk. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", "Improper Input Validation", "Cross-site Scripting", and "Permissions, Privileges, and Access Controls".

  • 203 reported vulnerabilities are remotely exploitables.
  • 39 reported vulnerabilities have public exploit available.
  • 38 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 237 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 152 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 19 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

27 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-02-22 CVE-2017-6077 Netgear OS Command Injection vulnerability in Netgear Dgn2200 Firmware

ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request.

10.0
2017-02-22 CVE-2016-9684 Dell Command Injection vulnerability in Dell Sonicwall Secure Remote Access Server 8.1.0.214Sv

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface.

10.0
2017-02-22 CVE-2016-9683 Dell Command Injection vulnerability in Dell Sonicwall Secure Remote Access Server 8.1.0.214Sv

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface.

10.0
2017-02-22 CVE-2016-9682 Dell Command Injection vulnerability in Dell Sonicwall Secure Remote Access Server 8.1.0.214Sv

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface.

10.0
2017-02-22 CVE-2016-9400 Teeworlds
Fedoraproject
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling.

9.8
2017-02-21 CVE-2016-9053 Aerospike Improper Validation of Array Index vulnerability in Aerospike Database Server 3.10.0.3

An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3.

9.8
2017-02-21 CVE-2016-9051 Aerospike Out-of-bounds Write vulnerability in Aerospike Database Server 3.10.0.3

An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3.

9.8
2017-02-20 CVE-2017-2370 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

9.3
2017-02-20 CVE-2017-2360 Apple
Webkitgtk
Use After Free vulnerability in multiple products

An issue was discovered in certain Apple products.

9.3
2017-02-20 CVE-2017-2358 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2017-02-20 CVE-2017-2353 Apple Use After Free vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2017-02-20 CVE-2016-7644 Apple Use After Free vulnerability in Apple Iphone OS, mac OS X and Watchos

An issue was discovered in certain Apple products.

9.3
2017-02-20 CVE-2016-7629 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2017-02-20 CVE-2016-7617 Apple Incorrect Type Conversion or Cast vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2017-02-20 CVE-2016-7616 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos

An issue was discovered in certain Apple products.

9.3
2017-02-20 CVE-2016-7613 Apple Permissions, Privileges, and Access Controls vulnerability in Apple products

An issue was discovered in certain Apple products.

9.3
2017-02-20 CVE-2016-7612 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos

An issue was discovered in certain Apple products.

9.3
2017-02-20 CVE-2016-7606 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos

An issue was discovered in certain Apple products.

9.3
2017-02-20 CVE-2016-7602 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2017-02-20 CVE-2016-7596 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2017-02-20 CVE-2016-7591 Apple Use After Free vulnerability in Apple Iphone OS, mac OS X and Watchos

An issue was discovered in certain Apple products.

9.3
2017-02-20 CVE-2016-7582 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2017-02-20 CVE-2016-4780 Apple NULL Pointer Dereference vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2017-02-20 CVE-2016-4675 Apple Permissions, Privileges, and Access Controls vulnerability in Apple products

An issue was discovered in certain Apple products.

9.3
2017-02-20 CVE-2016-4671 Apple Out-of-bounds Write vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2017-02-20 CVE-2016-4662 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2017-02-21 CVE-2016-9269 Trendmicro Permissions, Privileges, and Access Controls vulnerability in Trendmicro Interscan web Security Virtual Appliance

Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update functionality.

9.0

35 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-02-24 CVE-2017-6306 Ytnef Project
Debian
Path Traversal vulnerability in multiple products

An issue was discovered in ytnef before 1.9.1.

7.8
2017-02-24 CVE-2017-6305 Ytnef Project
Debian
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in ytnef before 1.9.1.

7.8
2017-02-24 CVE-2017-6304 Ytnef Project
Debian
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in ytnef before 1.9.1.

7.8
2017-02-24 CVE-2017-6303 Ytnef Project
Debian
Integer Overflow or Wraparound vulnerability in multiple products

An issue was discovered in ytnef before 1.9.1.

7.8
2017-02-24 CVE-2017-6302 Ytnef Project
Debian
Integer Overflow or Wraparound vulnerability in multiple products

An issue was discovered in ytnef before 1.9.1.

7.8
2017-02-24 CVE-2017-6301 Ytnef Project
Debian
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in ytnef before 1.9.1.

7.8
2017-02-24 CVE-2017-6300 Ytnef Project
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

An issue was discovered in ytnef before 1.9.1.

7.8
2017-02-24 CVE-2017-6298 Ytnef Project
Debian
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in ytnef before 1.9.1.

7.8
2017-02-24 CVE-2017-6196 Artifex Use After Free vulnerability in Artifex Afpl Ghostscript

Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document.

7.8
2017-02-22 CVE-2016-8636 Linux Integer Overflow or Wraparound vulnerability in Linux Kernel

Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the "RDMA protocol over infiniband" (aka Soft RoCE) technology.

7.8
2017-02-21 CVE-2016-10227 Zyxel Resource Management Errors vulnerability in Zyxel Nwa3560-N Firmware and Usg50 Firmware

Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial of service (CPU consumption) via a flood of ICMPv4 Port Unreachable packets.

7.8
2017-02-26 CVE-2017-0037 Microsoft Incorrect Type Conversion or Cast vulnerability in Microsoft Edge and Internet Explorer

Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.

7.6
2017-02-24 CVE-2017-2790 Justsystems Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Justsystems Ichitaro

When processing a record type of 0x3c from a Workbook stream from an Excel file (.xls), JustSystems Ichitaro Office trusts that the size is greater than zero, subtracts one from the length, and uses this result as the size for a memcpy.

7.5
2017-02-24 CVE-2017-2789 Justsystems Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Justsystems Ichitaro

When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document.

7.5
2017-02-24 CVE-2016-4041 Plone Permissions, Privileges, and Access Controls vulnerability in Plone

Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors.

7.5
2017-02-23 CVE-2016-10109 Muscle
Canonical
Use After Free vulnerability in multiple products

Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function.

7.5
2017-02-23 CVE-2016-8974 IBM XXE vulnerability in IBM Rational Rhapsody Design Manager

IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.

7.5
2017-02-23 CVE-2017-6205 Dlink Security Bypass vulnerability in Multiple D-Link Products

D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Command Bypass attacks via unspecified vectors.

7.5
2017-02-22 CVE-2017-6187 Disksavvy Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Disksavvy Enterprise 9.4.18

Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers to execute arbitrary code via a long URI in a GET request.

7.5
2017-02-22 CVE-2016-1245 Quagga
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages.

7.5
2017-02-22 CVE-2017-5586 Opentext Improper Input Validation vulnerability in Opentext Documentum D2

OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries.

7.5
2017-02-22 CVE-2016-9956 Debian
Fedoraproject
Flightgear
Improper Access Control vulnerability in multiple products

The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script.

7.5
2017-02-21 CVE-2016-9049 Aerospike NULL Pointer Dereference vulnerability in Aerospike Database Server 3.10.0.3

An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3.

7.5
2017-02-21 CVE-2017-6095 Mail Masta Project SQL Injection vulnerability in Mail-Masta Project Mail-Masta 1.0

A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress.

7.5
2017-02-21 CVE-2017-6070 Cmsmadesimple Information Exposure vulnerability in Cmsmadesimple CMS Made Simple and Form Builder

CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.

7.5
2017-02-21 CVE-2017-5959 Metalgenix Cross-Site Request Forgery (CSRF) vulnerability in Metalgenix Genixcms

CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges.

7.5
2017-02-20 CVE-2016-7663 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos

An issue was discovered in certain Apple products.

7.5
2017-02-20 CVE-2016-7630 Apple 7PK - Security Features vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

7.5
2017-02-22 CVE-2014-4677 Gpgtools Command Injection vulnerability in Gpgtools Libmacgpg 0.6

The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters in the xmlPath argument.

7.2
2017-02-20 CVE-2016-7661 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS and mac OS X

An issue was discovered in certain Apple products.

7.2
2017-02-20 CVE-2016-7660 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS, mac OS X and Watchos

An issue was discovered in certain Apple products.

7.2
2017-02-20 CVE-2016-7637 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos

An issue was discovered in certain Apple products.

7.2
2017-02-20 CVE-2016-7633 Apple Use After Free vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

7.2
2017-02-20 CVE-2016-7621 Apple Use After Free vulnerability in Apple Iphone OS, mac OS X and Watchos

An issue was discovered in certain Apple products.

7.2
2017-02-20 CVE-2016-4669 Apple Improper Input Validation vulnerability in Apple products

An issue was discovered in certain Apple products.

7.2

167 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-02-24 CVE-2017-2791 Justsystems Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Justsystems Ichitaro 2016

JustSystems Ichitaro 2016 Trial contains a vulnerability that exists when trying to open a specially crafted PowerPoint file.

6.8
2017-02-24 CVE-2016-2226 GNU Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Libiberty

Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.

6.8
2017-02-24 CVE-2016-9975 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Dashboard Application Services HUB 3.1.2.1/3.1.3

IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

6.8
2017-02-24 CVE-2017-6310 Tnef Project
Debian
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in tnef before 1.4.13.

6.8
2017-02-24 CVE-2017-6309 Tnef Project
Debian
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in tnef before 1.4.13.

6.8
2017-02-24 CVE-2017-6308 Tnef Project
Debian
Integer Overflow or Wraparound vulnerability in multiple products

An issue was discovered in tnef before 1.4.13.

6.8
2017-02-24 CVE-2017-6307 Tnef Project
Debian
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in tnef before 1.4.13.

6.8
2017-02-22 CVE-2017-2684 Siemens Authentication Bypass vulnerability in Siemens Simatic Logon 1.5

Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication.

6.8
2017-02-21 CVE-2017-6127 Digisol Cross-Site Request Forgery (CSRF) vulnerability in Digisol Dg-Hr1400 Firmware 1.00.02

Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID, (2) change the Wi-Fi password, or (3) possibly have unspecified other impact via crafted requests to form2WlanBasicSetup.cgi.

6.8
2017-02-21 CVE-2017-5881 Gomlab Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gomlab GOM Player 2.3.10.5266

GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file.

6.8
2017-02-20 CVE-2017-2374 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Garageband

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2017-2373 Apple
Webkitgtk
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2017-2372 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Garageband and Logic PRO X

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2017-2369 Apple
Webkitgtk
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2017-2366 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2017-2362 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple TV, Iphone OS and Safari

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2017-2356 Apple
Webkitgtk
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2017-2355 Apple
Webkitgtk
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2017-2354 Apple
Webkitgtk
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7742 Apple Improper Input Validation vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7659 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7658 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7656 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7655 Apple Incorrect Type Conversion or Cast vulnerability in Apple Iphone OS and mac OS X

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7654 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7652 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7649 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7648 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7646 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7645 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7642 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7641 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7640 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7639 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7635 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7632 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7626 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Tvos and Watchos

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7622 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7618 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7611 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7610 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7595 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7594 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7589 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7588 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7587 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7584 Apple 7PK - Security Features vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-7578 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-4764 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-4692 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-4691 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-4688 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X, Tvos and Watchos

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-4683 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-4681 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-4677 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-4673 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-4667 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

6.8
2017-02-20 CVE-2016-4666 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos

An issue was discovered in certain Apple products.

6.8
2017-02-22 CVE-2017-5585 Opentext Injection vulnerability in Opentext Documentum Content Server 7.3

OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request.

6.5
2017-02-22 CVE-2017-3835 Cisco SQL Injection vulnerability in Cisco Identity Services Engine Software 1.4(0.908)

A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection.

6.5
2017-02-21 CVE-2017-6098 Mail Masta Project SQL Injection vulnerability in Mail-Masta Project Mail-Masta 1.0

A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress.

6.5
2017-02-21 CVE-2017-6097 Mail Masta Project SQL Injection vulnerability in Mail-Masta Project Mail-Masta 1.0

A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress.

6.5
2017-02-21 CVE-2017-6096 Mail Masta Project SQL Injection vulnerability in Mail-Masta Project Mail-Masta 1.0

A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress.

6.5
2017-02-24 CVE-2016-8998 IBM Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Tivoli Storage Manager

IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server.

6.0
2017-02-22 CVE-2017-3840 Cisco Open Redirect vulnerability in Cisco Secure Access Control System 5.8(2.5)

A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect Vulnerability.

5.8
2017-02-20 CVE-2016-7643 Apple Out-of-bounds Read vulnerability in Apple Iphone OS, mac OS X and Watchos

An issue was discovered in certain Apple products.

5.8
2017-02-20 CVE-2016-4743 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

5.8
2017-02-20 CVE-2016-4682 Apple Out-of-bounds Read vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

5.8
2017-02-20 CVE-2016-4660 Apple Information Exposure vulnerability in Apple products

An issue was discovered in certain Apple products.

5.8
2017-02-24 CVE-2017-6299 Ytnef Project
Debian
Infinite Loop vulnerability in multiple products

An issue was discovered in ytnef before 1.9.1.

5.5
2017-02-22 CVE-2017-3837 Cisco Improper Input Validation vulnerability in Cisco Meeting Server

An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information.

5.5
2017-02-24 CVE-2016-4042 Plone Information Exposure vulnerability in Plone

Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors.

5.0
2017-02-23 CVE-2017-6100 Tcpdf Project Exposure of Resource to Wrong Sphere vulnerability in Tcpdf Project Tcpdf

tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP.

5.0
2017-02-23 CVE-2017-6214 Linux Infinite Loop vulnerability in Linux Kernel

The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.

5.0
2017-02-23 CVE-2017-6206 Dlink Information Exposure vulnerability in Dlink Websmart Dgs-1510 Series Firmware

D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure attacks via unspecified vectors.

5.0
2017-02-22 CVE-2017-3842 Cisco Information Exposure vulnerability in Cisco Intrusion Prevention System Device Manager 7.2(1)V7

A vulnerability in the web-based management interface of the Cisco Intrusion Prevention System Device Manager (IDM) could allow an unauthenticated, remote attacker to view sensitive information stored in certain HTML comments.

5.0
2017-02-22 CVE-2017-3841 Cisco Information Exposure vulnerability in Cisco Secure Access Control System 5.8(2.5)

A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information.

5.0
2017-02-22 CVE-2017-3830 Cisco Improper Input Validation vulnerability in Cisco Meeting Server 2.1.0

A vulnerability in an internal API of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected appliance.

5.0
2017-02-22 CVE-2017-3827 Cisco Improper Input Validation vulnerability in Cisco products

A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device.

5.0
2017-02-21 CVE-2015-4057 Dell Information Exposure vulnerability in Dell VCE Vision Intelligent Operations 2.5/2.6/2.6.4

The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network.

5.0
2017-02-21 CVE-2017-6072 Cmsmadesimple Information Exposure vulnerability in Cmsmadesimple CMS Made Simple and Form Builder

CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin.

5.0
2017-02-21 CVE-2017-6071 Cmsmadesimple Information Exposure vulnerability in Cmsmadesimple CMS Made Simple and Form Builder

CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml.

5.0
2017-02-20 CVE-2016-7667 Apple Improper Input Validation vulnerability in Apple Iphone OS and mac OS X

An issue was discovered in certain Apple products.

5.0
2017-02-20 CVE-2016-7662 Apple Improper Certificate Validation vulnerability in Apple Iphone OS, mac OS X and Watchos

An issue was discovered in certain Apple products.

5.0
2017-02-20 CVE-2016-4693 Apple Inadequate Encryption Strength vulnerability in Apple Iphone OS, mac OS X and Watchos

An issue was discovered in certain Apple products.

5.0
2017-02-20 CVE-2016-4689 Apple 7PK - Security Features vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

5.0
2017-02-20 CVE-2016-7615 Apple Multiple Security vulnerability in Apple Iphone OS, mac OS X and Watchos

An issue was discovered in certain Apple products.

4.9
2017-02-20 CVE-2016-7609 Apple NULL Pointer Dereference vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

4.9
2017-02-20 CVE-2016-7604 Apple NULL Pointer Dereference vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

4.9
2017-02-20 CVE-2016-7603 Apple NULL Pointer Dereference vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

4.9
2017-02-24 CVE-2017-5669 Linux Improper Input Validation vulnerability in Linux Kernel

The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context.

4.6
2017-02-20 CVE-2016-7651 Apple Improper Authorization vulnerability in Apple Iphone OS and Watchos

An issue was discovered in certain Apple products.

4.6
2017-02-20 CVE-2016-7601 Apple 7PK - Security Features vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

4.6
2017-02-20 CVE-2016-7583 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Icloud 5.2.1/6.0

An issue was discovered in certain Apple products.

4.6
2017-02-20 CVE-2016-4781 Apple 7PK - Security Features vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

4.6
2017-02-20 CVE-2016-4690 Apple Improper Input Validation vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

4.6
2017-02-20 CVE-2016-4678 Apple NULL Pointer Dereference vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

4.6
2017-02-20 CVE-2016-4674 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

4.6
2017-02-20 CVE-2016-4617 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

4.6
2017-02-24 CVE-2016-5027 Libdwarf Project NULL Pointer Dereference vulnerability in Libdwarf Project Libdwarf 20160115

dwarf_form.c in libdwarf 20160115 allows remote attackers to cause a denial of service (crash) via a crafted elf file.

4.3
2017-02-24 CVE-2016-4493 GNU Out-of-bounds Read vulnerability in GNU Libiberty

The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.

4.3
2017-02-24 CVE-2016-4492 GNU Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Libiberty

Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.

4.3
2017-02-24 CVE-2016-4491 GNU Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Libiberty

The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having "itself as ancestor more than once."

4.3
2017-02-24 CVE-2016-4490 GNU Integer Overflow or Wraparound vulnerability in GNU Libiberty

Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.

4.3
2017-02-24 CVE-2016-4489 GNU Integer Overflow or Wraparound vulnerability in GNU Libiberty

Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the "demangling of virtual tables."

4.3
2017-02-24 CVE-2016-4488 GNU Use After Free vulnerability in GNU Libiberty

Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "ktypevec."

4.3
2017-02-24 CVE-2016-4487 GNU Use After Free vulnerability in GNU Libiberty

Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "btypevec."

4.3
2017-02-24 CVE-2017-6197 Radare NULL Pointer Dereference vulnerability in Radare Radare2 1.2.1

The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function.

4.3
2017-02-24 CVE-2017-6099 Paypal Cross-site Scripting vulnerability in Paypal Merchant-Sdk-PHP 3.9.1

Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter.

4.3
2017-02-24 CVE-2014-9916 Bilboplanet Cross-site Scripting vulnerability in Bilboplanet 2.0

Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) tribe_name or (2) tags parameter in a tribes page request to user/ or the (3) user_id or (4) fullname parameter to signup.php.

4.3
2017-02-23 CVE-2016-5883 IBM Cross-site Scripting vulnerability in IBM Inotes

IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting.

4.3
2017-02-22 CVE-2016-3052 IBM Information Exposure vulnerability in IBM Websphere MQ

Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network.

4.3
2017-02-22 CVE-2016-9910 Html5Lib Cross-site Scripting vulnerability in Html5Lib

The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909.

4.3
2017-02-22 CVE-2016-9909 Html5Lib Cross-site Scripting vulnerability in Html5Lib

The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute values.

4.3
2017-02-22 CVE-2017-3845 Cisco Cross-site Scripting vulnerability in Cisco Prime Collaboration Assurance 11.0.0/11.1.0/11.5.0

A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

4.3
2017-02-22 CVE-2017-3838 Cisco Cross-site Scripting vulnerability in Cisco Secure Access Control System 5.8(2.5)

A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interface of the affected system.

4.3
2017-02-22 CVE-2017-3833 Cisco Cross-site Scripting vulnerability in Cisco Unified Communications Manager 12.0(0.99999.2)

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software.

4.3
2017-02-22 CVE-2017-3829 Cisco Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.0(1.10000.10)/11.5(1.10000.6)

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

4.3
2017-02-22 CVE-2017-3828 Cisco Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.0(1.10000.10)/11.5(1.10000.6)

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

4.3
2017-02-22 CVE-2017-3821 Cisco Cross-site Scripting vulnerability in Cisco Unified Communications Manager 10.5(2.14076.1)

A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks.

4.3
2017-02-21 CVE-2017-6078 Faststone Improper Input Validation vulnerability in Faststone Maxview 3.0/3.1

FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with a crafted biSize field in the BITMAPINFOHEADER section.

4.3
2017-02-20 CVE-2017-0038 Microsoft Information Exposure vulnerability in Microsoft products

gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process heap memory via a crafted EMF file, as demonstrated by an EMR_SETDIBITSTODEVICE record with modified Device Independent Bitmap (DIB) dimensions.

4.3
2017-02-20 CVE-2017-2371 Apple Improper Input Validation vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2017-2368 Apple Improper Input Validation vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2017-2365 Apple
Webkitgtk
Information Exposure vulnerability in multiple products

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2017-2364 Apple Information Exposure vulnerability in Apple Iphone OS and Safari

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2017-2363 Apple
Webkitgtk
Information Exposure vulnerability in multiple products

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2017-2361 Apple Cross-site Scripting vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2017-2359 Apple Address Bar Spoofing vulnerability in Apple Safari

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2017-2357 Apple Information Exposure vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2017-2350 Apple
Webkitgtk
Information Exposure vulnerability in multiple products

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2016-7762 Apple Cross-site Scripting vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2016-7666 Apple Information Exposure vulnerability in Apple Transporter 1.9.1

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2016-7665 Apple Improper Input Validation vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2016-7657 Apple Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Watchos

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2016-7636 Apple Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Watchos

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2016-7627 Apple NULL Pointer Dereference vulnerability in Apple Iphone OS, mac OS X and Watchos

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2016-7623 Apple Information Exposure vulnerability in Apple Iphone OS and Safari

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2016-7607 Apple Information Exposure vulnerability in Apple Iphone OS, mac OS X and Watchos

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2016-7605 Apple NULL Pointer Dereference vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2016-7599 Apple Information Exposure vulnerability in Apple products

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2016-7598 Apple Information Exposure vulnerability in Apple products

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2016-7592 Apple Information Exposure vulnerability in Apple products

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2016-7586 Apple Information Exposure vulnerability in Apple products

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2016-7581 Apple Improper Input Validation vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2016-7580 Apple Improper Input Validation vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2016-7579 Apple Information Exposure vulnerability in Apple Iphone OS, mac OS X and Tvos

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2016-7577 Apple Information Exposure vulnerability in Apple Iphone OS and mac OS X

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2016-4721 Apple 7PK - Security Features vulnerability in Apple Iphone OS and mac OS X

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2016-4685 Apple Inadequate Encryption Strength vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2016-4680 Apple Information Exposure vulnerability in Apple Iphone OS, Tvos and Watchos

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2016-4679 Apple Link Following vulnerability in Apple products

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2016-4665 Apple Information Exposure vulnerability in Apple Iphone OS, Tvos and Watchos

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2016-4664 Apple Information Exposure vulnerability in Apple Iphone OS, Tvos and Watchos

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2016-4663 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2016-4661 Apple Improper Input Validation vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

4.3
2017-02-20 CVE-2016-4613 Apple Information Exposure vulnerability in Apple products

An issue was discovered in certain Apple products.

4.3
2017-02-24 CVE-2016-9009 IBM Improper Input Validation vulnerability in IBM Websphere MQ

IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering.

4.0
2017-02-22 CVE-2016-8986 IBM Improper Access Control vulnerability in IBM Websphere MQ

IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests.

4.0
2017-02-22 CVE-2016-8915 IBM Improper Access Control vulnerability in IBM Websphere MQ

IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process.

4.0
2017-02-22 CVE-2016-3013 IBM Data Processing Errors vulnerability in IBM Websphere MQ

IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling.

4.0
2017-02-22 CVE-2017-3844 Cisco Improper Input Validation vulnerability in Cisco Prime Collaboration Assurance 11.0.0/11.1.0/11.5.0

A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files.

4.0
2017-02-22 CVE-2017-3843 Cisco Improper Input Validation vulnerability in Cisco Prime Collaboration Assurance 11.0.0/11.1.0/11.5.0

A vulnerability in the file download functions for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to download system files that should be restricted.

4.0
2017-02-22 CVE-2017-3839 Cisco XXE vulnerability in Cisco Secure Access Control System 5.8(2.5)

An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system.

4.0
2017-02-22 CVE-2017-3836 Cisco Information Exposure vulnerability in Cisco Unified Communications Manager 11.5(1.11007.2)

A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data.

4.0
2017-02-21 CVE-2016-9315 Trendmicro Permissions, Privileges, and Access Controls vulnerability in Trendmicro Interscan web Security Virtual Appliance

Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts.

4.0
2017-02-21 CVE-2016-9314 Trendmicro Information Exposure vulnerability in Trendmicro Interscan web Security Virtual Appliance

Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto their local machine.

4.0

33 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-02-20 CVE-2016-4686 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

3.6
2017-02-24 CVE-2016-4043 Plone Permissions, Privileges, and Access Controls vulnerability in Plone

Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.

3.5
2017-02-23 CVE-2016-6055 IBM Cross-site Scripting vulnerability in IBM products

IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting.

3.5
2017-02-22 CVE-2017-3847 Cisco Cross-site Scripting vulnerability in Cisco Firepower Management Center 6.2.1

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface.

3.5
2017-02-21 CVE-2016-9316 Trendmicro Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance

Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote users with least privileges to inject arbitrary HTML/JavaScript code into web pages.

3.5
2017-02-20 CVE-2016-7650 Apple Cross-site Scripting vulnerability in Apple Iphone OS and Safari

An issue was discovered in certain Apple products.

2.6
2017-02-24 CVE-2017-6076 Wolfssl Information Exposure vulnerability in Wolfssl

In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine.

2.1
2017-02-22 CVE-2016-9384 XEN Information Exposure vulnerability in XEN 4.7.0/4.7.1

Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table.

2.1
2017-02-22 CVE-2016-9378 XEN Improper Access Control vulnerability in XEN

Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery.

2.1
2017-02-22 CVE-2016-9377 XEN Incorrect Calculation vulnerability in XEN

Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation.

2.1
2017-02-21 CVE-2015-4056 Dell Cryptographic Issues vulnerability in Dell VCE Vision Intelligent Operations 2.5/2.6/2.6.4

The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access.

2.1
2017-02-20 CVE-2016-6249 F5 Information Exposure vulnerability in F5 products

F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log.

2.1
2017-02-20 CVE-2017-2352 Apple Security Bypass vulnerability in Apple Iphone OS and Watchos

An issue was discovered in certain Apple products.

2.1
2017-02-20 CVE-2017-2351 Apple Improper Input Validation vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

2.1
2017-02-20 CVE-2016-7765 Apple Information Exposure vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

2.1
2017-02-20 CVE-2016-7761 Apple Information Exposure vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

2.1
2017-02-20 CVE-2016-7759 Apple Information Exposure vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

2.1
2017-02-20 CVE-2016-7714 Apple Information Exposure vulnerability in Apple Iphone OS, mac OS X and Watchos

An issue was discovered in certain Apple products.

2.1
2017-02-20 CVE-2016-7664 Apple Information Exposure vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

2.1
2017-02-20 CVE-2016-7653 Apple Information Exposure vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

2.1
2017-02-20 CVE-2016-7638 Apple 7PK - Security Features vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

2.1
2017-02-20 CVE-2016-7634 Apple Information Exposure vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

2.1
2017-02-20 CVE-2016-7628 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

2.1
2017-02-20 CVE-2016-7625 Apple Information Exposure vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

2.1
2017-02-20 CVE-2016-7624 Apple Information Exposure vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

2.1
2017-02-20 CVE-2016-7620 Apple Information Exposure vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

2.1
2017-02-20 CVE-2016-7619 Apple Link Following vulnerability in Apple Iphone OS, mac OS X and Watchos

An issue was discovered in certain Apple products.

2.1
2017-02-20 CVE-2016-7614 Apple Information Exposure vulnerability in Apple Icloud 5.2.1/6.0/6.0.1

An issue was discovered in certain Apple products.

2.1
2017-02-20 CVE-2016-7608 Apple Information Exposure vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

2.1
2017-02-20 CVE-2016-7600 Apple Information Exposure vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

2.1
2017-02-20 CVE-2016-7597 Apple 7PK - Security Features vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

2.1
2017-02-20 CVE-2016-4670 Apple Credentials Management vulnerability in Apple Iphone OS and mac OS X

An issue was discovered in certain Apple products.

2.1
2017-02-22 CVE-2017-6188 Munin Monitoring
Debian
Improper Input Validation vulnerability in multiple products

Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled.

1.9