Weekly Vulnerabilities Reports > February 27 to March 5, 2017

Overview

222 new vulnerabilities reported during this period, including 10 critical vulnerabilities and 38 high severity vulnerabilities. This weekly summary report vulnerabilities in 158 products from 90 vendors including Debian, Imagemagick, Veritas, Wireshark, and Rapid7. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Read", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", and "Improper Input Validation".

  • 189 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 72 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 200 reported vulnerabilities are exploitable by an anonymous user.
  • Debian has the most reported vulnerabilities, with 17 reported vulnerabilities.
  • VIM has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

10 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-03-03 CVE-2016-7407 Dropbear SSH Project Improper Input Validation vulnerability in Dropbear SSH Project Dropbear SSH

The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file.

10.0
2017-03-03 CVE-2016-7406 Dropbear SSH Project Improper Input Validation vulnerability in Dropbear SSH Project Dropbear SSH

Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.

10.0
2017-02-27 CVE-2017-6342 Dahuasecurity Improper Privilege Management vulnerability in Dahuasecurity Camera Firmware, NVR Firmware and Smartpss Firmware

An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19.

10.0
2017-02-28 CVE-2017-5885 Fedoraproject
Gnome
Integer Overflow or Wraparound vulnerability in multiple products

Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow.

9.8
2017-02-27 CVE-2017-6350 VIM Integer Overflow or Wraparound vulnerability in VIM

An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.

9.8
2017-02-27 CVE-2017-6349 VIM Integer Overflow or Wraparound vulnerability in VIM

An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.

9.8
2017-02-28 CVE-2017-5682 Intel Local Privilege Escalation vulnerability in Multiple Intel Products

Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, and Intel Threading Building Blocks before 2017 Update 2 allows an attacker to launch a process with escalated privileges.

9.3
2017-02-27 CVE-2017-6343 Dahuasecurity Improper Authentication vulnerability in Dahuasecurity Camera Firmware, NVR Firmware and Smartpss Firmware

The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash without knowledge of the corresponding password, a different vulnerability than CVE-2013-6117.

9.3
2017-03-05 CVE-2017-6492 Admidio SQL Injection vulnerability in Admidio 3.2.5

SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5.

9.0
2017-03-03 CVE-2017-2290 Puppet Incorrect Permission Assignment for Critical Resource vulnerability in Puppet Mcollective-Puppet-Agent 1.12.0

On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco puppet" run.

9.0

38 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-03-02 CVE-2017-6413 Openidc Improper Authentication vulnerability in Openidc MOD Auth Openidc

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.

8.6
2017-03-02 CVE-2017-6062 Openidc Improper Authentication vulnerability in Openidc MOD Auth Openidc 1.8.10/1.8.10.1/1.8.10.2

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.

8.6
2017-03-02 CVE-2017-6384 Atheme Missing Release of Resource after Effective Lifetime vulnerability in Atheme 7.2.7

Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service.

7.8
2017-03-01 CVE-2017-6347 Linux Out-of-bounds Read vulnerability in Linux Kernel

The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission.

7.8
2017-02-28 CVE-2017-5884 Fedoraproject
Gnome
Range Error vulnerability in multiple products

gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.

7.8
2017-02-28 CVE-2016-8715 Iceni Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Iceni Argus 6.6.05

An exploitable heap corruption vulnerability exists in the loadTrailer functionality of Iceni Argus version 6.6.05.

7.8
2017-02-28 CVE-2016-8389 Iceni Integer Overflow or Wraparound vulnerability in Iceni Argus 6.6.04

An exploitable integer-overflow vulnerability exists within Iceni Argus.

7.8
2017-02-28 CVE-2016-8388 Iceni Out-of-bounds Read vulnerability in Iceni Argus 6.6.04

An exploitable arbitrary heap-overwrite vulnerability exists within Iceni Argus.

7.8
2017-02-27 CVE-2016-8387 Iceni Out-of-bounds Write vulnerability in Iceni Argus 6.6.04

An exploitable heap-based buffer overflow exists in Iceni Argus.

7.8
2017-02-27 CVE-2016-8386 Iceni Out-of-bounds Write vulnerability in Iceni Argus 6.6.04

An exploitable heap-based buffer overflow exists in Iceni Argus.

7.8
2017-02-27 CVE-2016-8385 Iceni Out-of-bounds Write vulnerability in Iceni Argus 6.6.04

An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus.

7.8
2017-03-05 CVE-2017-6445 Openelec Missing Encryption of Sensitive Data vulnerability in Openelec 6.0.3/7.0.1

The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates.

7.6
2017-03-04 CVE-2017-6474 Wireshark
Debian
Infinite Loop vulnerability in multiple products

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file.

7.5
2017-03-04 CVE-2017-6473 Wireshark
Debian
Improper Input Validation vulnerability in multiple products

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file.

7.5
2017-03-04 CVE-2017-6472 Wireshark
Debian
Infinite Loop vulnerability in multiple products

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file.

7.5
2017-03-04 CVE-2017-6471 Wireshark
Debian
Improper Input Validation vulnerability in multiple products

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file.

7.5
2017-03-04 CVE-2017-6470 Wireshark
Debian
Infinite Loop vulnerability in multiple products

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file.

7.5
2017-03-04 CVE-2017-6469 Wireshark
Debian
Improper Input Validation vulnerability in multiple products

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file.

7.5
2017-03-04 CVE-2017-6468 Wireshark
Debian
Improper Input Validation vulnerability in multiple products

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file.

7.5
2017-03-04 CVE-2017-6467 Wireshark
Debian
Infinite Loop vulnerability in multiple products

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file.

7.5
2017-03-03 CVE-2016-7972 Opensuse
Fedoraproject
Libass Project
Resource Management Errors vulnerability in multiple products

The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.

7.5
2017-03-03 CVE-2016-7970 Fedoraproject
Libass Project
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors.

7.5
2017-03-03 CVE-2016-7969 Opensuse
Fedoraproject
Libass Project
Out-of-bounds Read vulnerability in multiple products

The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."

7.5
2017-03-03 CVE-2017-5830 Revive Adserver Deserialization of Untrusted Data vulnerability in Revive-Adserver Revive Adserver

Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts.

7.5
2017-03-03 CVE-2016-10205 Zoneminder Session Fixation vulnerability in Zoneminder

Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie.

7.5
2017-03-03 CVE-2016-10204 Zoneminder SQL Injection vulnerability in Zoneminder

SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php.

7.5
2017-03-03 CVE-2016-10194 Festivaltts4R Project Command Injection vulnerability in Festivaltts4R Project Festivaltts4R

The festivaltts4r gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the (1) to_speech or (2) to_mp3 method in lib/festivaltts4r/festival4r.rb.

7.5
2017-03-03 CVE-2016-10193 Espeak Ruby Project Improper Access Control vulnerability in Espeak-Ruby Project Espeak-Ruby

The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the speak, save, bytes or bytes_wav method in lib/espeak/speech.rb.

7.5
2017-03-02 CVE-2017-6409 Veritas Missing Authentication for Critical Function vulnerability in Veritas Netbackup and Netbackup Appliance

An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier.

7.5
2017-03-02 CVE-2017-6403 Veritas Use of Hard-coded Credentials vulnerability in Veritas Netbackup and Netbackup Appliance

An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0.

7.5
2017-02-28 CVE-2017-5982 Kodi Path Traversal vulnerability in Kodi 17.1

Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.

7.5
2017-02-28 CVE-2016-9558 Libdwarf Project Integer Overflow or Wraparound vulnerability in Libdwarf Project Libdwarf

(1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a "negation overflow."

7.5
2017-02-27 CVE-2017-5946 Rubyzip Project
Debian
Path Traversal vulnerability in multiple products

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability.

7.5
2017-03-02 CVE-2017-6407 Veritas Unspecified vulnerability in Veritas Netbackup and Netbackup Appliance

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2.

7.2
2017-03-02 CVE-2017-6406 Veritas Directory Traversal vulnerability in Veritas NetBackup Server and Client/NetBackup Appliance

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2.

7.2
2017-03-02 CVE-2017-6400 Veritas Unspecified vulnerability in Veritas Access, Netbackup and Netbackup Appliance

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2.

7.2
2017-03-02 CVE-2017-6399 Veritas Unspecified vulnerability in Veritas Access, Netbackup and Netbackup Appliance

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2.

7.2
2017-03-01 CVE-2017-6346 Linux Use After Free vulnerability in Linux Kernel

Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls.

7.0

164 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-03-01 CVE-2016-10151 Hesiod Project Permissions, Privileges, and Access Controls vulnerability in Hesiod Project Hesiod 3.2.1

The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the (1) HESIOD_CONFIG or (2) HES_DOMAIN environment variable and leveraging certain SUID/SGUID binary.

6.9
2017-03-03 CVE-2016-10065 Imagemagick
Opensuse
Improper Access Control vulnerability in Imagemagick

The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

6.8
2017-03-03 CVE-2015-8814 Umbraco Cross-Site Request Forgery (CSRF) vulnerability in Umbraco 7.3.8

Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demonstrated by editing user account information in the templates.asmx.cs file.

6.8
2017-03-03 CVE-2017-5613 Cpanel Use of Externally-Controlled Format String vulnerability in Cpanel Cgiecho and Cgiemail

Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file.

6.8
2017-03-03 CVE-2016-10206 Zoneminder Cross-Site Request Forgery (CSRF) vulnerability in Zoneminder

Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php.

6.8
2017-03-03 CVE-2016-10127 Pysaml2 Project XXE vulnerability in Pysaml2 Project Pysaml2

PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.

6.8
2017-03-02 CVE-2016-10064 Imagemagick
Opensuse
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

6.8
2017-03-02 CVE-2016-10063 Imagemagick Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick

Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity.

6.8
2017-03-02 CVE-2017-5235 Rapid7 Untrusted Search Path vulnerability in Rapid7 Metasploit 4.13.0

Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.

6.8
2017-03-02 CVE-2017-5234 Rapid7 Untrusted Search Path vulnerability in Rapid7 Insight Collector

Rapid7 Insight Collector installers prior to version 1.0.16 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.

6.8
2017-03-02 CVE-2017-5233 Rapid7 Untrusted Search Path vulnerability in Rapid7 Appspider PRO

Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.

6.8
2017-03-02 CVE-2017-5232 Rapid7 Untrusted Search Path vulnerability in Rapid7 Nexpose

All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.

6.8
2017-03-02 CVE-2015-8994 PHP Permissions, Privileges, and Access Controls vulnerability in PHP

An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled.

6.8
2017-03-02 CVE-2017-6319 Radare Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Radare Radare2 1.2.1

The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.

6.8
2017-03-01 CVE-2017-5886 Podofo Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Podofo Project Podofo 0.9.4

Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

6.8
2017-03-01 CVE-2017-5853 Podofo Project Integer Overflow or Wraparound vulnerability in Podofo Project Podofo 0.9.4

Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

6.8
2017-03-01 CVE-2016-10094 Libtiff Numeric Errors vulnerability in Libtiff 4.0.7

Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image.

6.8
2017-03-01 CVE-2016-10093 Libtiff Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff 4.0.7

Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow.

6.8
2017-03-01 CVE-2016-10092 Libtiff Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff 4.0.7

Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image.

6.8
2017-02-28 CVE-2017-5581 Tigervnc Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tigervnc

Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries.

6.8
2017-02-27 CVE-2017-2682 Siemens Cross-Site Request Forgery (CSRF) vulnerability in Siemens Ruggedcom Network Management Software 2.0.2

The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to trigger a malicious request.

6.8
2017-03-03 CVE-2016-7408 Dropbear SSH Project Improper Access Control vulnerability in Dropbear SSH Project Dropbear SSH

The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument.

6.5
2017-03-02 CVE-2017-5230 Rapid7 Use of Hard-coded Credentials vulnerability in Rapid7 Nexpose

The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user.

6.5
2017-03-01 CVE-2016-9994 IBM SQL Injection vulnerability in IBM Kenexa Lcms Premier

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection.

6.5
2017-03-01 CVE-2016-9993 IBM SQL Injection vulnerability in IBM Kenexa Lcms Premier

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection.

6.5
2017-03-01 CVE-2016-9992 IBM SQL Injection vulnerability in IBM Kenexa Lcms Premier

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection.

6.5
2017-03-01 CVE-2016-5374 Netapp Permissions, Privileges, and Access Controls vulnerability in Netapp Data Ontap 9.0/9.1

NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry.

6.5
2017-02-27 CVE-2016-8105 Intel Denial of Service vulnerability in Intel X710 Series Driver and Xl710 Series Driver

Drivers for the Intel Ethernet Controller X710 and Intel Ethernet Controller XL710 families before version 22.0 are vulnerable to a denial of service in certain layer 2 network configurations.

6.1
2017-03-02 CVE-2016-10228 GNU Improper Input Validation vulnerability in GNU Glibc

The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.

5.9
2017-03-03 CVE-2017-5615 Cpanel Open Redirect vulnerability in Cpanel Cgiecho and Cgiemail

cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location.

5.8
2017-03-03 CVE-2017-5614 Cpanel Open Redirect vulnerability in Cpanel

Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter.

5.8
2017-03-03 CVE-2017-5571 Flexerasoftware Open Redirect vulnerability in Flexerasoftware Flexnet Publisher 11.10/11.13.1.0

Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

5.8
2017-03-01 CVE-2017-2685 Siemens Information Exposure vulnerability in Siemens products

Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack.

5.8
2017-03-03 CVE-2017-5831 Revive Adserver Session Fixation vulnerability in Revive-Adserver Revive Adserver

Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID.

5.5
2017-02-27 CVE-2016-5240 Graphicsmagick Improper Input Validation vulnerability in Graphicsmagick

The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.

5.5
2017-02-27 CVE-2016-10029 Qemu Out-of-bounds Read vulnerability in Qemu

The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a scanout id in a VIRTIO_GPU_CMD_SET_SCANOUT command larger than num_scanouts.

5.5
2017-02-27 CVE-2016-10028 Qemu Out-of-bounds Read vulnerability in Qemu

The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0.

5.5
2017-03-02 CVE-2017-5231 Rapid7 Path Traversal vulnerability in Rapid7 Metasploit 4.13.0/4.13.1/4.13.19

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function.

5.1
2017-03-02 CVE-2017-5229 Rapid7 Path Traversal vulnerability in Rapid7 Metasploit 4.13.0/4.13.1/4.13.19

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function.

5.1
2017-03-02 CVE-2017-5228 Rapid7 Path Traversal vulnerability in Rapid7 Metasploit 4.13.0/4.13.1/4.13.19

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function.

5.1
2017-03-03 CVE-2016-8236 Lenovo Improper Access Control vulnerability in Lenovo Thinkserver Firmware

Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77.

5.0
2017-03-03 CVE-2016-3127 Blackberry Information Exposure vulnerability in Blackberry Good Control Server 2.2.511.26

An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining access to certain diagnostic log files through either a valid logon or an unrelated compromise of the server.

5.0
2017-03-03 CVE-2015-8815 Umbraco Cross-site Scripting vulnerability in Umbraco

Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or (3) the form page.

5.0
2017-03-03 CVE-2017-5836 Libimobiledevice Double Free vulnerability in Libimobiledevice Libplist

The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free.

5.0
2017-03-03 CVE-2017-5835 Libimobiledevice Allocation of Resources Without Limits or Throttling vulnerability in Libimobiledevice Libplist

libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero.

5.0
2017-03-03 CVE-2017-5356 Irssi
Debian
Out-of-bounds Read vulnerability in multiple products

Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (]).

5.0
2017-03-03 CVE-2017-5196 Irssi Out-of-bounds Read vulnerability in Irssi 0.8.18/0.8.19/0.8.20

Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via vectors involving strings that are not UTF8.

5.0
2017-03-03 CVE-2017-5195 Irssi Out-of-bounds Read vulnerability in Irssi

Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ANSI x8 color code.

5.0
2017-03-03 CVE-2017-5194 Irssi
Debian
Use After Free vulnerability in multiple products

Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message.

5.0
2017-03-03 CVE-2017-5193 Irssi
Debian
NULL Pointer Dereference vulnerability in multiple products

The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick.

5.0
2017-03-02 CVE-2017-6104 ZEN Mobile APP Native Project Improper Authentication vulnerability in ZEN Mobile APP Native Project ZEN Mobile APP Native 3.0

Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0.

5.0
2017-03-02 CVE-2016-10067 Imagemagick Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick

magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving "too many exceptions," which trigger a buffer overflow.

5.0
2017-03-02 CVE-2017-6405 Veritas Authentication Bypass by Spoofing vulnerability in Veritas Netbackup and Netbackup Appliance

An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier.

5.0
2017-03-01 CVE-2016-8233 Lenovo Information Exposure Through Log Files vulnerability in Lenovo Xclarity Administrator

Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user.

5.0
2017-03-01 CVE-2017-3826 Cisco Improper Input Validation vulnerability in Cisco Netflow Generation Appliance Software

A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) with software before 1.1(1a) could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial of service (DoS) condition.

5.0
2017-03-01 CVE-2017-5995 Netapp Information Exposure vulnerability in Netapp Ontap Select Deploy Administration Utility

The NetApp ONTAP Select Deploy administration utility 2.0 through 2.2.1 might allow remote attackers to obtain sensitive information via unspecified vectors.

5.0
2017-03-01 CVE-2016-6485 Magento Use of a Broken or Risky Cryptographic Algorithm vulnerability in Magento Magento2

The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value.

5.0
2017-02-28 CVE-2016-10207 Opensuse
Tigervnc
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early.

5.0
2017-02-27 CVE-2017-5927 Allwinner
AMD
Intel
Nvidia
Samsung
Information Exposure vulnerability in multiple products

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors.

5.0
2017-02-27 CVE-2017-5926 Allwinner
AMD
Intel
Nvidia
Samsung
Information Exposure vulnerability in multiple products

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors.

5.0
2017-02-27 CVE-2017-5925 Allwinner
AMD
Intel
Nvidia
Samsung
Information Exposure vulnerability in multiple products

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors.

5.0
2017-03-01 CVE-2017-6353 Linux Double Free vulnerability in Linux Kernel

net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application.

4.9
2017-03-01 CVE-2017-6348 Linux Local Denial of Service vulnerability in Linux Kernel

The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on IrDA devices.

4.9
2017-02-27 CVE-2016-9818 XEN Improper Access Control vulnerability in XEN 4.7.0/4.7.1

Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP.

4.9
2017-02-27 CVE-2016-9817 XEN Improper Access Control vulnerability in XEN 4.7.0/4.7.1

Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set.

4.9
2017-02-27 CVE-2016-9816 XEN Improper Access Control vulnerability in XEN 4.7.0/4.7.1

Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2.

4.9
2017-02-27 CVE-2016-9815 XEN Improper Access Control vulnerability in XEN 4.7.0/4.7.1

Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort.

4.9
2017-03-02 CVE-2017-6401 Veritas Improper Privilege Management vulnerability in Veritas Netbackup and Netbackup Appliance

An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0.

4.6
2017-03-01 CVE-2017-6345 Linux Improper Input Validation vulnerability in Linux Kernel

The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls.

4.6
2017-03-02 CVE-2017-6408 Veritas Race Condition vulnerability in Veritas Netbackup and Netbackup Appliance

An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier.

4.4
2017-03-05 CVE-2017-6446 Dotclear Cross-site Scripting vulnerability in Dotclear 2.11.2

XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters.

4.3
2017-03-05 CVE-2017-6491 Epesi Cross-site Scripting vulnerability in Epesi 1.8.1.1

Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1.

4.3
2017-03-05 CVE-2017-6490 Epesi Cross-site Scripting vulnerability in Epesi 1.8.1.1

Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1.

4.3
2017-03-05 CVE-2017-6489 Epesi Cross-site Scripting vulnerability in Epesi 1.8.1.1

Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1.

4.3
2017-03-05 CVE-2017-6488 Epesi Cross-site Scripting vulnerability in Epesi 1.8.1.1

Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1.

4.3
2017-03-05 CVE-2017-6487 Epesi Cross-site Scripting vulnerability in Epesi 1.8.1.1

Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1.

4.3
2017-03-05 CVE-2017-6486 Reasoncms Cross-site Scripting vulnerability in Reasoncms

A Cross-Site Scripting (XSS) issue was discovered in reasoncms before 4.7.1.

4.3
2017-03-05 CVE-2017-6485 PHP Calendar Cross-site Scripting vulnerability in PHP-Calendar

A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03.

4.3
2017-03-05 CVE-2017-6484 Inter Mediator Cross-site Scripting vulnerability in Inter-Mediator 5.5

Multiple Cross-Site Scripting (XSS) issues were discovered in INTER-Mediator 5.5.

4.3
2017-03-05 CVE-2017-6483 Atutor Cross-site Scripting vulnerability in Atutor

Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2.

4.3
2017-03-05 CVE-2017-6481 Phpipam Cross-site Scripting vulnerability in PHPipam

Multiple Cross-Site Scripting (XSS) issues were discovered in phpipam 1.2.

4.3
2017-03-05 CVE-2017-6480 Groovel Project Cross-site Scripting vulnerability in Groovel Project Cmsgroovel 3.3.6

groovel/cmsgroovel before 3.3.7-beta is vulnerable to a reflected XSS in commons/browser.php (path parameter).

4.3
2017-03-05 CVE-2017-6479 Fenix Hosting Cross-site Scripting vulnerability in Fenix Hosting Fenix-Open-Source

FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a reflected XSS in forums/search.php (search-by-topic parameter).

4.3
2017-03-05 CVE-2017-6478 Mangoswebv4 Project Cross-site Scripting vulnerability in Mangoswebv4 Project Mangoswebv4

paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected XSS in install/index.php (step parameter).

4.3
2017-03-03 CVE-2016-10070 Imagemagick
Opensuse
Out-of-bounds Read vulnerability in multiple products

Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.

4.3
2017-03-03 CVE-2016-10066 Imagemagick Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick

Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a crafted file.

4.3
2017-03-03 CVE-2016-10061 Imagemagick Unchecked Return Value vulnerability in Imagemagick

The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file.

4.3
2017-03-03 CVE-2016-6884 Matrixssl Out-of-bounds Read vulnerability in Matrixssl 3.8.2

TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before 3.8.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted message.

4.3
2017-03-03 CVE-2016-6883 Matrixssl Information Exposure vulnerability in Matrixssl 3.8.2

MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack.

4.3
2017-03-03 CVE-2016-6882 Matrixssl Information Exposure vulnerability in Matrixssl

MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack.

4.3
2017-03-03 CVE-2015-8813 Umbraco Server-Side Request Forgery (SSRF) vulnerability in Umbraco

The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter.

4.3
2017-03-03 CVE-2017-5865 Owncloud Information Exposure vulnerability in Owncloud

The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts.

4.3
2017-03-03 CVE-2017-5834 Libimobiledevice Out-of-bounds Read vulnerability in Libimobiledevice Libplist

The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file.

4.3
2017-03-03 CVE-2017-5833 Revive Adserver Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver

Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

4.3
2017-03-03 CVE-2017-5616 Cpanel Cross-site Scripting vulnerability in Cpanel Cgiecho and Cgiemail

Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter.

4.3
2017-03-03 CVE-2016-10203 Zoneminder Cross-site Scripting vulnerability in Zoneminder

Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor.

4.3
2017-03-03 CVE-2016-10202 Zoneminder Cross-site Scripting vulnerability in Zoneminder

Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php.

4.3
2017-03-03 CVE-2016-10201 Zoneminder Cross-site Scripting vulnerability in Zoneminder

Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php.

4.3
2017-03-02 CVE-2016-9892 Eset Improper Certificate Validation vulnerability in Eset Endpoint Antivirus and Endpoint Security

The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide crafted responses to license activation requests via a self-signed certificate.

4.3
2017-03-02 CVE-2017-6103 Anyvar Project Cross-site Scripting vulnerability in Anyvar Project Anyvar 0.1.1

Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1.

4.3
2017-03-02 CVE-2017-6102 Rockhoist Badges Project Cross-site Scripting vulnerability in Rockhoist Badges Project Rockhoist Badges Plugin 1.2.2

Persistent XSS in wordpress plugin rockhoist-badges v1.2.2.

4.3
2017-03-02 CVE-2016-10071 Imagemagick Out-of-bounds Read vulnerability in Imagemagick

coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.

4.3
2017-03-02 CVE-2016-10069 Imagemagick
Opensuse Project
Improper Input Validation vulnerability in Imagemagick

coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.

4.3
2017-03-02 CVE-2016-10068 Imagemagick
Opensuse
Opensuse Project
Improper Input Validation vulnerability in Imagemagick

The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.

4.3
2017-03-02 CVE-2016-10062 Imagemagick 7PK - Errors vulnerability in Imagemagick

The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

4.3
2017-03-02 CVE-2016-10060 Imagemagick Unchecked Return Value vulnerability in Imagemagick

The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

4.3
2017-03-02 CVE-2017-6410 KDE Cleartext Transmission of Sensitive Information vulnerability in KDE Kdelibs and KIO

kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.

4.3
2017-03-02 CVE-2017-6397 Ysurac Cross-site Scripting vulnerability in Flightairmap 1.0

An issue was discovered in FlightAirMap v1.0-beta.10.

4.3
2017-03-02 CVE-2017-6396 Webpagetest Project Cross-site Scripting vulnerability in Webpagetest Project Webpagetest 3.0

An issue was discovered in WPO-Foundation WebPageTest 3.0.

4.3
2017-03-02 CVE-2017-6395 Hashover Project Cross-site Scripting vulnerability in Hashover Project Hashover 2.0

An issue was discovered in HashOver 2.0.

4.3
2017-03-02 CVE-2017-6394 Openemr Cross-site Scripting vulnerability in Open-Emr Openemr 5.0.1

Multiple Cross-Site Scripting (XSS) issues were discovered in OpenEMR 5.0.0 and 5.0.1-dev.

4.3
2017-03-02 CVE-2017-6393 Nagvis Cross-site Scripting vulnerability in Nagvis 1.9

An issue was discovered in NagVis 1.9b12.

4.3
2017-03-02 CVE-2017-6392 Kaltura Cross-site Scripting vulnerability in Kaltura Server

An issue was discovered in Kaltura server Lynx-12.11.0.

4.3
2017-03-02 CVE-2017-6391 Kaltura Cross-site Scripting vulnerability in Kaltura Server

An issue was discovered in Kaltura server Lynx-12.11.0.

4.3
2017-03-02 CVE-2017-6390 Soruly Cross-site Scripting vulnerability in Soruly Whatanime.Ga

An issue was discovered in whatanime.ga before c334dd8499a681587dd4199e90b0aa0eba814c1d.

4.3
2017-03-02 CVE-2017-6415 Radare NULL Pointer Dereference vulnerability in Radare Radare2 1.2.1

The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DEX file.

4.3
2017-03-02 CVE-2017-6387 Radare Out-of-bounds Read vulnerability in Radare Radare2 1.2.1

The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file.

4.3
2017-03-01 CVE-2016-8232 IBM Cross-site Scripting vulnerability in IBM Advanced Management Module Firmware

Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information.

4.3
2017-03-01 CVE-2016-9830 Graphicsmagick
Debian
Opensuse
Improper Input Validation vulnerability in multiple products

The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.

4.3
2017-03-01 CVE-2017-5981 Zziplib Project Reachable Assertion vulnerability in Zziplib Project Zziplib 0.13.62

seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file.

4.3
2017-03-01 CVE-2017-5980 Zziplib Project NULL Pointer Dereference vulnerability in Zziplib Project Zziplib 0.13.62

The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file.

4.3
2017-03-01 CVE-2017-5979 Zziplib Project NULL Pointer Dereference vulnerability in Zziplib Project Zziplib 0.13.62

The prescan_entry function in fseeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file.

4.3
2017-03-01 CVE-2017-5978 Zziplib Project Out-of-bounds Read vulnerability in Zziplib Project Zziplib 0.13.62

The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file.

4.3
2017-03-01 CVE-2017-5977 Zziplib Project Out-of-bounds Read vulnerability in Zziplib Project Zziplib 0.13.62

The zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted ZIP file.

4.3
2017-03-01 CVE-2017-5976 Zziplib Project
Debian
Out-of-bounds Write vulnerability in multiple products

Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.

4.3
2017-03-01 CVE-2017-5975 Zziplib Project
Debian
Out-of-bounds Write vulnerability in multiple products

Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.

4.3
2017-03-01 CVE-2017-5974 Zziplib Project
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.

4.3
2017-03-01 CVE-2017-5855 Podofo Project NULL Pointer Dereference vulnerability in Podofo Project Podofo 0.9.4

The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

4.3
2017-03-01 CVE-2017-5854 Podofo Project NULL Pointer Dereference vulnerability in Podofo Project Podofo 0.9.4

base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

4.3
2017-03-01 CVE-2017-5852 Podofo Project Infinite Loop vulnerability in Podofo Project Podofo 0.9.4

The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file.

4.3
2017-03-01 CVE-2017-5851 Mp3Splt Project NULL Pointer Dereference vulnerability in Mp3Splt Project Mp3Splt 2.6.2

The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

4.3
2017-03-01 CVE-2017-5666 Mp3Splt Project Use After Free vulnerability in Mp3Splt Project Mp3Splt 2.6.2

The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (invalid free and crash) via a crafted file.

4.3
2017-03-01 CVE-2017-5665 Libmp3Splt Project NULL Pointer Dereference vulnerability in Libmp3Splt Project Libmp3Splt 0.9.2

The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

4.3
2017-03-01 CVE-2017-5504 Jasper Project Out-of-bounds Read vulnerability in Jasper Project Jasper 1.900.17

The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.

4.3
2017-03-01 CVE-2017-5503 Jasper Project Out-of-bounds Write vulnerability in Jasper Project Jasper 1.900.27

The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image.

4.3
2017-03-01 CVE-2017-5502 Jasper Project Denial of Service vulnerability in Jasper Project Jasper 1.900.17

libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

4.3
2017-03-01 CVE-2017-5501 Jasper Project Integer Overflow or Wraparound vulnerability in Jasper Project Jasper 1.900.17

Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.

4.3
2017-03-01 CVE-2017-5500 Jasper Project Denial of Service vulnerability in Jasper Project Jasper 1.900.17

libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

4.3
2017-03-01 CVE-2017-5499 Jasper Project Integer Overflow or Wraparound vulnerability in Jasper Project Jasper 1.900.17

Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.

4.3
2017-03-01 CVE-2017-5498 Jasper Project Denial of Service vulnerability in Jasper Project Jasper 1.900.17

libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

4.3
2017-03-01 CVE-2016-9826 Libav Numeric Errors vulnerability in Libav 11.8

libavcodec/ituh263dec.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

4.3
2017-03-01 CVE-2016-9825 Libav Numeric Errors vulnerability in Libav 11.8

libswscale/utils.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

4.3
2017-03-01 CVE-2016-9824 Libav Integer Overflow or Wraparound vulnerability in Libav 11.8

Integer overflow in libswscale/x86/swscale.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file.

4.3
2017-03-01 CVE-2016-9823 Libav Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libav 11.8

libavcodec/x86/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file.

4.3
2017-03-01 CVE-2016-9822 Libav Integer Overflow or Wraparound vulnerability in Libav 11.8

Integer overflow in libavcodec/mpeg12dec.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file.

4.3
2017-03-01 CVE-2016-9821 Libav Integer Overflow or Wraparound vulnerability in Libav 11.8

Integer overflow in libavcodec/mpegvideo_parser.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file.

4.3
2017-03-01 CVE-2016-9820 Libav Numeric Errors vulnerability in Libav 11.8

libavcodec/mpegvideo_motion.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

4.3
2017-03-01 CVE-2016-9819 Libav Numeric Errors vulnerability in Libav 11.8

libavcodec/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

4.3
2017-03-01 CVE-2016-9559 Imagemagick
Debian
NULL Pointer Dereference vulnerability in multiple products

coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.

4.3
2017-03-01 CVE-2016-8508 Yandex 7PK - Security Features vulnerability in Yandex Browser

Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for prevention Protect warning on own malicious web-site.

4.3
2017-03-01 CVE-2016-8507 Yandex Information Exposure vulnerability in Yandex Browser

Yandex Browser for iOS before 16.10.0.2357 does not properly restrict processing of facetime:// URLs, which allows remote attackers to initiate facetime-call without user's approval and obtain video and audio data from a device via a crafted web site.

4.3
2017-03-01 CVE-2016-10095 Libtiff Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff 4.0.7

Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 and 4.0.8 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file.

4.3
2017-02-27 CVE-2015-8903 Imagemagick Infinite Loop vulnerability in Imagemagick

The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file.

4.3
2017-02-27 CVE-2015-8902 Imagemagick Infinite Loop vulnerability in Imagemagick

The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file.

4.3
2017-02-27 CVE-2015-8901 Imagemagick Infinite Loop vulnerability in Imagemagick

ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file.

4.3
2017-02-27 CVE-2015-8900 Imagemagick Infinite Loop vulnerability in Imagemagick

The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.

4.3
2017-02-27 CVE-2017-2683 Siemens Cross-site Scripting vulnerability in Siemens Ruggedcom Network Management Software 2.0.2

A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining administrative permissions.

4.3
2017-02-27 CVE-2017-6344 Grails XXE vulnerability in Grails PDF Plugin 0.6

XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document.

4.3
2017-02-27 CVE-2017-6341 Dahuasecurity Cleartext Transmission of Sensitive Information vulnerability in Dahuasecurity Camera Firmware, NVR Firmware and Smartpss Firmware

Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application interfaces, which allows remote attackers to obtain sensitive information by sniffing the network, a different vulnerability than CVE-2013-6117.

4.3
2017-02-27 CVE-2017-6297 Mikrotik Missing Encryption of Sensitive Data vulnerability in Mikrotik Routeros 6.37.4/6.83.3

The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret.

4.3
2017-02-27 CVE-2017-5928 W3 Unspecified vulnerability in W3 High Resolution Time API

The W3C High Resolution Time API, as implemented in various web browsers, does not consider that memory-reference times can be measured by a performance.now "Time to Tick" approach even with the https://bugzilla.mozilla.org/show_bug.cgi?id=1167489#c9 protection mechanism in place, which makes it easier for remote attackers to conduct AnC attacks via crafted JavaScript code.

4.3
2017-03-03 CVE-2017-5867 Owncloud Resource Exhaustion vulnerability in Owncloud

ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to cause a denial of service (server hang and logfile flooding) via a one bit BMP file.

4.0
2017-03-03 CVE-2017-5866 Owncloud Information Exposure vulnerability in Owncloud

The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensitive information via unspecified vectors.

4.0
2017-03-02 CVE-2017-6402 Veritas Unspecified vulnerability in Veritas Netbackup and Netbackup Appliance

An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier.

4.0

10 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-03-03 CVE-2017-5832 Revive Adserver Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver

Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address.

3.5
2017-03-01 CVE-2016-5932 IBM Cross-site Scripting vulnerability in IBM Connections

IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting.

3.5
2017-02-28 CVE-2016-9261 Tenable Cross-site Scripting vulnerability in Tenable LOG Correlation Engine 4.8.0

Cross-site scripting (XSS) vulnerability in Tenable Log Correlation Engine (aka LCE) before 4.8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2017-02-28 CVE-2016-9259 Tenable Cross-site Scripting vulnerability in Tenable Nessus

Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2017-03-03 CVE-2015-2877 Linux
Redhat
Information Exposure vulnerability in multiple products

Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack.

3.3
2017-02-27 CVE-2016-7553 Irssi Permission Issues vulnerability in Irssi Buf.Pl 2.13

The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file.

3.3
2017-03-03 CVE-2016-7409 Dropbear SSH Project Information Exposure vulnerability in Dropbear SSH Project Dropbear SSH

The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident.

2.1
2017-03-02 CVE-2017-6404 Veritas Incorrect Default Permissions vulnerability in Veritas Netbackup and Netbackup Appliance

An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7.

2.1
2017-03-01 CVE-2016-2880 IBM Key Management Errors vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user.

2.1
2017-03-01 CVE-2016-2879 IBM Inadequate Encryption Strength vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials.

2.1